Thought it may be useful to keep a running thread on latest security threats to be aware of. BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims BlackCat (aka AlphaVM, AlphaV) is a newly established RaaS (Ransomware as a Service) with payloads written in Rust. While BlackCat is not the first ransomware written in the Rust language, it joins a small (yet growing) sliver of the malware landscape making use of this popular cross-platform language. First appearing in late November, BlackCat has reportedly been attacking targets in multiple countries, including Australia, India and the U.S, and demanding ransoms in the region of $400,000 to $3,000,000 in Bitcoin or Monero... https://www.sentinelone.com/labs/bl...le-rust-driven-raas-on-the-prowl-for-victims/
Windows .... "polkit", seems to be some dependency for all standard *Nixes, at least I heard it is "most likely included". The daemon does not have to be running for the attack to succeed!: https://blog.qualys.com/vulnerabili...ty-discovered-in-polkits-pkexec-cve-2021-4034 Edit: parts of post removed because inaccurate. Thank you @RealNC for the explanation.
Interesting thread. Will follow it. In very broad lines, it's the user in the end, not only the OS. A security aware user will update the system, use root/admin only when it's necessary and harden their system. And follow the tech news and security bulletins. And have data backed up in 3-2-1 fashion. My humble opinion.
Microsoft sounds the alarm over new cunning Windows malware Chinese state-sponsored threat actor Hafnium has been found using a brand new malware to maintain access on a breached Windows endpoint, with the help of hidden scheduled tasks, Microsoft has announced. The Microsoft Detection and Response Team (DART) says the group has been leveraging a so far unknown vulnerability (a zero-day) in its attacks. "Investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification,” DART explained...
https://www.bloomberg.com/news/arti...by-forged-requests-in-sexual-extortion-scheme All major tech companies have been tricked by "fake authorities" to hand out data (what they did) which was then used to threaten minors. And people wonder why so much others still use nicknames instead of their full names and enter fake data into forms ...
Security flaw in MSDT protocol handler is actively (ab-)used by malware gangs! https://www.heise.de/news/Zero-Day-...reifen-MSDT-Sicherheitsluecke-an-7128265.html (German link, use Google Translate) TL;DR: A new malware for MS abusing OS functions. Infection is done by MS DOC files sent by mail currently, but may get triggered by other stuff to come. Protection is done by backup the reg key which defines MSDT actions and then delete it (or just delete it if you do not do backups). Command for deletion (run elevated cmd!): reg delete HKEY_CLASSES_ROOT\ms-msdt /f Downside of the fix: Some MS help docs won't display anymore. (Sooooooo sad! ) Stay safe friends! Edit: Just to make it clear: This is NO theoretical attack! This was discovered in the wild already!
yah you should never open spam that, but for some reason gmail has made so i cant block emails from spam folder with out actual open it in first place you have actual open to just get block email option.
You guys know "Hertzbleed"? https://www.hertzbleed.com/ Side channel attack using CPU frequencies. Fix: none, no fix planned by neither AMD nor Intel Workaround: disable turbo boost (or what it is called on your platform) Honestly? After reading that I thought ENABLING turbo would probably block this because frequency changes all the time and makes it more difficult for an attacker to read stuff, but obviously I am wrong there ...
another thing that home users don't need to worry about, along the same lines as spectre and meltdown.
Wait sir, I am calling you from Microsoft Norton Antivirus company , you have 800 viruses in your CPU from Hertzbleed. (with strong Indian accent)!
I agree, but I guess there are a few admins here as well. https://core.vmware.com/vmsa-2022-0016-questions-answers-faq
An older exploit, but just found out about it. In case anyone has a 7-zip install that hasnt been updated.
deleting the chm file does not remove the exploit vector. It was a hoax https://twitter.com/wdormann/status/1521237068336316417
Well ... I guess most of you guys do not use it, but please just read about this reporting process: https://www.modzero.com/modlog/arch...ess_with_crowdstrike_falcon_sensor/index.html "Respectful disclosure" is something both parties should care about.
Good morning gentlemen. New day new vulnerability. Today for offer: Malware which deactivates antivirus by Genshin Impact Anti-Cheat DLLs. https://www.trendmicro.com/en_us/re...pact-anti-cheat-driver-to-kill-antivirus.html It is the same since decades: Anti-cheat and anti-tamper programs messing up your computer. Denuvo anyone? Disklock? Securom? Gamespy? Valve Anti-Cheat (VAC)? Edit: .... means if you do not have Genshin Impact installed and see this *.sys file in your system / memory, you're f*cked. If possible I would add the file name / hash / etc. to a "blacklist" in your IDS/IPS. GI is available for free afaik on Epic. Maybe (if I have the time) I will install it temporarily to check the file for hashes and signatures. IMPORTANT: As written in the article PoCs do exist already and are well documented. So this is a practical attack, no theoretical! It is already seen "in-the-wild". Defend yourself! Stay safe guys!