Bug Parade with all headliners, zero-days and malware news

Recently, there has been a lot of news about ransomware and their types. Nvidia and google chrome began to release updates more often.

  • Vulnerabilities: Nvidia, Google Chrome and cool report from NSA;
  • Tools: New PlumHound module (BlueHound), tool for SOC analysts and etc.;
  • News: Malware, attacks and games;
  • Research: Have you ever heard about Flare-On? It was attached usefull material for Android Pentests. + cool defcon videos.

Really short feedback -> forms.gle/qhTGPMkJMMKkec5f9


Vulnerabilities

The NSA published a report describing the top 25 vulnerabilities exploited by Chinese APTs. Vulnerabilities are exploited by hackers to deploy ransomware and other malware. The party consists of the following stars, which we wrote about with our digests:

https://vulners.com/threatpost/THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452

A security update was released this week that fixes three vulnerabilities in GeForce Experience that can lead to denial of service, local privilege escalation, information disclosure, and remote code execution (RCE). On one hand it's good that Nvidia tries to close vulnerabilities in time, on the other hand the number of serious vulnerabilities is too high.

  • CVE‑2020‑5977;
  • CVE‑2020‑5990;
  • CVE‑2020‑5978.

https://vulners.com/threatpost/THREATPOST:939D3A37125502BC9EE7A2E56EB485A7

Recently, the Vulners team has been working on creating new bots to gather information for its database and fix some of the old ones. One of them is a useful blog from RAPID7.
They regularly release Metasploit Wrap-Up which contains all the news about Metasploit. This is great! The most interesting thing about the latest release:

https://vulners.com/rapid7blog/RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D

Oh, congratulations!

"Adds a new Microsoft Event Tracing for Windows (ETW) provider named "Microsoft-Antimalware-UacScan". This ETW provider reports the details of the context for each User Account Control (UAC) request in the ETW provider manifest."

https://support.microsoft.com/en-us/help/4580390/windows-10-update-kb4580390

Google Project Zero warns of active wild exploitation of the CVE-2020-15999 vulnerability in Chrome. The bug is in a third-party FreeType library and results in a heap overflow, allowing a hacker to execute remote code.

Everyone urgently needs to update their browsers!

https://vulners.com/thn/THN:1CAE17F613AA7CBF6F4E99804811C608


Tools

BlueHound is a Blue Teamer Python script to analyze Attack Paths found by BloodHound. It’s a new module in PlumHound.

https://github.com/PlumHound/PlumHound

Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame.

https://vulners.com/kitploit/KITPLOIT:8314779410606491543

**Malware Source Code Collection
**The project contains a large number of source codes for various malware. Be care!

https://vulners.com/kitploit/KITPLOIT:7030656015270383596

PwnDoc
It is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report.

https://vulners.com/kitploit/KITPLOIT:1225346241981372470


News

The owners of the ransomware Darkside donated $ 10,000 each to Children International, a non-profit organization that helps children living in poverty, and The Water Project, an organization that fights for access to clean water in Africa. Children International and The Water Project will not be able to use donations due to improper receipt :(

https://vulners.com/threatpost/THREATPOST:6785D461CCCBA92755325EE63643EF4F

Victor Geverse managed to find a password to Donald Trump's Twitter account, the latter lacking two-factor authentication. On October 16th he tried to find a password to Twitter account of American president and from the sixth attempt he managed to do it. The password turned out to be the phrase "maga2020!".

It was the second time when Geverce picked up a password from Donald Trump's Twitter account. The expert and his friends guessed the password for the first time in 2016. At that time, the researchers relied on the data left by Linkedin in 2012, and were surprised to find that the password from Twitter is the same as from Linkedin.

https://vulners.com/threatpost/THREATPOST:227EF53DD3E1B5C218725653C74CCAC9

The data stolen from the largest game developers, Ubisoft and Crytek, were published. Operators of the encryptor Egregor, who "leaked" this information, claim that they also have the source codes of Watch Dogs: Legion game, the release of which is scheduled for the end of this month.

Albion has disclosed a data breach resulting from an outside hack of its forum’s user database. "If you have a forum account, you should change the password for your Albion Online account". For its part, Albion stated that it has shut down hackers' access and is now conducting additional checks to ensure the integrity of our systems.

https://vulners.com/threatpost/THREATPOST:ACD8E2894A74E0E4809E20AFC3371598

The ransomware attack hit the French IT giant Sopra Steria, which has over € 4 billion in annual revenue. On October 21, the company announced a cyber attack on its resources.

Reporters were able to find out that the French were attacked by ransomware Ryuk, and behind the attack was the same operator, which earlier in September successfully hacked into the network of the American medical service provider Universal Health Services (UHS).

https://vulners.com/threatpost/THREATPOST:67A68D3CC899F33C3E7D8C923DCAB5E1


Research

New adversarial ATT&CK Matrix for ML by Mitre, working with partners including Microsoft. Looks interesting. https://github.com/mitre/advmlthreatmatrix

What's the best defcon (hacking conference video) have you ever watched ? I Hunt TR-069 Admins: Pwning ISPs Like a Boss

He talked about a great topic (not much talked about whilst it being huge) , the exploits were good and funny and so was his talk and most importantly it was simple/understandable ;)

Other great fun video:

NICER Protocol Deep Dive blog series (RDP): https://vulners.com/rapid7blog/RAPID7BLOG:7549D87CE6E6AE596B8031184231ECD1

Flare-On 2020 - annual competition in reverse engineering from FireEye: https://vulners.com/fireeye/FIREEYE:3C97C63F1725390B2FB7FD0C2983FDE3

A curated list of Android Security materials and resources For Pentesters and Bug Hunters: https://github.com/saeidshirazi/awesome-android-security


Really short feedback -> forms.gle/qhTGPMkJMMKkec5f9