Recently, there has been a lot of news about ransomware and their types. Nvidia and google chrome began to release updates more often.
- Vulnerabilities: Nvidia, Google Chrome and cool report from NSA;
- Tools: New PlumHound module (BlueHound), tool for SOC analysts and etc.;
- News: Malware, attacks and games;
- Research: Have you ever heard about Flare-On? It was attached usefull material for Android Pentests. + cool defcon videos.
Really short feedback -> forms.gle/qhTGPMkJMMKkec5f9
The NSA published a report describing the top 25 vulnerabilities exploited by Chinese APTs. Vulnerabilities are exploited by hackers to deploy ransomware and other malware. The party consists of the following stars, which we wrote about with our digests:
- CVE-2020-5902 BIG-IP от F5 Networks;
- CVE-2019-19781 RCE in Citrix ADC;
- CVE-2020-1350 SIGRed
- CVE-2020-1472 Zerologon 🙂
- and others
A security update was released this week that fixes three vulnerabilities in GeForce Experience that can lead to denial of service, local privilege escalation, information disclosure, and remote code execution (RCE). On one hand it’s good that Nvidia tries to close vulnerabilities in time, on the other hand the number of serious vulnerabilities is too high.
Recently, the Vulners team has been working on creating new bots to gather information for its database and fix some of the old ones. One of them is a useful blog from RAPID7.
They regularly release Metasploit Wrap-Up which contains all the news about Metasploit. This is great! The most interesting thing about the latest release:
- New module for SharePoint by fresh RCE vulnerability CVE-2020-16952.
“Adds a new Microsoft Event Tracing for Windows (ETW) provider named “Microsoft-Antimalware-UacScan”. This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest.”
Google Project Zero warns of active wild exploitation of the CVE-2020-15999 vulnerability in Chrome. The bug is in a third-party FreeType library and results in a heap overflow, allowing a hacker to execute remote code.
Everyone urgently needs to update their browsers!
BlueHound is a Blue Teamer Python script to analyze Attack Paths found by BloodHound. It’s a new module in PlumHound.
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame.
Malware Source Code Collection
The project contains a large number of source codes for various malware. Be care!
It is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.
The owners of the ransomware Darkside donated $ 10,000 each to Children International, a non-profit organization that helps children living in poverty, and The Water Project, an organization that fights for access to clean water in Africa. Children International and The Water Project will not be able to use donations due to improper receipt 😦
Victor Geverse managed to find a password to Donald Trump’s Twitter account, the latter lacking two-factor authentication. On October 16th he tried to find a password to Twitter account of American president and from the sixth attempt he managed to do it. The password turned out to be the phrase “maga2020!”.
It was the second time when Geverce picked up a password from Donald Trump’s Twitter account. The expert and his friends guessed the password for the first time in 2016. At that time, the researchers relied on the data left by Linkedin in 2012, and were surprised to find that the password from Twitter is the same as from Linkedin.
The data stolen from the largest game developers, Ubisoft and Crytek, were published. Operators of the encryptor Egregor, who “leaked” this information, claim that they also have the source codes of Watch Dogs: Legion game, the release of which is scheduled for the end of this month.
Albion has disclosed a data breach resulting from an outside hack of its forum’s user database. “If you have a forum account, you should change the password for your Albion Online account”. For its part, Albion stated that it has shut down hackers’ access and is now conducting additional checks to ensure the integrity of our systems.
The ransomware attack hit the French IT giant Sopra Steria, which has over € 4 billion in annual revenue. On October 21, the company announced a cyber attack on its resources.
Reporters were able to find out that the French were attacked by ransomware Ryuk, and behind the attack was the same operator, which earlier in September successfully hacked into the network of the American medical service provider Universal Health Services (UHS).
New adversarial ATT&CK Matrix for ML by Mitre, working with partners including Microsoft. Looks interesting. https://github.com/mitre/advmlthreatmatrix
What’s the best defcon (hacking conference video) have you ever watched ? I Hunt TR-069 Admins: Pwning ISPs Like a Boss
He talked about a great topic (not much talked about whilst it being huge) , the exploits were good and funny and so was his talk and most importantly it was simple/understandable 😉
Other great fun video:
NICER Protocol Deep Dive blog series (RDP): https://vulners.com/rapid7blog/RAPID7BLOG:7549D87CE6E6AE596B8031184231ECD1
Flare-On 2020 – annual competition in reverse engineering from FireEye: https://vulners.com/fireeye/FIREEYE:3C97C63F1725390B2FB7FD0C2983FDE3
A curated list of Android Security materials and resources For Pentesters and Bug Hunters: https://github.com/saeidshirazi/awesome-android-security
Really short feedback -> forms.gle/qhTGPMkJMMKkec5f9