Windows

FBI Takes Down Qakbot Botnet in “Duck Hunt”

greykeep · September 1, 2023 ·

Qakbot rubber ducky — Photo by Timothy Dykes

The FBI and Justice Department spearheaded an international law enforcement effort to dismantle the Qakbot botnet. The operation, codenamed “Operation Duck Hunt”, involved agencies from the United States, France, Germany, Latvia, the Netherlands, Romania, and the United Kingdom. Hailed as “the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals,” the operation led to the seizure of $8.6 million in illicit cryptocurrency profits.

[Read more…]

Microsoft Now Enabling Windows Kernel Fix for All Users

greykeep · August 15, 2023 ·

Microsoft Windows kernel vulnerability — Photo by Tadas Sar

Microsoft has enabled a fix for a kernel disclosure vulnerability (CVE-2023-32019) that it had disabled in previous Windows updates. The vulnerability, discovered by Mateusz Jurczyk of Google Project Zero, allows an attacker to access the memory of privileged processes to obtain potentially sensitive information.

Microsoft previously provided instructions for administrators to enable the fix by manually editing the Windows registry, noting the “resolution described in this article introduces a potential breaking change.” The warning led to uncertainty for many administrators who held out on deploying the fix out of concern that it would interfere with their Windows installations.

Microsoft has enabled the fix by default in Windows updates wince August 8, 2023.

Security Researchers Repurpose Amazon SSM Agent as a Remote Access Trojan

greykeep · August 4, 2023 ·

Security researchers at Mitiga have discovered a technique for using AWS Systems Manager (SSM) Agent as a remote access trojan (RAT). The technique allows for persistent command and control of a compromised host by an attacker from within another AWS account.

SSM Agent is software that allows administrators to configure, manage, and update AWS resources through the Systems Manager service. It can be installed on a various systems, including Amazon Elastic Compute Cloud (EC2) instances, edge devices, on-premises servers, and virtual machines.

[Read more…]