Tag: PRIVILEGE

Summary: This content provides a list of security vulnerabilities and their severity levels in various Microsoft products and services.

Threat Actor: N/A

Victim: N/A

Key Point:

The content highlights multiple security vulnerabilities in Microsoft products and services, including .NET and Visual Studio, Azure, Azure AI Search, Azure Arc, Azure Compute Gallery, Azure Migrate, Azure Monitor, Azure Private 5G Core, Azure SDK, Intel, Internet Shortcut Files, Mariner, Microsoft Azure Kubernetes Service, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Install Service, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Role: DNS Server, Role: Windows Hyper-V, SQL Server, Windows Authentication Methods, Windows BitLocker, Windows Compressed Folder, Windows Cryptographic Services, Windows Defender Credential Guard, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows File Server Resource Management Service, Windows HTTP.sys,…
Read More

In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando, DonutLeaks has swiftly garnered attention for its aggressive tactics and extensive data leaks when it first emerged.…

Read More

This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a target network, Raspberry Robin is able to infect devices with additional malware variants.

Introduction

In the face of increasingly hardened digital infrastructures and skilled security teams, malicious actors are forced to constantly adapt their attack methods, resulting in sophisticated attacks that are designed to evade human detection and bypass traditional network security measures.…

Read More

Threat Actor: Unknown Victim: Windows users

Key Points: * A threat actor is selling a zero-day vulnerability specifically for a Windows 0-day Local Privilege Escalation (LPE) exploit. * The threat actor is not providing detailed information about the exploit. * The actor claims that the exploit works on all versions of Windows, but researchers are skeptical about this claim.…

Read More

____________________ Summary: This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware called UNAPIMON.

Key Point: * Earth Freybug actors use DLL hijacking and API unhooking techniques to prevent monitoring of child processes.…

Read More

When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common in threat hunting tradecraft in general and for persistence-related techniques in particular.

When you are dealing with Windows services techniques, all your hypotheses can be split into two big groups: Hunting for service creation (aka “establishment” aka “installation”) and Hunting for service execution (some time after the service was created/established).…

Read More

____________________ Summary: The SonicWall Capture Labs threat research team has discovered an Unauthenticated Command Injection vulnerability in Progress Kemp LoadMaster. This vulnerability allows attackers to bypass authentication and execute arbitrary commands on the system. LoadMaster users are advised to upgrade their instances immediately.

____________________ Key Point: * The vulnerability affects Progress Kemp LoadMaster releases after 7.2.48.1 and LoadMaster Multi-Tenant (MT) VFNs.…

Read More

______________________Summary: The blog post analyzes the Linux version of DinodasRAT, a malware used by Chinese-nexus APT threat actors. The Linux version, known as Linodas, has separate development and introduces auxiliary modules with separate configuration files. It focuses on establishing and controlling reverse shells, collecting user activity from logs, and manipulating local file content.…

Read More

____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.

Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…

Read More