Share this page!

BleepingComputer Profile picture
Twitter logo
4 Aug, 4 tweets, 2 min read
New Cobalt Strike bugs allow takedown of attackers’ servers - @serghei
bleepingcomputer.com/news/security/…
@serghei SentinelLabs found the DoS vulnerabilities tracked as CVE-2021-36798 and dubbed Hotcobalt in the latest versions of Cobalt Strike's server.

bleepingcomputer.com/news/security/…
The Hotcobalt bugs can be exploited by registering fake beacons which help crash Cobalt Strike C2 servers, blocking C2 comms and new beacon deployments.

Law enforcement and researchers can also use Hotcobalt to take down malicious infrastructure.

bleepingcomputer.com/news/security/…
SentinelLabs has disclosed the Hotcobalt vulnerabilities to CobaltStrike's parent company HelpSystems on April 20, who addressed them in Cobalt Strike 4.4, released earlier today.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with BleepingComputer

BleepingComputer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BleepinComputer

BleepingComputer Profile picture
2 Aug
BlackMatter ransomware pretending they are not DarkSide.

Interesting read.
therecord.media/an-interview-w…
As a refresher.
bleepingcomputer.com/news/security/…
Read 4 tweets
BleepingComputer Profile picture
2 Aug
Windows PetitPotam attacks can be blocked using new method - @LawrenceAbrams
bleepingcomputer.com/news/microsoft…
Last month, @topotam77 discovered a new unauthenticated vector in the Microsoft Encrypting File System Remote Protocol (EFSRPC) API to perform Windows NTLM relay attacks.
bleepingcomputer.com/news/microsoft…
It was quickly illustrated how easily these attacks could be conducted to take over a Windows domain.
Read 6 tweets
BleepingComputer Profile picture
20 Jul
New Windows 10 vulnerability allows anyone to get admin privileges - @LawrenceAbrams
bleepingcomputer.com/news/microsoft…
@LawrenceAbrams Security researcher @jonasLyk is the one who discovered that Windows 10 and Windows 11 Registry files associated with the Security Account Manager (SAM) are accessible to users with low privileges.
Mimikatz creator @gentilkiwi told BleepingComputer that anyone can easily steal an elevated account's NTLM hashed password to gain higher privileges by taking advantage of the incorrect file permissions.

vimeo.com/577234015
Read 5 tweets
BleepingComputer Profile picture
18 Jul
New Windows print spooler zero day exploitable via remote print servers - @LawrenceAbrams
bleepingcomputer.com/news/microsoft…
@LawrenceAbrams There's a new printer-related zero-day vulnerability that could let hackers gain administrative privileges on vulnerable Windows machines.

It was disclosed publicly by @gentilkiwi and can be exploited through a compromised remote print server
@LawrenceAbrams @gentilkiwi The exploit uses the 'Queue-Specific Files' feature of the Windows Point and Print capability.

Hackers can use it to download and run a malicious DLL with SYSTEM privileges when a client connects to the compromised remote print server
Read 4 tweets
BleepingComputer Profile picture
16 Jun
Scammers mail fake Ledger devices to steal your cryptocurrency - @LawrenceAbrams
bleepingcomputer.com/news/cryptocur…
Ledger hardware wallet owners are receiving packages containing what appears to be new Ledger devices in convincing packaging.
The enclosed poorly written letter explains that the device was sent out after the customer's information was posted on the RaidForums hacking forum.
bleepingcomputer.com/news/security/…
Read 9 tweets
BleepingComputer Profile picture
16 Jun
Ukraine arrests Clop ransomware gang members, seizes servers - @serghei
bleepingcomputer.com/news/security/…
The National Police of Ukraine says the Clop gang is behind financial damages of $500 million.

Clop's Tor payment and data leak sites are still operational, so it looks like the Clop ransomware operation has not been completely shut down at this time.

If you're curious why Korean police were involved in the investigation:

bleepingcomputer.com/news/security/…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @BleepinComputer has new unrolls!

Check out other threads from @BleepinComputer!

Read all threads by @BleepinComputer

:(