Daily Archives: 2020-09-14

Article note: Ohh. _This_ is why Microsoft was so pushy about that most recent round of patches.

Enlarge (credit: VGrigas (WMF))

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device.

An “insane” bug with “huge impact”

Such post-compromise exploits have become increasingly valuable to attackers pushing ransomware or espionage spyware. Tricking employees to click on malicious links and attachments in email is relatively easy. Using those compromised computers to pivot to more valuable resources can be much harder.

Article note: We really need a regulatory infrastructure that makes it prohibitively expensive to collect and silo data unless there is an extremely compelling reason. Also, there is _no reason_ for a hardware configuration utility to connect to the Internet.

Enlarge / This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop. (credit: Volodymyr Dianchenko)

In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers' PII (Personal Identifiable Information).

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you'd expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

I must say I really enjoyed my conversations with different reps of @Razer support team via email for the last couple of week, but it did not bring us closer to securing the data breach in their systems. pic.twitter.com/Z6YZ5wvejl

— Bob Diachenko (@MayhemDayOne) September 1, 2020

Diachenko reported the misconfigured cluster—which contained roughly 100,000 users' data—to Razer immediately, but the report bounced from support rep to support rep for over three weeks before being fixed.