The invisible JavaScript backdoor.

https://certitude.consulting/blog/en/invisible-backdoor/

CVE-2021-30869: Cyber-Attack by China 🇨🇳 as a macOS Zero-Day, exploited in watering hole attacks on users in Hong Kong 🇭🇰

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong.

https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Data-Leak: Breaking from Israel 🇮🇱 as Unit-8200 (the elite cyber espionage, intelligence agency) of the government is listed on the Moses Staff hacking group's website under breached organizations. If true, this could mean leakage of possible state secrets and international deals. This group is believed to be affiliated to Iran 🇮🇷, possibly state sponsored. Iran never denied these claims.

For reference purposes: Unit-8200 has 10K employees.

Sample data share by the Moses-Staff group.

Pakistan 🇵🇰 | Zero-Day | Cyber-War: The 32bit version of CVE-2021-1732 was recently uploaded to Virus Total from Pakistan. The 0-day exploit was used by Bitter APT and developed by the US-based offensive company Exodus Intelligence (aka “Moses”).

https://www.virustotal.com/gui/file/ee2d53303e2c5a2787dad11e3a0abce5ea0ff9a4219e963e69a4054a11efc628

Source: CP-Research

Watering hole incident | United Kingdom 🇬🇧 | Cyber-War: Advanced cyber warfare group hacked a popular UK new site 'Middle East Eye' that often posts content disapproved by GCC / Middle East countries. The site is blocked in many Middle Eastern nations.

The hacked site served malicious JavaScript that ran in systems of the visitors of the compromised site. The attack vector was based from a known criminal group; 'Candiru' which is declared 📜 criminal by the United States 🇺🇸 and is under sanctions. Candiru is another Cyber-Crime syndicate from Israel 🇮🇱 that operates under Israeli weapons control laws.

This attack apparently stems out from one of the customers of this state-sponsored criminal organisation.

https://www.vice.com/en/article/pkpbdm/hackers-compromised-middle-east-eye-news-website-to-hack-visitors-researchers-say

Details about Candiru sanctions: https://www.vice.com/en/article/dypzjq/us-sanctions-could-cut-off-nso-from-tech-it-relies-on

Revelation of Cyber-Attack by Iran 🇮🇷 at United States 🇺🇸 as FBI charges Iranian nationals with interfering in the 2020 U.S. presidential election.

https://www.fbi.gov/wanted/cyber/iranian-interference-in-2020-us-elections

🔧 Tool: fileless-xec enables a remote binary execution on a local machine directly from memory without dropping them on disk.

https://github.com/ariary/fileless-xec

https://securityonline.info/fileless-xec-a-stealth-dropper/

Data-Leak of Conti ransomware operator as the group sufferes breach that exposed its attack infrastructure and allowed researcher (at Prodaft) to access it.

Interesting thread: https://twitter.com/malwrhunterteam/status/1461450607311605766

Details: https://securityaffairs.co/wordpress/124837/cyber-crime/payment-portal-conti-gang-compromised.html

CVE-2021-42321: Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398

Another Microsoft Zero-Day exploit pertaining to bad fix of CVE-2021-41379.

https://github.com/klinix5/InstallerFileTakeOver

Details: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

■■■□□ Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge.

Browser goes further to protect against bugs by disabling JIT.

https://portswigger.net/daily-swig/microsoft-unveils-super-duper-secure-mode-in-latest-version-of-edge

● IMHO; disabling JavaScript on any browser for all sites by default prevents 99% of the known attack vectors. For site like Facebook and other social media, white-listing can be done.

Latest Edge is significantly secure as it prevents most trackers from running by default unlike chrome.

Data Exfiltration via CSS + SVG Font by Masato Kinugawa.

https://youtu.be/iUzNA2St3Bc

Thread: https://twitter.com/kinugawamasato/status/1464884299195322371

Jumping the air gap: 15 years of nation-state effort.

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs.

https://www.eset.com/us/about/newsroom/press-releases/eset-research-analyzes-malicious-frameworks-targeting-air-gapped-networks-dissects-15-years-of-nati-1/

https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/

Decompile directly in VS code.

https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler

Interesting thread!

https://twitter.com/SonarSource/status/1468973725072564225