In October 2019, Riot Games announced the launch of a new game named “Valorant“ for June 2020 to be available on Microsoft Windows. A 2-month beta version was also available for certain users which just came to end about a day ago. With this, the statistics reveal that it happened to be very well received with over 3 million players every day.
However, capitalizing on this opportunity, malicious actors have also kicked in their schemes, one which has been uncovered recently by researchers at Doctor Web.
Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy.
The attacks begin with emails that are customized for each target, a researcher at security firm Kaspersky Lab reported this week. For the exploit to trigger, the language in the email must match the localization of the target’s operating system. For example, in the case of an attack on a Japanese company, the text of the email and an attached Microsoft Office document containing a malicious macro had to be written in Japanese. Also required: an encrypted malware module could be decrypted only when the OS had a Japanese localization as well.
Zoom is working on end-to-end encryption to protect privacy on its increasingly popular video chat service, but the company will make it a premium feature not available to free accounts. Alex Stamos, a Zoom security consultant and former chief security officer for Yahoo, told Reuters the company could include exceptions like nonprofits or political dissidents, though.
Zoom encrypts connections between the company’s servers and the devices of people using its service. End-to-end encryption, though, secures connections all the way from each device to every other device on a call. It’s available in some Zoom alternatives, like Apple Facetime.
The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources. “Poland again became the target of information attacks that coincide with the Kremlin’s actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General,” said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.
ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point.
Notes: ADCollector is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too much at the early Recon stage. Functions implemented in ADCollector are ideal for enumeration in a large Enterprise environment with lots of users/computers, without generating lots of traffic and taking a large amount of time. It only focuses on extracting useful attributes/properties/ACLs from the most valuable targets instead of enumerating all available attributes from all the user/computer objects in the domain. You will definitely need PowerView to do more detailed enumeration later.
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated Instagram sessions.