Microsoft Patches Windows Vulnerabilities Including (CVE-2018-8611) Kernel Transaction Manager Allowing Elevated Privilege

Microsoft released several year-end December, security updates to patch a total of 39 vulnerabilities in its Windows operating systems and applications—10 of which they rated as critical including (CVE-2018-8611.)

The flaw affects almost all versions of Windows operating system—Windows 7 through Server 2019.

The exploit originally discovered and reported by security researchers at Kaspersky, allows for a zero-day attack exploitation of elevation of privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe.) Exploiting the Windows Kernel could then allow malicious programs to execute their own subjective code with higher privileges on any targeted vulnerable systems.

“This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox,” Kaspersky said.

“Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers.”

Another important publicly known vulnerability known as CVE-2018-8517, which is a denial-of-service bug in web applications was also fixed in the update.

“The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” Microsoft explains.

Microsoft also patched 10 critical and 29 important vulnerabilities affecting a range of its products, including — Windows, Edge, Internet Explorer, ChackraCore, Office,  Microsoft Office Services and Web Apps, and the .NET Framework responsible for a number of applications.

Users and system administrators alike are strongly recommended to apply the latest security patches as prompted to update, to not risk becoming a slave for a hacker’s botnet. Unless of course, you want to opt for being a target of a hacker or group of hackers.

Then by all means, please keep your system software outdated with these vulnerabilities present including the Kernal bug. Which hackers are going to have a field day with that bug present, just remember you the reader are responsible for all your actions with this information and this is just security education.

For installing the latest security patch updates, go to Settings → Update and Security → Windows Update → then Check for updates, on your computer system or you can install the updates manually.

 

Anonymous Attacks French Government, AnonOps #OpFrance Owner “AnonKiller” Exposed Logging IPs

Anonymous has declared war on the French government after protests have resulted in the bloodshed of protesters. While, one of the main admins named “AnonKiller” on Anon Ops IRC #OpFrance, has been exposed logging IPs in the channel.

Accounts associated with Anonymous, have been seen on Twitter attacking the French government resulting in several cyber attacks including database hacks and DDoS attacks of the French government in support of the Yellow Vests protesters on the ground. Dozens of hacktivists are participating in the operation against the French government codenamed #OpFrance.

A press release for the Anonymous operations against France can be seen below acquired from Anon Files.

According to a thread on Twitter by the same account that posted a hack of Ministry of Defense officials, known to be associated with Anonymous operations CgAn_Doemela, an anon going by “AnonKiller’ is being accused of being a snitch for logging IPs inside IRC.

Although, AnonKiller argues that it’s because the far-right “demos” (demosophy) is involved in the operation against France and the “extreme right cannot reflect the image of Anon.” Others are calling the user a potential informant or provocateur within the collective.

IRC LOGS according to CgAn_Doemela:

**** BEGIN LOGGING AT Sat Dec  8 20:47:11 2018
Dec 08 20:47:11 *        Now talking on #opfrance
Dec 08 20:47:11 *        Topic for #opfrance is: www.facebook.com/AnonFr2.0 // www.anonops.fr // www.twitter.com/AnonFrOfficiel // Nous dementons toute opération dite en notre nom en soutient au mouvement des gillets jaunes!
Dec 08 20:47:11 *        Topic for #opfrance set by anonkiller (Fri Dec  7 09:10:52 2018)
Dec 08 20:48:19 <anonkiller>        hello because this group is orchestrated by the demos, just look at what is being finished
Dec 08 20:48:53 <anonkiller>        the extreme right can not reflect the image of the anon
Dec 08 20:49:17 <anonkiller>        this group is orchestrated by demosophy
Dec 08 20:50:29 <Cogitabundus>        You do realize that calls into question your capacity to run a channel.
Dec 08 20:50:40 <Cogitabundus>        Since we’ve very anti-IP harvesting.
Dec 08 20:50:47 <cookie>        article from 2015 mind you
Dec 08 20:51:29 <anonkiller>        they were identified behind telegram channels and other media
Dec 08 20:53:05 <anonkiller>        I removed the post for ip but you can inquire there demosophy well behind
Dec 08 20:59:05 <anonkiller>        you can also look at their pads, the consistency of the sites listed relative to the target that was determined
Dec 08 20:59:48 <cookie>        so you’re attacking anons because you don’t agree with the targets?
Dec 08 21:01:33 <anonkiller>        no because the extreme right is behind
Dec 08 21:01:54 <anonkiller>        extreme right it’s not anon
Dec 08 21:02:25 <Cogitabundus>        What’s Anon or not isn’t really something easy to determine.
Dec 08 21:02:34 <cookie>        hmmm they may be trying to hide behind anon. but most of those target were chosen by legit anons
Dec 08 21:02:36 <Cogitabundus>        When it’s such a loose thing.
Dec 08 21:02:41 <cookie>        its a coordinated attack
Dec 08 21:05:07 <anonkiller>        legitimate people yes because at the beginning we also help the yellow vests but since the movements of etreme was behind many of their groups, it was released, the fight is part of a fair cause but was diverted and become dangerous
Dec 08 21:05:37 <anonkiller>        I would stay out if you want to do this operation go there but I do not care
Dec 08 21:06:06 <anonkiller>        I prefer to track terrorism, which is a priority for me
Dec 08 21:07:54 <cookie>        so to you the anons on cgan are terrorists?
Dec 08 21:09:14 <anonkiller>        I did not say that
Dec 08 21:09:44 <cookie>        you say you prefer tracking terrorism
Dec 08 21:09:47 <anonkiller>        I said that I do not interfere anymore and that I went back to track terrorists like daesh
Dec 08 21:09:50 <cookie>        and you have screenshots from cgan
Dec 08 21:10:39 <anonkiller>        yes i have a nice screenshot where they talk about demosophy ..
Dec 08 21:11:34 <anonkiller>        but carrefour and saint gobain are government sites for you?
Dec 08 21:12:57 <cookie>        well anyone could make a pad. just because someone is spamming a pad in a channel doesnt mean it is an official target
Dec 08 21:13:07 <cookie>        we keep official things in official/hidden chans
Dec 08 21:16:39 <cookie>        well i gtg more stuff for op; also anonkiller if i find out you’re working with @zataz or @Damien_Bancal for some counter intel shit or for the FR gov. I will stop at nothing to financially fuck you then maybe drop your info for some local angry protestors to pay you a visit. 🙂 dont fuck with Anons kkbye
Dec 08 21:16:47 *        You have left channel #opfrance (Leaving)
**** ENDING LOGGING AT Sat Dec  8 21:16:47 2018

