(Un)official home of Team RunCMD – where the intarwebz come to weep!

05/10/2021

Ransomware attacks cripple a major US pipeline

I’m sure you have all most likely heard about a ransomware attack that has shutdown Colonial Pipeline, a major US fossil fuel pipeline that provides 45% of fuels to the US east coast which is causing gas prices to spike. The malware is suspected to be of Russian origins but is not suspected to be a state-sponsored attack and appears to be purely financially motived.

The hacker group calling themselves “DarkSide” claimed responsibility for the attack, but surprisingly they also issued an apology as well. They apologized for taking down a public utility and they will do research in the future to ensure that they don’t affect any critical infrastructure in future campaigns.

Gee thanks guys.

Links

- BBC News: https://bbc.in/3hkmACK

05/06/2021

Tool Release: SSHPry v2.0

Blackhat Ethical Hacking released an update to their open-source tool called SSHPry. SSHPry is a tool that allows users to “Spy & Control on SSH Connected client’s TTY” This version added multiple features:

1. Control of target’s TTY
2. Built-In Keylogger
3. Console-Level phishing
4. Record & Replay previous sessions

Links

- Blackhat Ethical Hacking SSHPry Page: https://bit.ly/3nVOCpx
- GitHub Repo: https://bit.ly/3epIHpF

04/19/2021

New release of Responder supports being a rouge WinRM server

Everyone’s favorite MitM tool for exploiting Windows network just got updated so it can act as a rogue Windows Remote Management (WinRM) to capture admin network credentials. The latest and greatest version now has these features:

1. Built-in WinRM Auth server (new!)
2. Built-in SMB Auth server.
3. Built-in MSSQL Auth server.
4. Built-in HTTP Auth server.
5. Built-in HTTPS Auth server.
6. Built-in LDAP Auth server.
7. Built-in DCE-RPC Auth server.
8. Built-in FTP, POP3, IMAP, SMTP Auth servers.
9. Built-in DNS server.
10. Built-in WPAD Proxy Server.
11. Browser Listener
12. Fingerprinting
13. ICMP Redirect
14. Rogue DHCP

Links

- Responder GitHub Page: https://bit.ly/3gpGrzR

04/14/2021

New 0-day found in Chromium

This vulnerability is in the base engine of Google Chrome, MS Edge, Opera and any other browser based on Chromium. To have a complete kill chain all an attacker needs now is a sandbox escape.

Links

- The Record Article: https://bit.ly/3gbPLaO

04/14/2021

Ncap 1.30 Officially Released

The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did. This release also includes substantial performance
improvements, especially for applications which repeatedly call
pcap_findalldevs(). That has been a sore point in the past, so Dan Miller
went in and restructured the whole system for better performance. Wireshark
starts up noticeably faster. Memory allocations were also optimized by
replacing GlobalAlloc() calls with the modern HeapAlloc() system. You can
read about all the improvements in this and previous Npcap releases at
https://npcap.org/changelog.

Links

- Official Announcement: https://bit.ly/2OP1noP

04/14/2021

Newly discovered bugs in WhatsApp lead to RCE

Census Labs announced they have found some bugs in the most recent version of WhatsApp on Android v9 that could lead to remote code execution by using two different bugs. One is an information disclosure bug that allows the adversary to remotely collect TLS data for a session and the second is in the Chrome URL parser by taking advantage of the “content://” URL scheme.

Links

- HackerNews Article: https://bit.ly/3sgeWLG

01/28/2021

Heap Overflow in Sudo (CVE-2021-3156)

Security researchers at the cybersecurity firm Qualys have discovered a heap overflow in the sudo command on Linux. According to their blog posting about it:

“The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.”

Qualys blog post: http://bit.ly/36kZHsL

01/28/2021

NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet

Security researchers at Armis have taken the NAT Slipstreaming technique to a new level. The original technique let you access a single host behind a NATed firewall, this technique could expose ALL devices to the Internet: http://bit.ly/3clM0xy

01/28/202101/28/2021

North Korea going after security researchers

Yep, you read that right, in fact it was Google’s Threat Intelligence team that posted about this: https://bit.ly/3ad5BNB

11/02/202011/02/2020

Google releases details about an active exploit chain for Chrome and Windows

Google’s Project Zero recently published information on a series of exploits that is actively being used to gain privileged access on Windows via the Chrome browser as well as any browser based off of the Chromium engine. There is a vulnerability (CVE-2020-15999) in Chrome that allows for remote code execution and the code then takes advantage of a vulnerability (CVE-2020-17087) in Windows cryptographic device driver (cng.sys) to escape the Chrome sandbox. The vulnerability in Chrome has already been patched, however the vulnerability in Windows won’t be patched until November’s Patch Tuesday which will be on November 10th.

Links:

- ZDNet Article: http://zd.net/32nKi99
- Bleeping Computers Article: http://bit.ly/3mDIznI

<<	May 2021					>>
M	T	W	T	F	S	S
26	27	28	29	30	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31	1	2	3	4	5	6