SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
๐ฃdigicat
We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who donโt patch promptly.
๐คafwaller
Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
๐คOnARedditDiet
๐@malwr
๐ฃdigicat
We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who donโt patch promptly.
๐คafwaller
Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
๐คOnARedditDiet
๐@malwr
TSK/Autopsy - Web Artifacts Opera
Hello,
i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
๐ฃguyizda
As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.
Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py
Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
๐คAnalyzeAllTheLogs
Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
๐คFunkeDope
๐@malwr
Hello,
i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
๐ฃguyizda
As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.
Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py
Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
๐คAnalyzeAllTheLogs
Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
๐คFunkeDope
๐@malwr
reddit
TSK/Autopsy - Web Artifacts Opera
Hello, i was wondering why the history of the opera web browser is not detected. I know that on the web page it says Firefox, Chrome and...
Analyzing in the wild exploitation of CVE-2019-1367 by DarkHotel #APT and Magnitude EK. The exploit introduced a Write-What-Where bug that works in every version of JScript engine.
๐ฃeliya_confiant
๐@malwr
๐ฃeliya_confiant
๐@malwr
Confiant
Internet Explorer CVE-2019โ1367 In the wild Exploitation โ prelude
Originally written by Taha Karim
Technical write up by researcher who found vulnerabilities in the Tenda AC15 AC1900 firmware 15.03.05.19 (5 CVEs issued - CMDi, XSS, CSRF, Hardcoded Telnet Password)
๐ฃgoopcat
๐@malwr
๐ฃgoopcat
๐@malwr
Medium
Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited
Demonstrating how remote attackers can gain control of the Tenda AC15 AC1900.
https://github.com/ThisIsLibra/MalPull
More info: https://maxkersten.nl/projects/malpull/
โน๏ธ Sent from one of our members
๐@malwr
More info: https://maxkersten.nl/projects/malpull/
โน๏ธ Sent from one of our members
๐@malwr
GitHub
GitHub - ThisIsLibra/MalPull: A multi-threaded malware sample downloader based upon given MD-5/SHA-1/SHA-256 hashes, using multipleโฆ
A multi-threaded malware sample downloader based upon given MD-5/SHA-1/SHA-256 hashes, using multiple malware databases. - ThisIsLibra/MalPull
Malware News
A Twitter Hacking Spree Hits Musk, Obama, Apple, and More ๐ฃzr0_day ๐@malwr
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where.
๐@malwr
๐@malwr
Malware News
All the messages appear to lead back to the same digital wallet, which received its first incoming transaction at 3:03 pm EDT. It has recorded around 300 transactions since, although several of those are outgoing. It's not clear at this time to where. ๐@malwr
At 10:38pm ET, the official Twitter Support account gave a more detailed explanation of the company's findings so far. "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the thread states. "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.
๐@malwr
๐@malwr
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
๐ฃhackers_and_builders
๐@malwr
๐ฃhackers_and_builders
๐@malwr
Rhino Security Labs
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
This blog describes how a vulnerability was identified in MicroWeber, an open-source Content Management System (CMS) written in PHP
Cisco Talos on election security - 4 years of research on election infrastructure, the goals of our adversaries, and how the cybersecurity community can help
๐ฃWorksAtCisco
๐@malwr
๐ฃWorksAtCisco
๐@malwr
Talosintelligence
What to expect when youโre electing: Talosโ 2020 election security primer
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
PhD thesis (2020) by Guo Li / UC San Diego: "An Empirical Analysis on [Cyber Threat Intelligence: Data Characteristics and Real-World Uses"](https://escholarship.org/uc/item/5h9983b0)
๐ฃmrkoot
๐@malwr
๐ฃmrkoot
๐@malwr
escholarship.org
An Empirical Analysis on Threat Intelligence: Data Characteristics and Real-World Uses
Author(s): Li, Guo | Advisor(s): Savage, Stefan; Levchenko, Kirill | Abstract: Threat Intelligence, both as a concept and a product, has been increasingly gaining prominence in the security industry. At a high-level, it is the โknowledgeโ that helps organizationsโฆ
Container escape for Windows Server Containers explained
๐ฃpingpongfifa
Correct me if I'm wrong, but when have containers ever been safe from attacks trying to break out of the container? I thought that the consensus was that if you want more safety, you should run a virtual machine instead.
๐คdavid171971
Is Windows Sandbox in Windows 10 also based on Containers or on Hyper-V? Does it have the same escape issues?
๐คtubularobot
In other news, Microsoft adds yet another technology to Windows with security as a tertiary concern.
๐คriskable
๐@malwr
๐ฃpingpongfifa
Correct me if I'm wrong, but when have containers ever been safe from attacks trying to break out of the container? I thought that the consensus was that if you want more safety, you should run a virtual machine instead.
๐คdavid171971
Is Windows Sandbox in Windows 10 also based on Containers or on Hyper-V? Does it have the same escape issues?
๐คtubularobot
In other news, Microsoft adds yet another technology to Windows with security as a tertiary concern.
๐คriskable
๐@malwr
Unit 42
Windows Server Containers Are Open, and Here's How You Can Break Out
We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.