(Adobe)
Organizations’ networks can be compromised through the new GrimResource command execution attack technique, which involves exploiting Microsoft console save files and a Windows cross-site scripting vulnerability that has been patched since its discovery in 2018, reports BleepingComputer.
The intrusions began with a malicious MSC registry targeting a DOM-based XSS flaw in the “apds. dll” library, which can be used in conjunction with the “DotNetToJScript” strategy to facilitate arbitrary code execution ArrayNET and the eventual deployment of a Cobalt Strike payload. . in the Microsoft Management Console, according to a report from Elastic Security Labs. Continued exploitation of the GrimResource system can make organizations’ formula managers wary of file operations involving memory allocations apds. dll invoked via mmc. exe, RWX mmc, . exe, questionable MCC-based executions, ArrayNET COM objects, and transient objects. HTML records from the APDS XSS redirect, according to researchers at Elastic Security, who also gave YARA regulations to detect suspicious MSC records.
SC Staff June 26, 2024
The intrusions involved tricking targets into downloading an installation binary of a legitimate-looking scam that directly implements the Oyster malware, marking a substitution of the previous use of a compromised loader for the payload.
These fees can simply mean decades in prison for defendants if convicted.
Various latency measurements of YouTube videos viewed through targets are performed through malicious actors to identify virtual footprints before tricking targets into downloading files.
By clicking the Subscribe button below, you agree to SC Media’s Terms and Conditions and Privacy Policy.