Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In short: the company was hacked, there are many consequences and the final picture is not yet clear.
- Vulnerabilities: Microsoft zero-day and CERT alerts ASAP;
- Tools: Top 20 Most Popular Hacking tools 2020;
- News: Cool Research for all massagers, DDOS with Citrix and another one research from project-zero;
- Research: Videos, articles, reports.
Really short feedback -> here
Microsoft patched the CVE-2020-0986 vulnerability as part of a June security update. It had been spotted in the wild during this time of exploitation. The vulnerability was discovered by Trend Micro and was located in a Windows printer driver, allowing remote code execution (RCE).
Researchers at Google Project Zero discovered that the vulnerability had not been fully patched. Microsoft was notified, assigning the new bug CVE-2020-17008. It leads to a privilege escalation. The PoC was done rather quickly (why not?): https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Microsoft will fix specified vulnerability in a January patch…
Dell developers have released updates to some Wyse Thin Client models. The patches fix a number of critical vulnerabilities that can be exploited remotely and without authentication.
- CVE-2020-29491 allows an unauthenticated attacker to access a configuration file;
- CVE-2020-29492 allows writes to the file.
The vulnerabilities affect Wyse 3040, 5010, 5040, 5060, 5070, 5470, and 7010 thin clients running ThinOS 8.6 and earlier. The vulnerabilities were fixed with the release of ThinOS 8.6 MR8.
The Cyber Security Agency (CISA) has warned of four new vulnerabilities in Treck Inc.’s implementation of the TCP/IP stack, which is also used primarily in OT and IoT devices. Two of them are critical and could lead to RCEs and denial of service.
Affected devices include elements of industrial control systems, medical equipment, transportation systems, etc. The total number goes into the millions.
New vulnerability for SolarWinds in Orion. According to CERT the SolarWinds Orion API, which is used to communicate with all other Orion system monitoring and control products, suffers from a security issue CVE-2020-10148 that could allow a remote attacker to execute unauthenticated API commands, leading to an instance of SolarWinds being compromised.
Watcher – Open Source Cybersecurity Threat Hunting Platform | Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization. It should be used on webservers and available on Docker.
Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020.
AIL framework – Framework for Analysis of Information Leaks – AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams.
An easy-to-use and lightweight API wrapper for the Censys Search Engine ( censys.io ). Python 3.6+ is currently supported.
CyberNews conducted a research and evaluated the security features of the most popular messaging apps. Thirteen popular messengers came into view, including Signal, WhatsApp, Telegram, Qtox and others.
The research found that most popular messengers meet current security requirements, given that Telegram and Facebook Messenger’s end-to-end encryption is disabled by default.
Researcher Marko Hoffman discovered a new type of DDoS attack that uses Citrix ADC to multiply traffic.
The attackers use the DTLS protocol. Because the protocol is based on UDP, it allows a hacker to forge a request and initiate a response to the victim. Due to DTLS implementation problems, Citrix ADC has a multiplication factor of 35 (i.e., return traffic is 35 times greater than incoming traffic), which is one of the most effective amplification vectors for DDoS attacks.
No fixes for Citrix ADC yet. ((
The only solution to the problem is to disable DTLS, and if you need it to work, then enable authentication of incoming DTLS connections.
One of Project Zero members Brandon Azad, who specializes in iOS, decided to try his hand with Android and found some serious vulnerabilities. But more interesting in this article is his comparison of the differences in exploitation and protection measures in the two most popular mobile operating systems.
The material will be useful for everyone who is interested in the security of mobile operating systems. Enjoy!
Various Visual Basic Macros-based Remote Code Execution techniques to get meterpreter invoked on the infected machine. https://gist.github.com/mgeeky/9dee0ac86c65cdd9cb5a2f64cef51991
Cookie Tossing to RCE on Google Cloud JupyterLab: https://blog.s1r1us.ninja/bug-bounty/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
Really short feedback -> here