Risky Business #666 -- The msdt RTF of DOOM
Podcast: Risky BusinessPublished On: Tue May 31 2022
Description: On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube
The note was deleted
The note was saved
Your message was sent