Today in the TOP-3 news from Jet CSIRT - research of the sensational ransomware DarkSide, the publication of a PoC exploit for the CVE-2021-31166 vulnerability in Windows IIS and critical vulnerabilities in Mercedes-Benz. The top three news items were collected by Andrey Maslov, Jet CSIRT analyst at Jet Infosystems. Read more under the cut.
Fortinet experts publish research on DarkSide ransomware
FortiGuard Labs, threat researchers, have published a research report on one of the versions of the DarkSide ransomware. A distinctive feature of this version is the disk partition search function, which allows you to assess whether the target system is multiboot.
If the answer is yes, DarkSide looks for additional volumes and partitions with files suitable for encryption, which can cause greater damage to the victim's infrastructure.
In addition, the new version of the malware is able to find Active Directory domain controllers on the network and connect to them via LDAP.
PoC exploit for CVE-2021-31166 vulnerability in WindowsIIS published
Security researcher Alex Suchet has posted a Proof of Concept for CVE-2021-31166 vulnerability in Windows IIS server. The vulnerability is related to memory corruption in the HTTP protocol stack.
CVE-2021-31166 received a score of 9.8 on the CVSSv3 scale. At the same time, there are a number of factors that reduce the risk. For example, only the latest versions of Windows Server 2016 (2004 and 20H2) and Windows 10 (2004 and 20H2) are affected.
Critical vulnerabilities found in Mercedes-Benz vehicles
Security researchers from the Tencent Security Keen Lab found five vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system. Four out of five vulnerabilities are critical and allow remote code execution. In addition, the specialists were able to identify a number of problems in the head unit of the car: a heap overflow vulnerability, the ability to configure a remote shell and a vulnerability in the Linux kernel that allows you to elevate privileges.