| WORK | https://www.bleepingcomputer.com/author/sergiu-gatlan/ |
| Website | https://serghei.ro/ |
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future.
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials.
In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims.
In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims.
The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks.
GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.
The Nightmare-Eclipse repo clearly credits James Forshaw with the CVE-2020-17103 vulnerability that MiniPlasma is based off of.
Did Nightmare-Eclipse modify MiniPlasma to use a variant of CVE-2020-17103 that still works on modern Windows, which surely contains the fix?
NO. MiniPlasma IS the poc from the GPZ write-up, but with a minor tweak to do something (LPE).
Why does it work on current Windows?
Well, instead of fixing CVE-2020-17103, they decided to break the PoC instead. And yeah, with Win10 Dec 2020 and Win11 RTM, the GPZ PoC doesn't work.
But somewhere between Win11 RTM and 22H2 (I have neither the VM snapshots nor the patience to determine when exactly), whatever thing Microsoft did to break the CVE-2020-17103 PoC regressed. An because it wasn't a fix, then surely Microsoft had no regression test to detect that the fix was no longer present.
So here we are. MiniPlasma is the GPZ PoC, but modified slightly to achieve LPE by way of Volatile Environment and wermgr.exe instead of creating DEMODEMO in the registry.
Since Microsoft didn't bother fixing CVE-2020-17103, will CVE-2020-17103 simply be updated with the MiniPlasma recognition that it wasn't actually fixed in December 2020? Get real. This will surely get a new CVE, as CVEs are for Microsoft updates, not vulnerabilities. 😂
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command.
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities.
BleepingComputer
Will Dormann
