27 DDoS-for-hire platforms shut down. Bypassing browser isolation with QR code based c2. A new round of MITRE vendor competition/evaluation.  

News

Hi folks,

Greetings from a rather bleek autumn day in The Netherlands! I hope you get to read this while drinking a nice cup of warm tea, tonight or tomorrow.

We're a day early, I got some other work lined up for tomorrow (including studying for a re-exam, damned). But first I'm catching up with a friend tonight, and then catching up with a re-run of The Expanse :-)

Enjoy the read!

Dieter

Operation PowerOFF shuts down 27 DDoS-for-hire platforms

Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, arrested three administrators, and identified 300 customers of the platforms. Nice job!

bleepingcomputer.com

QR codes bypass browser isolation for malicious C2 communication

Some malware uses the browser on the compromised machine to retrieve commands from outside command and control (c2) servers.

However, more organisations are using browser isolation, where the actual browser requests are executed on a remote device, and you only get to see the rendered result (I suppose it's somewhat like an RDP session).

Attackers are now trying to work around this by returning responses from their c2 servers in QR code format, and using a headless browser on the compromised machine to read the rendered output. Nifty.

bleepingcomputer.com

Latest round of MITRE ATT&CK evaluations complete

These are always very interesting. It's a sort of competition between EDR vendors where they all get the same attacks thrown at them and we see which performs best.

This year the tests included two ransomware variants, and also incorporated macOS for the first time as a target system.

Really valuable to dig in to if you're shopping for a new EDR vendor, or want to see where yours falls short. You can find the results themselves here.

cyberscoop.com

Quick stories

  • AMD’s trusted execution environment blown wide open by new BadRAM attack: link.
  • Chinese hackers use Visual Studio Code tunnels for remote access: link.
  • SEC cyber incident reporting rule generates 71 filings in 11 months: link.

Breaches and leaks

  • Anna Jaques Hospital ransomware breach exposed data of 300K patients: link.
  • US subsidiary of global water treatment firm investigating cyberattack: link.
  • Ransomware attack hits leading heart surgery device maker: link.
  • Romanian energy supplier Electrica hit by ransomware attack: link.
  • Krispy Kreme online ordering disrupted by cyberattack: link.
  • Blue Yonder SaaS giant breached by Termite ransomware gang: link.
  • Ultralytics AI model hijacked to infect thousands with cryptominer: link.
  • Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed: link.

Issues and fixes

  • Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws: link.
  • New Windows zero-day exposes NTLM credentials, gets unofficial patch: link.
  • Critical flaw in Cleo file-transfer software is under mass exploitation: link.
  • OpenWrt Sysupgrade flaw let hackers push malicious firmware images: link.
  • Ivanti warns of maximum severity CSA auth bypass vulnerability: link.
  • WPForms bug allows Stripe refunds on millions of WordPress sites: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.