Available Microsoft 0-day , new SolarWinds vulnerability and others
Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In short: the company was hacked, there are many consequences and the final picture is not yet clear.
- Vulnerabilities: Microsoft zero-day and CERT alerts ASAP;
- Tools: Top 20 Most Popular Hacking tools 2020;
- News: Cool Research for all massagers, DDOS with Citrix and another one research from project-zero;
- Research: Videos, articles, reports.
Really short feedback -> here
Vulnerabilities
CVE-2020-0986 -> CVE-2020-17008 (0-day)
Microsoft patched the CVE-2020-0986 vulnerability as part of a June security update. It had been spotted in the wild during this time of exploitation. The vulnerability was discovered by Trend Micro and was located in a Windows printer driver, allowing remote code execution (RCE).
Researchers at Google Project Zero discovered that the vulnerability had not been fully patched. Microsoft was notified, assigning the new bug CVE-2020-17008. It leads to a privilege escalation. The PoC was done rather quickly (why not?): https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Microsoft will fix specified vulnerability in a January patch…
https://vulners.com/thn/THN:279CDD851D8F33C8B07217F8D20F6AAA
Two critical vulnerabilities are fixed in Dell Wyse Thin Client
Dell developers have released updates to some Wyse Thin Client models. The patches fix a number of critical vulnerabilities that can be exploited remotely and without authentication.
- CVE-2020-29491 allows an unauthenticated attacker to access a configuration file;
- CVE-2020-29492 allows writes to the file.
The vulnerabilities affect Wyse 3040, 5010, 5040, 5060, 5070, 5470, and 7010 thin clients running ThinOS 8.6 and earlier. The vulnerabilities were fixed with the release of ThinOS 8.6 MR8.
https://vulners.com/thn/THN:F632DFA3E9893DD98D7638DEC80345A9
The Cyber Security Agency (CISA) has warned of four new vulnerabilities in Treck Inc.'s implementation of the TCP/IP stack, which is also used primarily in OT and IoT devices. Two of them are critical and could lead to RCEs and denial of service.
Affected devices include elements of industrial control systems, medical equipment, transportation systems, etc. The total number goes into the millions.
New vulnerability for SolarWinds in Orion. According to CERT the SolarWinds Orion API, which is used to communicate with all other Orion system monitoring and control products, suffers from a security issue CVE-2020-10148 that could allow a remote attacker to execute unauthenticated API commands, leading to an instance of SolarWinds being compromised.
Tools
Watcher - Open Source Cybersecurity Threat Hunting Platform | Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization. It should be used on webservers and available on Docker.
https://github.com/felix83000/Watcher
Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020.
https://vulners.com/kitploit/KITPLOIT:8765628871173432726
AIL framework - Framework for Analysis of Information Leaks - AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams.
https://github.com/ail-project/ail-framework
**Censys-Python
**An easy-to-use and lightweight API wrapper for the Censys Search Engine ( censys.io ). Python 3.6+ is currently supported.
https://vulners.com/kitploit/KITPLOIT:3689814603328911803
News
Almost all messengers you use are safe and secure
CyberNews conducted a research and evaluated the security features of the most popular messaging apps. Thirteen popular messengers came into view, including Signal, WhatsApp, Telegram, Qtox and others.
The research found that most popular messengers meet current security requirements, given that Telegram and Facebook Messenger's end-to-end encryption is disabled by default.
https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure
Researcher Marko Hoffman discovered a new type of DDoS attack that uses Citrix ADC to multiply traffic.
The attackers use the DTLS protocol. Because the protocol is based on UDP, it allows a hacker to forge a request and initiate a response to the victim. Due to DTLS implementation problems, Citrix ADC has a multiplication factor of 35 (i.e., return traffic is 35 times greater than incoming traffic), which is one of the most effective amplification vectors for DDoS attacks.
No fixes for Citrix ADC yet. ((
The only solution to the problem is to disable DTLS, and if you need it to work, then enable authentication of incoming DTLS connections.
One of Project Zero members Brandon Azad, who specializes in iOS, decided to try his hand with Android and found some serious vulnerabilities. But more interesting in this article is his comparison of the differences in exploitation and protection measures in the two most popular mobile operating systems.
The material will be useful for everyone who is interested in the security of mobile operating systems. Enjoy!
https://vulners.com/googleprojectzero/GOOGLEPROJECTZERO:B7D83FD0998DB6A044E63C8C9134F8C9
Research
Various Visual Basic Macros-based Remote Code Execution techniques to get meterpreter invoked on the infected machine. https://gist.github.com/mgeeky/9dee0ac86c65cdd9cb5a2f64cef51991
Cookie Tossing to RCE on Google Cloud JupyterLab: https://blog.s1r1us.ninja/bug-bounty/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
Really short feedback -> here
le-cloud-jupyter-notebooks](https://blog.s1r1us.ninja/bug-bounty/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks)
Really short feedback -> here