DISC InfoSec blog

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection

Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […]

Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked as CVE-2021-42287 and CVE-2021-42278, can be chained to impersonate domain controllers and gain administrative privileges on Active Directory. Microsoft is now warning […]

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not. Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the code a month ago. So much for […]

Details are scarce so far, but Microsoft is warning Office users about a bug that’s dubbed  CVE-2021-40444 , and described as Microsoft MSHTML Remote Code Execution Vulnerability. The bug doesn’t have a patch yet, so it’s what’s known as a zero-day, shorthand for “the Good Guys were zero days ahead of the Bad Guys with a patch for […]

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. The issues […]

Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates—although Microsoft PR is doing its usual trick of ghosting reporters who ask. This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? That’s a recipe for disaster. Stand by for Redmond to walk this one back in an embarrassing climbdown. In […]

It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into […]

Razer gaming mice come with a buggy installer. It starts automatically when you plug in one of Razer’s devices. The installer runs as SYSTEM. And it lets you start a shell—which also runs as SYSTEM. A classic elevation-of-privilege bug. And one that’s incredibly simple to exploit. Déjà vu? It’s like PrintNightmare all over again. In today’s SB Blogwatch, we point the fingers […]

Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They received no test credentials, configuration details, or other information about the machine. They were not only able to get into the BitLocker-encrypted computer, […]

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him. […]

Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping. As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. […]

An open-source application called WhyNotWin11 acts as a better drop-in replacement for Microsoft’s PC Health Check app to determine if your hardware is compatible with Windows 11. This week, Microsoft announced that the next version of Windows is Windows 11 would be the next version of Windows and that it would be released as a free upgrade […]

Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166. The flaw could be exploited by an unauthenticated attacker by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This stack is […]

A Pass the Hash (PTH) attack is a technique whereby an attacker captures a password hash as opposed to the password itself (characters) thereby gaining access (authentication) to the networked systems. This technique is used to steal credentials and enable lateral movement within a network. In a Windows environment, the challenge-response model used by NTLM security is abused to enable a malicious […]

Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent. According to the expert, the vulnerability only impacts consumer accounts. The vulnerability is related to the possibility to launch a bruteforce attack to guess the seven-digit security code that is sent […]

Paired longevity solutions in hardware and software There is a solution to both these issues – durability and security. Rugged devices are designed specifically for your hardworking enterprise operations. They integrate seamlessly into UEM and MDM platforms, can be trained to only engage with secure networks, and can be geofenced to turn themselves into expensive […]

Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords. The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division […]

There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code execution is where otherwise innocent-looking data that’s sent in from outside your network can trigger a bug and take over your computer. Bugs that make it possible for booby-trapped chunks […]