Securely Access Your Desktop By NOT VPN’ing.

I have been thinking lately on how I can access my home desktop (don’t ask me why I wan’t to do this) or my router/firewall config (which is not directly accessible to internet.

On this article, let’s explore some ideas on how we can accomplish this without running a VPN server or subscribing to any third-party remote access services.

… stay tuned

 

ISC StormCast for Friday, January 21st, 2022

By Dr. Johannes B. Ullrich RedLine Stealer Delivered Through FTP
https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
More Here      

ISC StormCast for Thursday, January 20th, 2022

By Dr. Johannes B. Ullrich 0.0.0.0 in Emotet Spambot Traffic
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
More Here      

ISC StormCast for Wednesday, January 19th, 2022

By Dr. Johannes B. Ullrich Phishing E-Mail With an Advertisement
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
More Here      

ISC StormCast for Tuesday, January 18th, 2022

By Dr. Johannes B. Ullrich Log4Shell Attacks Getting Smarter
https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
More Here      

ISC StormCast for Monday, January 17th, 2022

By Dr. Johannes B. Ullrich Use of Alternate Data Streams in Research Scans
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
More Here