Daily Archives: May 11, 2022

Hackers deface Russian platforms and smart TVs to display anti-war messages

Posted on by

On the same day Russia celebrated its role in defeating Nazi Germany, many of the country’s online platforms were defaced in protest of the war in Ukraine. The Washington Post reported on Monday that Russians with smart TVs saw channel listings replaced with a message implicating them in the ongoing conflict. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” the message read, according to the outlet. “TV and authorities are lying. No to war.”

In addition to smart TVs, the apparent hack targetted some of the country’s largest internet companies, including Yandex. Hackers also went after Rutube, Russia’s alternative to YouTube. “Our video hosting has undergone a powerful cyberattack. At the moment, it is not possible to access the platform,” the service said in a statement it posted on its Telegram channel. Rutube later stated it had isolated the attack and that its content library wasn’t accessed in the incident.

[…]

Source: Hackers deface Russian platforms and smart TVs to display anti-war messages | Engadget

Hackers are now hiding malware in Windows Event Logs

Posted on by

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.

The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.

[…]

The dropper copies the legitimate OS error handling file WerFault.exe to ‘C:\Windows\Tasks’ and then drops an encrypted binary resource to the ‘wer.dll’ (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code.

[…]

Legezo says that the dropper’s purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 – ‘AB’ in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager.

“The dropped wer.dll is a loader and wouldn’t do any harm without the shellcode hidden in Windows event logs” – Denis Legezo, lead security researcher at Kaspersky

The new technique analyzed by Kaspersky is likely on its way to becoming more popular as source code for injecting payloads into Windows event logs has been available in the public space for a brief period.

[…]

Source: Hackers are now hiding malware in Windows Event Logs

BIG-IP iControl REST vulnerability offers root commands

Posted on by

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

Security Advisory Status

F5 Product Development has assigned IDs 1033837, 1051561, and 1052837 (BIG-IP) to this vulnerability. This issue has been classified as CWE-306: Missing Authentication for Critical Function.

Source: BIG-IP iControl REST vulnerability CVE-2022-1388