Australian police can now hack your device, collect or delete your data, take over your social media accounts – all without a judge’s warrant.

The Australian government has been moving towards a surveillance state for some years already. Now they are putting the nail in the coffin with an unprecedented surveillance bill that allows the police to hack your device, collect or delete your data, and take over your social media accounts; without sufficient safeguards to prevent abuse of these new powers.

Researchers from Sector 7, part of Computest, pulled off an impressive hack at Pwn2Own, achieving an RCE via the Zoom client. The caveat is that the attacker has to be accepted as a contact, either manually, or through being in the same organization. The central vulnerability is CVE-2021-30480, a heap buffer overflow

Citizen Lab has released an outside review of Amnesty International’s work on the NSO Group’s Pegasus Spyware program.

Long-term Windows Defender Bypass

The research group, APTortellini has published their guide to defeating Windows Defender. A few commenters on this particular write-up scoffed at the first step, elevating to SYSTEM. You might even wonder, what’s the point if you’ve already compromised a machine to the point of being root? Getting SYSTEM access is only the beginning for an actual malicious campaign. This research is all about how to nullify Windows Defender without actually disabling it.

The first thing to know is that modern Windows systems have adopted quite a few elements from Unix, with the Windows legacy stuff bolted on top. To make that point clear, note that a Windows 10 C: drive is actually located at \Device\HarddiskVolumeX, with a series of symbolic links to make the C: notation work. One of those links is \SystemRoot, which by default points to \Device\BootDevice\Windows. Even for SYSTEM, that link can’t be modified, but it can be deleted and recreated. That particular path happens to be part of where Windows Defender looks to load its back-end driver, WdFilter.sys.

https://news.ycombinator.com/item?id=28305394

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible.

Referred to as ChaosDB, the security hole was publicly disclosed last week by researchers with the cloud security firm Wiz. Microsoft had been notified of the issue roughly one week before, and immediately took the necessary steps to address it.

Residing in the Jupyter Notebook feature of Cosmos DB, the bug could have been exploited to obtain valid credentials that would have allowed for the takeover of Cosmos DB accounts, with full administrative rights.

An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws.

The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.

The security holes were reported to the vendor, through CISA, in April, but they have yet to be patched. CISA says patches are expected to become available on September 15. In the meantime, organizations using the affected product have been advised to implement mitigations to reduce the risk of exploitation.

DIAEnergie vulnerabilitiesHeinzl told SecurityWeek that the eight DIAEnergie vulnerabilities disclosed last week are just some of the issues he reported to the vendor. The remaining flaws will be disclosed at a later date.

https://awesec.com/advisories.html

American Living in Turkey Takes Credit for T-Mobile Hack

T-Mobile’s CEO and an individual who claims to be behind the recent hacking of the mobile carrier’s systems have shared some information about how the attack was carried out.

In a statement issued on Friday, Mike Sievert, CEO of T-Mobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to the criminal investigation conducted by law enforcement. He did, however, share a high-level summary of the attack.

“What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” he said. “In short, this individual’s intent was to break in and steal data, and they succeeded.”