The Late Races To Watch On The Biggest Primary Day Of 2018

Because the election gods know how to build drama, the later a state’s polls close on Tuesday night, the more exciting its primaries seem to be. While the primaries profiled in Part I of this week’s election preview are somewhat tame, things start to get interesting at 9 p.m. Eastern, really heat up at 10 p.m. and finally culminate with California at 11 p.m. (California is the subject of Part III in this series).

Malicious Post-Exploitation Batch File, (Tue, Jun 5th)

Here is another interesting file that I found while hunting. It is a malicious Windows batch file (.bat) which helps to exploit a freshly compromised system (or… to be used by a rogue user). I don’t have a lot of information about the file origin, I found it on VT (SHA256: 1a611b3765073802fb9ff9587ed29b5d2637cf58adb65a337a8044692e1184f2)[1]. The script is very simple and relies on standard windows system tools and external utilities downloaded when neede.

Here is an overview of the available options. This should give you a good overview of the batch capabilities:

Exploitation - Add User Account - Show/hide User Account - Enable Telent Service - Enable Psexec Service - Enable Remote Desktop Service - Remote Login bypass backdoor (setch.exe or utilman.exe) - EternalBlue - MS1710-Psexec Backdoor - Meterpreter - Cmd_shell - Vnc_Powershell - Winvnc - JRrat - Download/Execute ps1_script - Download/Execute - Post_exploits_script command shell - Persis - Ammyy Admin Trojan - Radmin Gather - Mimikatz - Mimikittenz - Hashdump - Wifi Password Dump - Sherlock (Local privilege escalation vulnerabilities Scanner) - Chrome Passwd Dump - Firefox Passwd Dump - Powerup (Vulns Founder) - Get System info - Get IPAddress - Arp Scan - Port Scanner - Get Shares List - Get Net View - Netstat - Get Process - Scan MS17-010 Vulnerablity - MS1710-Psexec_Scanner - Port Forword Privsec - MS11-046 - Invoke-BypassUAC - Invoke-WScriptBypassUAC - Invoke-MS16032 - Invoke-MS16135 - Invoke-EventVwrBypass - Invoke-EnvBypass - Invoke-FodHelperBypass - Invoke-SDCLTBypass - Invoke-PsUACme - UAC-TokenMagic - EventVwrBypass (Win=7,8,8.1,10) Tools - Install Python27 - Install Ruby187 Proxy Tunnel - Setup Proxy Tunnle - Delete Proxy Tunnle - Show All Proxy Tunnle Update

App developers get their wish with expanded support for free trials

A group of Apple developers recently banded together as a group called “The Developers Union” in order to plead with Apple, en masse, to allow them to offer free trials of their apps to end users. While not a traditional union with dues, it represented the first time a large group of developers pushed back at Apple’s control of the App Store’s policies. Today, it seems, the developers are having their voices heard.

Automation Getting By reCaptcha

Google’s reCaptcha used to identify human customers can be subverted by automation through HTTP parameter pollution according to security researcher Andres Riancho who discovered the problem. Ryan Wilk, VP of Customer Success at NuData Security commented below.

Apple Unveils macOS 10.14 Mojave With Dark Mode and Finder Photo Tools

Alongside iOS 12, at its developer conference WWDC on Monday, Apple also unveiled macOS 10.14 — named “Mojave” — the upcoming software update for the company’s laptop and desktops lineups. The headline feature of macOS 10.14 is dark mode, a feature that people who work during late hours might appreciate. VentureBeat: A new Mojave feature called Dynamic Desktop can subtly change the desktop throughout the day, morning, afternoon, and evening. There’s also Desktop Stacks, which can automatically clean up a messy desktop by arranging desktop contents into stacks based on content, date, or tag. Gallery View in the Finder lets you see content in a Photos-like display, including full metadata from cameras that can appear in an optional second sidebar; you can rotate photos and do basic automation of Actions within the Finder. The macOS screenshot creation tool has been expanded, as well, to enable instant creation of screengrabbed videos from current screen content.

Continuity has been expanded with Continuity Camera, leveraging your phone’s camera to instantly add photos and scans to programs that request them. It also includes a Mac version of the Apple News aggregation app that debuted on iOS two years ago, including the Stocks feature and new sidebar that were shown off for the updated iPad version of News earlier in the Keynote. Voice Memos is also being brought to the Mac, as is Home, the HomeKit app from iOS. Apple also announced a collection of heightened security features for macOS, including protection by default of camera access, microphone access, your mail database, message history, and other private data.

YC looks to help more of its companies lock down Series A funding

Y Combinator, the popular startup accelerator program, has never been shy about experimenting. Now, in its latest trial, the outfit is launching what it’s calling a Series A program. The idea is to help alums that maybe picked up seed funding after one of YC’s famous Demo Day presentations but that could use some help thinking through how much to raise in Series A funding, and from whom.

SB18-155: Vulnerability Summary for the Week of May 28, 2018

1000ch — dwebp-bin

  dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. 2018-06-01 not yet calculated CVE-2016-10633
MISC

aerospike — aerospike-client-nodejs