And the next stop is – root privileges!

May 23, 2022

And the next stop is – root privileges!

Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an attacker to elevate privileges to “root” on many Linux desktop endpoints.

Nimbuspwn takes advantage of the D-Bus functionality and two vulnerabilities found in the networkd-dispatcher (“CVE-2022-29799” and “CVE-2022-29800”), which include directory traversal, symlink race, and TOCTTOU race condition issues, that could be leveraged to elevate privileges and deploy malware or carry out other malicious activities.

In this unit, you will deep dive into the technicalities behind these vulnerabilities, examine the networked-dispatcher’s execution flow identified by Microsoft’s researchers, analyze the full attack flow and discuss mitigation procedures to defend your organization.

Project,Manager,And,Computer,Science,Engineer,Talking,While,Using,A

Past campaigns

images

Ivanti’s Zero-day Predicament

In January 2024, a critical zero-day exploit sent shockwaves through the cybersecurity landscape. Attackers targeted Ivanti products, exploiting a combination of vulnerabilities that had been […]

Read More
images

Operation Triangulation

Kaspersky’s discovery of “Operation Triangulation”, a complex cyber-attack leveraging multiple iOS vulnerabilities, has rocked the cybersecurity landscape. This unit delves into Operation Triangulation’s attack chain, […]

Read More
images

QuasarRat with DLL Sideloading

Quasar is a remote administration tool that allows administrators to connect to and manage remote computers. Over the years, threat actors have modified Quasar to […]

Read More
images

Scattered Spider

Scattered Spider is a newly discovered threat actor that targets large players in the business enterprise sector. In September of 2023, the group launched a […]

Read More
images

QuiteRat

The Lazarus Group, a well-known cybercrime group from North Korea, has carried out sophisticated and large-scale attacks over the years. Its high-profile attacks have gained […]

Read More
images

APT40

Our latest Campaign of the Month, “APT40”, offers a deep dive into this sophisticated and malicious cyber espionage group, covering key topics and areas related […]

Read More
images

Horabot

The Horabot botnet is a sophisticated threat that has been active for over two years, primarily focusing on targets in the Americas. It uses a […]

Read More
images

The MOVEit Transfer Vulnerability

Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]

Read More
images

Apt35

APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]

Read More
images

Outlook – Out

In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]

Read More
images

Beep Malware

Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]

Read More
images

ChatGPT

ChatGPT: The Hacker’s New Best Friend? Frequently in the news, ChatGPT has become the fastest-growing consumer application in history. The Artificial Intelligence (AI) tool is […]

Read More
images

Agent Tesla

Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]

Read More
images

AWS Lambda

AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]

Read More
images

Adversary in the Middle

Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]

Read More
images

Exchange ProxyNotShell Vulnerability

In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]

Read More
images

Shikata-Ga-Nai

Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely […]

Read More
images

GoWebfuscator

In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]

Read More
images

Cuba Ransomware

“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]

Read More
images

ChromeLoader

ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]

Read More
Magniber via fake Windows updates

Magnibar via Fake Windows Updates

Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]

Read More
Brute Ratel C4

Brute Ratel C4

On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]

Read More
BluStealer

BluStealer

BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses […]

Read More
Matanbuchus_screenshot

Matanbuchus – malware-as-a-service

Matanbuchus is a malware-as-a-service that first surfaced back in 2021 but has since resurfaced; threat researchers recently discovered a malicious phishing campaign that spreads the […]

Read More
shutterstock_1972278728 1

Symbiote Malware

Intezer and the BlackBerry Research and Intelligence Team recently published their comprehensive research on Symbiote, a highly evasive Linux malware. Appropriately named after the biological […]

Read More
Cyberbit-Ransomware-COTW

Conti – Ransomware as a service program

Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]

Read More
Video-Thumbnail (002)

Interview – BCC Grupo Cajamar – ICL

Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]

Read More
Jester Stealer

Jester Stealer – the clown that will make you cry.

Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]

Read More
ransomware-readiness-banner

The End of TrickBot

The malware of many tricks and no treats In 2016, the threat group Wizard Spider developed TrickBot – a highly modular banking trojan believed to […]

Read More