Pasquale `sid` Fiorillo and Guido `go` Oricchio have released a critical security advisory for any QNAP NAS running any version of QTS prior to 4.2.4 Build 20170313.
The issue involves all the QNAP NAS that are members of a Microsoft Active Directory and can be used by any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator.
Aws-key-auditor is a simple bash script to test AWS credentials against some safe (read-only) awscli commands.
It could be useful during a penetration test to automate checks to understand what resources can be accessed with compromised key.
Download from GitHub
Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have released a critical security advisory for any version of Veeam Backup & Replication prior to 8 Update 3.
The issue potentially involves 157,000 customers and 9.1 million Virtual Machines worldwide and could lead to full Domain Administrator compromise of the affected infrastructures.
Veeam Software provides backup, disaster recovery and virtualization management software for the VMware and Hyper-V environments.