Cyber-War by Russia 🇷🇺: Samples of the destructive MBR wiper targeting Ukraine 🇺🇦

Samples: https://samples.vx-underground.org/APTs/2022/2022.02.23(2)/

CVE-2022-21971: Uninitialized pointer free in prauthproviders.

https://github.com/0vercl0k/CVE-2022-21971

Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again – East-Ee Security (By Yair Mizrahi).

https://east-ee.com/2022/02/28/1367/

Verbatim viz
Anonymous!

"We successfully staged a cyber attack against the Belarusian railway infrastructure, designed to halt Russian military movements. Trains stopped in Minsk, Orsha, and Osipovichi

The railway system uses Windows XP. "
Russia 🇷🇺 vs Ukraine 🇺🇦 Cyber-War

https://twitter.com/AnonUkraine_/status/1498251582760267776

⚠️ Leaked stolen Nvidia cert can sign Windows malware.

An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.

https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/

Malware now using stolen NVIDIA code signing certificates.

According to samples uploaded to the VirusTotal malware scanning service, the stolen certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.

https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/

There are active credentials being harvested via Stealer malware.

The undermentioned is a list of government sites affected.

https://docs.google.com/spreadsheets/u/0/d/1KC615oNu1GJN4hymAR1Hxe1M46WG_FW4UMmHWbD3y3s/htmlview

🔧 Tool: Ligolo; reverse tunneling made easy for pentesters, by pentesters.

https://github.com/sysdream/ligolo

A lock with many keys: Spoofing DNSSEC-signed domains in 8.8.8.8.

https://www.sidnlabs.nl/en/news-and-blogs/a-lock-with-many-keys-spoofing-dnssec-signed-domains-in-8-8-8-8

An ancient guide to all warfare. By Sun Tzu.

● I had heard about it as a child and read it once I was trained as a hacker. I can say; it makes sense.

Dirty Pipe -> kernel r/w+selinux disabled+root shell on Pixel 6 Pro and Sasmsung S22 latest update.

Source: https://twitter.com/i/status/1503422980612923404

B1txor20, A Linux Backdoor Using DNS Tunnel.

https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en

A phishing / MITM tool 🔧 | Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication .

https://github.com/kgretzky/evilginx2

Automated pentesting / BugBounty.

https://yogeshojha.github.io/rengine/

Captcha-killer-modified for Burpsuite.

https://github.com/f0ng/captcha-killer-modified

Zero-Day in a Vmware product leads to unauthenticated remote code execution via Web interface.

Vmware is aware about the bug and is patching.

There is no patch to the Zero-Day. However, workarounds include use of WAF and disabling features.

Dirty Pipe (CVE-2022-0847) temporary root PoC for Android.

https://github.com/polygraphene/DirtyPipe-Android

Vidar spyware is now hidden in Microsoft help files

Updated: The malware is being spread through an interesting phishing tactic.

https://www.zdnet.com/article/vidar-spyware-is-now-hidden-in-microsoft-help-files/

☆ FORCEDENTRY: Sandbox Escape. A blog by Google's elite Project zero.

The article documents samples share by CitizenLab of the malware the Israel 🇮🇱 based state-sponsored Cyber-Crime syndicate 'NSO-Group' is infecting devices of people. Which often results in their death or harm to them or their relatives.

https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html

Deleted copy of Spring4Shell exploit code that triggered the infosec storm.

https://webcache.googleusercontent.com/search?q=cache:fMlVaoPj2YsJ:https://github.com/helloexp+&cd=1&hl=en&ct=clnk&gl=us