Meanwhile, the user’s Twitter account identified as @AnonOfFrance is calling on Anons to join their discord, which should be done at the sole discretion of the user. While it’s noted that Discord doesn’t log IPs if you choose to enter the server, be aware that malicious users could send – files, [if it’s enabled on the server] Ip logging links such as setup honeypots or use services that allow Ip tracking.

Stay safe, use proper OpSec and make sure you are behind a VPN, spoof your mac address and use TOR and a safe DNS, all that jazz. Remember you are responsible for your own actions. Sail safe.

Hacker Hacks 50,000 Printers For Save PewDiePie Campaign Exposing Dangerous Of Printer Vulns

A bored young hacker known online on Twitter as TheHackerGiraffe has exposed vulnerabilities that could be potentially dangerous for networked printers.

TheHackerGiraffe exploited vulnerabilities in security protocols for internet-connected devices using Shodan to hack into 50,000 exposed printers as part of the “Save PewDiePie” campaign.

According to TheHackerGiraffe, PewDiePie’s world-famous YouTube channel with more than 19 billion views over five years — is set to be distracted by Indian music production channel T-series.

On Sunday, T-Series’ subscriber count came within less than 50,000 of surpassing PewDiePie.

So rather than allow that to happen as a troll, TheHackerGiraffe decided to search Shodan,  a search engine built specifically to find vuInternet-connected devices. Which resulted to his amazement in 800,000 vulnerable printers. Then TheHackerGiraffe downloaded PRET, a tool that would allow him to access files, damage the printer access the internal network and view the printer’s memory.

In a thread, on Twitter, he described his shock at discovering what PRET would allow him do to the printers.

TheHackerGiraffe said:

“PRET had the scariest of features. Ability to access files, damage the printer, access the internal network; things that could really cause damage. So I had to do this, to at least help organisations and people that can protect themselves.”

In the Twitter thread, TheHackerGiraffe revealed that while looking at ways to apply support for PewDiePie (without the streamer’s knowledge or permission of hacking 50,000 printers), he decided to carry out his own guerilla printing campaign using the vulnerable internet-connected printers.

Rather than damage the printers as a blackhat might do for fun, TheHackGiraffe decided to just use his access to print out flyers from the vulnerable printers and print out a message urging people to subscribe to PewDiePie’s channel. He also urged the unsuspecting civilians to unsubscribe from T-Series if they were, with the Youtuber’s signature “brofist” cavitate.

In a video he posted himself about the fight to retain his crown, PewDiePie whose real name is Felix Kjellberg – said he enjoyed the support.

“All of this support to keep me on top is so funny. I love it. Please keep it up,” PewDiePie said.

“But don’t do anything illegal OK… because that will look bad on me,” he added.

TheHackerGiraffe interviewed with The Verge in which he stated what was possible due to the vulnerable printers he found. Which as of this writing is still 800,000 printers.

“Hackers could have stolen files, installed malware, caused physical damage to the printers and even used the printer as a foothold into the inner network,” they said.

“The most horrifying part is I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes”, the Hacker told the technology news website TheVerge.

Now imagine what’s possible, if your printer is vulnerable due to open ports, all types of information could be stolen directly from the printer’s memory, malicious software could be installed to log everything printed and much more. The Moral of the story is obviously close your ports. Lucky for victims of this printing campaign the hacker didn’t have a malicious intent.