Everybody knows: windows source code leak, zerologon updates and other fresh vulnerabilities

Checkpoint published tech review about Instagram vulnerability, remember Saltstack? Quiet digest, no ransomware or attack reports.

  • Vulnerabilities: Important, non-standard and interesting ones;
  • Tools: Mostly cool attacking tools;
  • News: Additional news about Instagram and CISA;
  • Research: Less than usual, there is something to read.

Feedback -> here


Vulnerabilities

Cisco Systems released fixes for vulnerabilities in the widespread IOS operating system. In total, twenty-nine dangerous vulnerabilities were fixed, the most dangerous of which allowed unauthorized attackers to remotely execute arbitrary code on the target system.

Two of them CVE-2020-3421 and CVE-2020-3480 are related to the Cisco Zone Policy Firewall feature. Their use allows an unauthorized remote attacker to force a device to reboot or stop sending traffic through the firewall.

One of the CVE-2020-3417 issues affects any Cisco hardware that runs Cisco IOS XE Software and allows an authenticated local attacker to execute arbitrary code on the target hardware.

https://vulners.com/threatpost/THREATPOST:8A0543D86FEB5DE30B87CE62E5781252

ESET Lucas Stefanko demonstrated the use of a PoC exploit for a new vulnerability that allows to hijack all Firefox for Android browsers located on the same Wi-Fi network. Possible scenarios:

  1. Through the mechanism of SSDP (Simple Service Discovery Protocol) Firefox finds devices on the same Wi-Fi network to exchange content. If it detects another device, Firefox prompts you for a link to an XML file that stores the configuration for that device. In SSDP, the validation of the received link did not work correctly, which is why instead of the path to the XML file, it is possible to register Android Intent – a mechanism through which the application’s intention to perform an action is transmitted.
  2. Hijacking of a vulnerable Wi-Fi router, of which there are more and more, in order to then send out a phishing link to an e-mail or other service to connected users.

The hacker could force Firefox to open a malicious link on all Android devices currently connected to the same Wi-Fi network. Firefox versions for Android up to 79 are vulnerable.

https://vulners.com/threatpost/THREATPOST:5F59BD02770CBECF13295A854E4B5301

CVE-2020-1472

Microsoft advised users to urgently install a patch for the Zerologon vulnerability, as cybercriminals are already exploiting it in attacks. Microsoft has unveiled three exploits used by cybercriminals. They are .NET executables named SharpZeroLogon.exe. All three exploits can be found at VirusTotal.

https://vulners.com/threatpost/THREATPOST:A1A1E1AC8DB384C8FA2988F9A9121141

https://vulners.com/thn/THN:F4928090525451C50A1B016ED3B0650F

Cool stuff! Buffer overflow vulnerability in Half-Life 1

https://vulners.com/hackerone/H1:402566

The researchers found that to track the dictionary level (read more about the protocol BitTorrent for uTorrent app ) that uTorrent parses, it uses a 32-bit field. And if the dictionary transferred in the extended package contains more than 32 nested levels of sub-dictionaries, then uTorrent crashes.

Two possible attack vectors:

  1. One of the hosts is sending wrong packets to other hosts;
  2. The uTorrent application opens a specially generated .torrent file.

By now the vulnerability has been fixed. Versions 3.5.5 and earlier are vulnerable.

https://vulners.com/cve/CVE-2020-8437


Tools

Offensive Terraform – Automated multi step offensive attack modules with Infrastructure as Code(IAC)

https://offensive-terraform.github.io

Velociraptor
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries.

https://vulners.com/kitploit/KITPLOIT:6566154446799909883

SharpSecDump
.Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂

https://vulners.com/kitploit/KITPLOIT:3703182896493216516

FLUFFI
A distributed evolutionary binary fuzzer for pentesters.

https://vulners.com/kitploit/KITPLOIT:938862157373904649


News

Windows XP source code leak on 4chan

The assumed source code of the Windows XP operating system leaked into the Network. In one of the topics of the anonymous 4chan forum were published links to the archives of Windows XP source code and source codes of other Microsoft products. The archive also includes dumps of the source code of Windows NT 3.5 operating system and the source code of the original Microsoft Xbox console, which appeared on the Web in May this year.

https://vulners.com/hackread/HACKREAD:D79E15472AE351216E3C3F56B60D25BE

CVE-2020-1895

Vulnerability in the Instagram application for Android and iOS, which could lead to the remote execution of the code (RCE) and hacker capture of the smartphone, including its camera and microphone.

Instagram versions up to 128.0.0.26.128 are vulnerable, the corresponding update was released by Facebook back in February. More than half a year later, Check Point revealed its details. To exploit CVE-2020-1895, an attacker only needs to send a specially generated image to the victim in any way – by email or messenger. After that, when Instagram is opened, the vulnerability is exploited.

https://vulners.com/thn/THN:2BD8DC8B24A03BF57192174BE64CF4C4

Unidentified cybercriminals gained access to the networks of one of the US federal agencies and stole data. CISA did not specify which agency was the victim of the hackers when the attack took place and who was behind it.

The attackers initially compromised the Office 365 user accounts and the domain administrator account through the vulnerable Pulse VPN server. In the future, they explored the network, entrenched themselves in it, threw a tunnel to communicate with the control center and began to collect information of interest to them.

In the process of hacking, the hackers used the proprietary Inetinfo malware, which they managed to hide from anti-virus protection.

https://vulners.com/threatpost/THREATPOST:3E47C166057EC7923F0BBBE4019F6C75


Research

UAC bypass ransomware analysis using CMSTPLUA COM – T1218: https://www.securityinbits.com/malware-analysis/uac-bypass-analysis-stage-1-ataware-ransomware-part-2

Introducing “YAYA”, a New Threat Hunting Tool From EFF Threat Lab – for managing multiple Yara rule sets: https://www.eff.org/deeplinks/2020/09/introducing-yaya-new-threat-hunting-tool-eff-threat-lab

8 XSS with 4 bypasses on Airbnb

Sandbox evasion: https://search.unprotect.it/map/sandbox-evasion/temperature-sensor


Feedback -> here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s