Tag: archive

security

Active Directory Schwach­stellen­analyse mit Nessus und OpenVAS

Domänen­controller bündeln Authentifizierung, Verzeichnisdienste und Vertrauensbeziehungen und sind damit bevorzugte Angriffsziele. Schwach­stellen­scanner wie Nessus und OpenVAS liefern mit Credentialed Scans belastbare Einblicke in Konfiguration, Patchstand und kryptografische Parameter. Eine automatisierte Report-Pipeline über ELK, Zabbix und StackStorm ermöglicht kontinuierliche Sicherheitsbewertung.

Mehr lesen →
security

SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc Adobe Patches Adobe released patches for 13 different products. https://helpx.adobe.com/security/Home.html

Mehr lesen →
security

SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates

Stealing Machinekeys for fun and profit (or riding the SharePoint wave) Bojan explains in detail how .NET uses Machine Keys to protect the VIEWSTATE, and how to abuse the VIEWSTATE for code execution if the Machine Keys are lost. https://isc.sans.edu/diary/Stealing%20Machine%20Keys%20for%20fun%20and%20profit%20%28or%20riding%20the%20SharePoint%20wave%29/32174 Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives Perplexity will change its […]

Mehr lesen →