[+] Linux kernel: net: double-free and memory corruption in get_net_ns_by_id()
A use-after-free vulnerability was found in a network namespaces code affecting the Linux
kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check
for the net::count value after it has found a peer network in netns_ids idr which could
lead to double free and memory corruption. This vulnerability could allow an unprivileged
local user to induce kernel memory corruption on the system, leading to a crash. Due to
the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe
it is unlikely.
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
A use-after-free vulnerability was found in a network namespaces code affecting the Linux
kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check
for the net::count value after it has found a peer network in netns_ids idr which could
lead to double free and memory corruption. This vulnerability could allow an unprivileged
local user to induce kernel memory corruption on the system, leading to a crash. Due to
the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe
it is unlikely.
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
Command and Control – Images [Powershell]
https://pentestlab.blog/2018/01/02/command-and-control-images/
https://pentestlab.blog/2018/01/02/command-and-control-images/
Penetration Testing Lab
Command and Control – Images
Images traditionally have been used as a method of hiding a message. It is possibly for forensic investigators the oldest trick in the book to search for evidence inside that type of files. However…
Command and Control – JavaScript [Rundll32]
https://pentestlab.blog/2018/01/08/command-and-control-javanoscript/
https://pentestlab.blog/2018/01/08/command-and-control-javanoscript/
Penetration Testing Lab
Command and Control – JavaScript
There are a number command and controls tools that can use a variety fof methods in order to hide malicious traffic or execute implants in various formats. Casey Smith originally developed a protot…
[dos] Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
https://www.exploit-db.com/exploits/43470/?rss
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
https://www.exploit-db.com/exploits/43470/?rss
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
Microsoft Patches Zero-Day Vulnerability in Office
http://feedproxy.google.com/~r/Securityweek/~3/fy_7rlOZl8Q/microsoft-patches-zero-day-vulnerability-office
Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.
read more (http://www.securityweek.com/microsoft-patches-zero-day-vulnerability-office)
http://feedproxy.google.com/~r/Securityweek/~3/fy_7rlOZl8Q/microsoft-patches-zero-day-vulnerability-office
Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.
read more (http://www.securityweek.com/microsoft-patches-zero-day-vulnerability-office)
Securityweek
Microsoft Patches Zero-Day Vulnerability in Office | SecurityWeek.Com
Microsoft patches over 50 vulnerabilities, including an Office zero-day similar to the Equation Editor flaw that has been exploited by several threat groups
Highly Targeted Attacks Hit North Korean Defectors
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
Securityweek
Highly Targeted Attacks Hit North Korean Defectors | SecurityWeek.Com
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by unknown threat actor.
Mac Malware Creator Indicted in U.S.
http://feedproxy.google.com/~r/Securityweek/~3/RWtsCJGpEiQ/mac-malware-creator-indicted-us
“FruitFly” Mac Malware Creator Allegedly Spied On Victims for 13 Years
read more (http://www.securityweek.com/mac-malware-creator-indicted-us)
http://feedproxy.google.com/~r/Securityweek/~3/RWtsCJGpEiQ/mac-malware-creator-indicted-us
“FruitFly” Mac Malware Creator Allegedly Spied On Victims for 13 Years
read more (http://www.securityweek.com/mac-malware-creator-indicted-us)
Securityweek
Mac Malware Creator Indicted in U.S. | SecurityWeek.Com
Phillip R. Durachinsky has been charged with using the FruitFly malware for more than 13 years to watch, listen to, and obtain personal data from unknowing victims, as well as to produce child pornography.
Highly Targeted Attacks Hit North Korean Defectors
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
http://feedproxy.google.com/~r/Securityweek/~3/oOttyf-3Q4k/highly-targeted-attacks-hit-north-korean-defectors
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
read more (http://www.securityweek.com/highly-targeted-attacks-hit-north-korean-defectors)
Securityweek
Highly Targeted Attacks Hit North Korean Defectors | SecurityWeek.Com
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by unknown threat actor.
AMD Will Release CPU Microcode Updates for Spectre Flaw This Week
https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microcode-updates-for-spectre-flaw-this-week/
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. [...]
https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microcode-updates-for-spectre-flaw-this-week/
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. [...]
BleepingComputer
AMD Will Release CPU Microcode Updates for Spectre Flaw This Week
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.
How to Attract More Women Into Cybersecurity - Now
https://www.darkreading.com/careers-and-people/how-to-attract-more-women-into-cybersecurity---now/d/d-id/1330816?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.
https://www.darkreading.com/careers-and-people/how-to-attract-more-women-into-cybersecurity---now/d/d-id/1330816?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.
Dark Reading
How to Attract More Women Into Cybersecurity - Now
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.
NEW PYTHON-BASED CRYPTO-MINER BOTNET FLYING UNDER THE RADAR
https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto-miner-botnet-flying-under-the-radar?sf178360556=1
https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto-miner-botnet-flying-under-the-radar?sf178360556=1
F5 Labs
New Python-Based Crypto-Miner Botnet Flying Under the Radar
A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.
Slui File Handler Hijack UAC bypass (fileless), works from Windows 8 up to Windows 10 RS4 17074
https://github.com/bytecode-77/slui-file-handler-hijack-privilege-escalation
https://github.com/bytecode-77/slui-file-handler-hijack-privilege-escalation
GitHub
GitHub - bytecode77/slui-file-handler-hijack-privilege-escalation: Slui File Handler Hijack UAC Bypass Local Privilege Escalation
Slui File Handler Hijack UAC Bypass Local Privilege Escalation - GitHub - bytecode77/slui-file-handler-hijack-privilege-escalation: Slui File Handler Hijack UAC Bypass Local Privilege Escalation