Thursday, January 28, 2021
Primarius Group
No Result
View All Result
PG-Intel
Advertisement
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
PG-Intel
No Result
View All Result

How to secure vulnerable printers on a Windows network

5 months ago
in Information Security/Cyber security
0
How to secure vulnerable printers on a Windows network
Share on FacebookShare on TwitterShare on LinkedIn


On the latest Black Hat convention, Peleg Hadar and Tumar Bar of SafeBreach Labs identified that the way in which to a community’s coronary heart is commonly by its printers. In 2010, one of many vulnerabilities Stuxnet used was a distant code execution on a pc with printer sharing enabled. To achieve Iran’s centrifuges, Stuxnet exploited a vulnerability within the Home windows Print Spooler service to realize code execution as NT AUTHORITYSYSTEM.

The tactic Stuxnet used to propagate throughout the community continues to be potential. Actually, Hadar and Bar introduced that the safety updates that Microsoft launched in August features a repair for a printer vulnerability that they found. A proof of idea of their findings has been posted to GitHub together with the instruments they used.

In Might, Yarden Shafir and Alex Ionescu launched a whitepaper known as PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth that showcased the attention-grabbing methods Print Spooler can be utilized to raise privileges, bypass endpoint detection and response (EDR) guidelines, and acquire persistence. Attackers typically search for new and strange methods to assault techniques. The Spooler service, applied in Spoolsv.exe, is interesting to them becaust it runs with SYSTEM privileges and is community accessible. Shafir and Ionescu level out that attackers search for the next assault vectors:

  • Printing to a file in a privileged location, hoping Spooler will do this
  • Loading a “printer driver” that’s truly malicious
  • Dropping recordsdata remotely utilizing Spooler RPC APIs
  • Injecting malicious “printer drivers” from distant techniques
  • Abusing file parsing bugs in EMF/XPS spooler recordsdata to realize code execution

Beginning in Vista, Home windows doesn’t require admin rights to put in printer drivers if the driving force is a pre-existing inbox driver. Completely no privileges are wanted to put in a printer driver.

ShareTweetShare

Related Posts

#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020
Information Security/Cyber security

#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020

January 28, 2021
5 questions CISOs should ask prospective corporate lawyers
Information Security/Cyber security

Security and privacy laws, regulations, and compliance: The complete guide

January 28, 2021
The 3 Most Common Types of BEC Attacks (And What …
Information Security/Cyber security

LogoKit Group Aims for Simple Yet Effective Phishing

January 27, 2021
Arrest, Seizures Tied to Netwalker Ransomware — Krebs on Security
Information Security/Cyber security

Arrest, Seizures Tied to Netwalker Ransomware — Krebs on Security

January 27, 2021
The 3 Most Common Types of BEC Attacks (And What …
Information Security/Cyber security

Critical Vulnerability Patched in ‘sudo’ Utility …

January 27, 2021
Law enforcement takes over Emotet, one of the biggest botnets
Information Security/Cyber security

Law enforcement takes over Emotet, one of the biggest botnets

January 27, 2021
Next Post
Refugees at risk of hunger and malnutrition, as relief hit in Eastern Africa |

Refugees at risk of hunger and malnutrition, as relief hit in Eastern Africa |

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Updates

Dead System Admin’s Credentials Used for Ransomware Attack

Dead System Admin’s Credentials Used for Ransomware Attack

18 mins ago
Dallmeier introduces new generation of Picoline fixed dome and varifocal cameras

Dallmeier introduces new generation of Picoline fixed dome and varifocal cameras

25 mins ago
Twitter Suspends 550 Accounts, Flags Tweets Over Republic Day Violence In Delhi

Twitter Suspends 550 Accounts, Flags Tweets Over Republic Day Violence In Delhi

38 mins ago
#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020

#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020

43 mins ago
Adoption of Open Standards Critical to the Future of the Connected Home, According to New Survey

Adoption of Open Standards Critical to the Future of the Connected Home, According to New Survey

44 mins ago
5 questions CISOs should ask prospective corporate lawyers

Security and privacy laws, regulations, and compliance: The complete guide

59 mins ago
Rolls-Royce to offer its MT30 gas turbine to Indian Navy’s Warships at AI2021 – Indian Defence Research Wing

Rolls-Royce to offer its MT30 gas turbine to Indian Navy’s Warships at AI2021 – Indian Defence Research Wing

1 hour ago
Latest Chinook helo variant has excessive rotor blade vibrations heading into major test

Latest Chinook helo variant has excessive rotor blade vibrations heading into major test

2 hours ago
Load More
PG-Intel

© 2020 All Rights Reserved .

Brought to you by Primarius Group

  • Disclaimer
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management

© 2020 All Rights Reserved .