[L1S] Level1Security thread

You could use @Eden 's format of his LinuxNews threads that he used to do. Those worked well.

1 Like

I've been thinking of a way to make them contrubtable as I've not kept up with it as fast as i like. It would work for others.

It just gave me an idea as well. A news Room group with private sub forum for making news threads? Depends on numbers other option is a PM thread for each news topic for the week.

Thanks I'll have a look for those

EDIT: That could work yes. Then I'd have to split them into sort of biweekly chunks of articles.
Linked here as reference:

I'm with you, I'm a blue team member myself working is security for the financial secto. I'm more on the management side than anything though so, even though I do as much research as possible, I'm usually defending against known threats and putting in temporary fixed for zero days if possible.

I say all of that just to show you were on the same page here and I'm not just trying to dismiss your idea, it just needs to be done in a manner that makes it useful. I'll 100% be contributing to it if successful. I've been thinking about making videos on active directory hardening, golden ticket mitigation, proper security setups, etc. This would be a good place for me to start.

1 Like

I'm Red Team for the most part. Very very Red Team :imp:

:grin: But honestly for the most part I'm more acting as a Blue team assistant to test fixes etc.

That would only make the content better.

Yeah I'm just not sure what the community guidelines are on that sort of thing.
I also don't exactly want to turn L1T forums into HackForums :laughing:

It's fine, i usually suggest people position it to show how its used in a good way, e.g for testing in companies etc.

1 Like

Governments were also using MS Word 0-Day Exploit

Summary:

It turns out that the previously undisclosed vulnerability in Word (CVE-2017-0199) used for Dridex was also actively being exploited by government-sponsored hackers to spy on Russian targets since at least this January.
The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post, revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft.

FinSpy or FinFisher is associated with the controversial UK-based firm "Gamma Group", which sells so-called "lawful intercept" spyware to governments around the world.

Extra References

  1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
  2. https://www.theregister.co.uk/2017/04/11/patch_tuesday_mess

Affects

  • Office/Word Pad
  • Internet Explorer
    (All being actively targetted in the wild)

Fix

These fixes can now be installed automatically via Windows Update. Reboot and you're done. But there are caveats. For example, the patch bundles KB4015549, KB4015546, KB4015550, KB4015547 that install the security fixes on Windows 7 and 8 have an unfortunate side-effect on computers using AMD Carrizo-based processors – they'll be blocked from receiving further software updates until Microsoft sorts that out. (probably never)

"If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release," was Microsofts official statement.