Microsoft’s very bad year for security: A timeline

From csoonline.com

Microsoft Windows security  >  Windows laptop + logo with binary lock and key

So far, 2021 has proved to be somewhat of a security annus horribilis for tech giant Microsoft, with numerous vulnerabilities impacting several of its leading services, including Active Directory, Exchange, and Azure. Microsoft is no stranger to being targeted by attackers seeking to exploit known and zero-day vulnerabilities, but the rate and scale of the incidents it has faced since early March has put the tech giant on its back foot for at least a moment or two.

Read more…

In Cyberwar, Attribution Can Be Impossible — and That’s OK

From darkreading.com

Graphic suggesting a major cyberattack

For most of human history, battle lines have been clearly demarcated. Physical borders, trenches, and satellite imagery have shown us launch sites, front lines, and enemy targets. Technology has allowed opponents to trace every inch of a weapon’s path. Historically, we have been able to determine the source of a strike and know who we’re up against with clarity.

But the rules of cyberspace are different.

Acts of cyberwar continue to proliferate — defined by espionage, proxy battles, disinformation campaigns, and guerrilla tactics. Every day, it becomes more challenging to establish the source of an attack — and therefore, to establish an effective, proportional response.

Read more…

Huan: Encrypted PE Loader Generator

From securityonline.info

First, Huan reads the given PE file and encrypts it with the CBC mode AES-128 encryption algorithm. For the encryption, I used Tiny AES in C and prepared a padding code for the requirement of this library. When the encryption is complete, it compiles the loader using the Visual Studio compiler (MsBuild.exe) and creates an executable. After that, it creates a section (called .huan) on that executable and embeds the encrypted content, size information, IV, and symmetric key. Both keys are created randomly for each copy of the loader. The layout of this section can be seen below.

Read more…

Chinese tech minister says he’s ‘dealt with’ 73,000 websites that breached the law

From theregister.com

China’s Minister of Industry and Information Technology, Xiao Yaqing, has given a rare interview in which he signalled the nation’s crackdown on the internet and predatory companies will continue.

The interview, reported in state-controlled organ Xinhua, reveals that China’s recent crackdowns on inappropriate content and companies with monopolistic tendencies have both bitten – hard.

The nation investigated 1.83 million apps to ensure they don’t infringe users’ rights. Some 4,200 illegal apps found to require “rectification”.

On top of that, 73,000 websites were “investigated and dealt with in accordance with the law” according to machine translation of Xiao’s speech. Roughly 51,900 companies with “bad lists” were also told to straighten up.

The July 2021 order requiring an end to use of pop-up ads that can’t be closed appears to have worked: the minister said 69 per cent of such ads were invincible in July, and that number is now down to “basically zero”.

Read more…

Google Tracking 270 Government-backed Hacker Groups From Over 50 Countries

From cybersecuritynews.com

Google Tracking 270 Government-backed Hacker Groups From Over 50 Countries

Google’s Threat Analysis Group (TAG) has tracked more than 270 government-backed cybercriminal associations in over 50 countries. From the beginning of 2021, they have noted that the attack rate of phishing campaigns is increasing and that’s why they have clients with about 50,000 alerts regarding phishing attempts or malware installations.

Soon after detecting such attacks, Google has offset a number of malicious campaigns that have been ejected by the Iranian group APT35. And not only this but this attack also include a social engineering campaign known as Operation SpoofedScholars.

Read more…

New Google Dorks List Collection for SQL Injection – SQL Dorks 2021

From gbhackers.com

SQL Dorks

Google helps you with Google Dorks to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google SQL dorks. More than a million of people searching for google dorks for various purposes for database queries, SEO and for SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.

It is very easy and all we need to use the advanced operators in Google search engine and to locate the results with the strings. SQL injection currently ranked #1 on the OWASP Top 10 chart which means that it is responsible for a large portion of public disclosures and security breaches.

Read more…

AtomSilo Ransomware Enters the League of Double Extortion

From malware.news

Ransomware is used widely in cyberattacks to disrupt the victim’s organization. Over the last two years, many attackers have evolved their ransomware tactics to include data exfiltration. This tactic is known as “double-extortion”: attackers demand ransom for the data decryption in addition to the ransom to prevent public release of the stolen data. ThreatLabz monitors these threat actors and analyzes the attack sequences of double extortion attacks. AtomSilo is a new player on the scene, and in this blog, we’ll break down the details of their attacks.

Introduction

AtomSilo ransomware emerged around September 2021, with their tactics including exfiltrating and publishing their first victim’s data.

We’ll break down one of their attacks, which started with initial access through exploiting a vulnerability in Atlassian’s Confluence collaboration software. The ransomware operators planted a back door using legitimate software via a dll side loading technique. The backdoor allowed remote code execution of Windows Shell commands through WMI (Windows Management Interface), which operators exploited using compromised administrative accounts before dropping AtomSilo.

Read more…