New PoC exploit for unpatched Windows 0-day vulnerability
Google Project Zero security researcher Maddie Stone discovered that Microsoft's June patch did not fix the CVE-2020-0986 vulnerability, and it can still be exploited with some adjustments. The original problem gave the attacker control over the src and dest pointers to the memcpy function and allowed privilege escalation to the kernel level. The identified vulnerability was identified as CVE-2020-17008.
New way to intercept BitLocker master key
Researcher Henri Nurmi at F-Secure demonstrated how to intercept the Windows BitLocker service encryption master key over the SPI bus. The method is based on a well-known architectural feature that is associated with the lack of standard protection of the connection between the central processor and the Trusted Platform Module, which is responsible for storing the key. During the research, the specialist found that the flash chip, which is used to store the firmware microcode, and the TPM chip are located on the same SPI bus. In this case, to decrypt the data on the disk, it is enough to intercept the master key by connecting to the SPI bus.
Growth in the number of attacks using the SocGholish framework
Menlo Labs reported an increase in the number of drive-by attacks using a framework called SocGholish. The malicious tool masquerades as legitimate browser, Flash Player and Microsoft Teams client updates, forcing users to launch a malicious ZIP archive. Hacked sites and legitimate Google Drive and Google Sites resources are used for distribution.