Two zero-day vulnerabilities per week from Microsoft, update for popular tools, stories about ransomware and blue team like red to fight with evil.
- Vulnerabilities: Microsoft patched zero-day which detected in the wil!
- Tools: Upd for one of the most famous red team tools
- News: Have you ever hear about vulnerability in malware?
- Research: Elastic team reseased some cool staff and about Exchage.
Feedback -> here
IBM Db2 is a family of hybrid data management systems that use artificial intelligence to manage data. The vulnerability is that the developers did not implement protections for the shared memory used by the Db2 trace function. As a result, a local user can gain read/write rights to the memory area, which will allow access to sensitive information, and can cause a denial of service to the database.
The vulnerability is present in Jetty versions 9.4.27.v20200227 through 9.4.29.v20200521. An unauthorized attacker could exploit this vulnerability to obtain HTTP response headers, which could contain sensitive data intended for another user.
On Monday August 17th, the Jenkins team released patched versions of Jenkins 2.243 and Jenkins LTS 2.235.5. All users are advised to update the software.
Microsoft released an unscheduled update KB4578013. The problems are related to incorrect processing of WRA objects in memory and operations with files. Vulnerabilities affect Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 versions. Through vulnerabilities, an attacker can elevate system privileges using a malicious application.
Windows 8.1 or Server 2012 R2 users are advised to install the update as soon as possible, patches for CVE-2020-1530 and CVE-2020-1537 for other versions of Windows were already included in the Service Pack released on August 11.
Rocket.Chat is an open-source platfrom for messaging application like Slack. The described vulnerability can be exploited in the following versions of the application – <= 3.4.2.
A python based tool for exploiting and managing Android devices via ADB.
Empire 3.3.4 is out and includes some minor bug fixes to the http_foreign listener and preobfuscate functionality.
Responder 184.108.40.206 is out! Several fixes, and enhancements.
It is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments.
The North Carolina prosecutor’s office indicted Joe Sullivan, a former Uber CSO from 2015-2017. He is charged with concealing a break-in at the company in 2016.
Two hackers – American Brandon Glover and Canadian Vasile Mereacra, who were convicted last year – are guilty of breaking into the company. In the fall of 2016, they compromised several accounts of Uber employees at GitHub, resulting in obtaining credentials from AWS (Amazon Web Service) internal infrastructure of the company.
Now Sullivan is accused of indirect assistance to hackers, because after breaking into Uber, they have committed other hacking, which could prevented if the CSO company reported it to the police or the FBI. He faces up to 8 years in prison.
Representatives of the University of Utah reported that the institution was recently forced to pay $457,059 to hackers to prevent data about students from being leaked.
The official statement says that in July 2020 the university managed to avoid a serious encryption attack, during which unnamed hackers were able to encrypt only 0.02% of the data stored on the university servers. Blackmail forced the University of Utah to make concessions and pay extortionists. Fortunately, a part of the requested amount was covered by a special cyber insurance policy, and the University provided only the rest of the funds.
James Quinn of Binary Defense discovered a vulnerability in Emotet’s code. It turned out that for its update, Emotet creates a special Windows registry key and stores an XOR key in it, which is used not only for stability, but also at the very beginning of infection. Quinn managed to write a PowerShell script called EmoCrash that used registry keys to cause Emotet to crash.
As a result, when an uninfected computer processed by EmoCrash was attacked, this registry key provoked a buffer overflow in the malware code, which ultimately caused Emotet to crash and prevented infection altogether.
The researchers teamed up with Team CYMRU, which has many years of experience in botnet destruction and has long been watching Emotet. Researchers have teamed up with Team CYMRU, a company that has decades of experience in killing botnets and has long watched Emotet. Thus, over the past six months, the EmoCrash script has managed to spread widely among companies around the world.
Introduction to Windows tokens for security practitioners: https://www.elastic.co/blog/introduction-to-windows-tokens-for-security-practitioners
MDATP adds EDR ‘block mode’: Stopping attacks by terminating related running processes linked to malicious behaviour:
Added Relaying to RPC – PR implements Relaying to RPC attack which currently allows RCE in any MS Exchange via Exchange Trusted Subsystem group (Exchange servers have Administrator rights to each other via this or similar group): https://github.com/SecureAuthCorp/impacket/pull/857
Attacking MS Exchange Web Interfaces: https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces
Feedback -> here