KrebsOnSecurity RSSOct 8, 2024

Patch Tuesday, October 2024 Edition

https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/

#OpenSSHforWindows;PowerBI;WindowsHyper-V;WindowsMobileBroadband #AdobeSubstance3DPainter #ElasticSecurityLabs #Substance3DStager #NikolasCemerikic #AdobeFramemaker #LatestWarnings #CVE-2024-43572 #CVE-2024-43573 #SecurityTools #ImmersiveLabs #GrimResource #SatnamNarang #VisualStudio #TimetoPatch #Dimension #Lightroom #Commerce #InDesign #Animate #macOS15 #Sequoia #Tenable #InCopy #.NET

Patch Tuesday, October 2024 Edition – Krebs on Security

ITSEC NewsOct 8, 2024
Patch Tuesday, October 2024 Edition - Microsoft today released security updates to fix at least 117 security holes in Wi... https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/ #opensshforwindows;powerbi;windowshyper-v;windowsmobilebroadband #adobesubstance3dpainter #elasticsecuritylabs #substance3dstager #nikolascemerikic #adobeframemaker #latestwarnings #cve-2024-43572 #cve-2024-43573 #securitytools #immersivelabs #grimresource #satnamnarang #visualstudio #timetopatch
Patch Tuesday, October 2024 Edition – Krebs on Security

lazarusholicSep 19, 2024
"从Kimsuky组织msc攻击样本到GrimResource" published by Aliyun. #GrimResource, #Kimsuky, #MSC, #DPRK, #CTI https://xz.aliyun.com/t/15618
Aloïs Thévenot Aug 13, 2024
Will the real #GrimResource please stand up? – Abusing the MSC file format - https://www.outflank.nl/blog/2024/08/13/will-the-real-grimresource-please-stand-up-abusing-the-msc-file-format/ #redteam
Will the real #GrimResource please stand up? - Abusing the MSC file format | Outflank

In this blog post we describe how the MSC file format can be leveraged to execute arbitrary code via MMC (Microsoft Management Console) for initial access or lateral movement purposes. A sample payload that implements this technique was publicly shared recently. This sample was generated using our Outflank Security Tooling (OST) offering and hence we decided to publish additional details on this method and its discovery. Context of this blog post Recently, Elastic released details on a new initial access vector technique leveraging MSC files, which they dubbed “GrimResource”. These files can be used to execute code within MMC (Microsoft Management Console). This technique was researched and developed by Outflank as part of the Outflank Security Tooling (OST) toolkit. The analyzed sample was a payload generated using our In-Phase Builder,Read full post

Outflank
BlueTeamSecAug 13, 2024
Will the real #GrimResource please stand up? - Abusing the MSC file format [/u/digicat] https://www.reddit.com/r/blueteamsec/comments/1erflq1/will_the_real_grimresource_please_stand_up/ #blueteamsec
ottotoJun 26, 2024

#Microsoft #管理コンソール ファイル を悪用する新たな攻撃手法 」: The Hacker News

「脅威アクターは、特別に作成された管理保存コンソール (MSC) ファイルを利用して Microsoft 管理コンソール ( #MMC )を使用して完全なコードを実行し、セキュリティ防御を回避する新しい攻撃手法を悪用して います。

Elastic Security Labs は、 2024 年 6 月 6 日に VirusTotal マルウェア スキャン プラットフォームにアップロードされた アーティファクト (「 sccm-updater.msc 」) を特定した後、このアプローチ に #GrimResource というコードネームを付けました。」

https://thehackernews.com/2024/06/new-attack-technique-exploits-microsoft.html

#prattohome #TheHackerNews

New Attack Technique Exploits Microsoft Management Console Files

Discover GrimResource, a new cyber threat leveraging MSC files for stealthy code execution. Stay informed and protected against this evolving cybersec

The Hacker News
Show thread@infosec_jcp 🐈🃏 done differentlyJun 22, 2024

@GossiTheDog

Ahh, quick, repurposed but quickly logo'd, time! 👉💻☠️ #GrimResource #meme