I know what you leased last summer: Asset database leak hits Capita, Rolls-Royce, Tesco (every little helps, eh?)

2020-05-18 07:58

Last week we had the story of miscreants stealing a massive trove of data from the computers of an American law firm representing a galaxy of showbiz stars.

Red teams rejoice! Microsoft has released an offensive security tool called Stormspotter that identifies potential weaknesses in an organization's Azure deployments - which a miscreant could exploit to gain access to data or drill further into a network.

Experts Yarden Shafir and Alex Ionescu showed how a rogue user or malware on a computer could use a specially crafted printer driver to take advantage of weak security controls in Print Spooler and elevate their privileges to take over the system - all using a basic user account with no need for administrative access, thanks to some holes in how printer drivers are handled.

The plugin fails to do security checks on user input.

The US Government Accountability Office has issued its report [PDF] on network security at the nation's dangerous chemical manufacturing facilities and it is a little grim.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/18/security_roundup/

#database #leak #tesco