Database Archives - TuxCare

New ‘GIFShell’ Attack Technique Exploits Microsoft Teams GIFs

A new ‘GIFShell” attack technique exploits bugs and vulnerabilities in Microsoft Teams to abuse legitimate Microsoft infrastructure, execute malicious files, execute commands, and exfiltrate data.

According to Bobby Rauch, the cybersecurity consultant and pentester who discovered the hidden vulnerabilities, the “GIFShell” technique allows attackers to create a reverse shell that transmits malicious commands via base64 encoded GIFs in Teams. The outputs are then exfiltrated through GIFs retrieved by Microsoft’s own infrastructure.

To create the reverse shell, attackers need to convince a user to install a malicious stager that executes commands and uploads command output via a GIF URL to a Microsoft Teams web hook.

Microsoft Teams vulnerabilities exploited by the malware include Microsoft Teams security controls bypass which allows external users to send attachments to Microsoft Teams users.

The malware also modifies sent attachments to allow users to download files from an external URL instead of the generated SharePoint link. It forges attachments from Microsoft Teams to appear as harmless files, but instead downloads a malicious executable program or document. It uses insecure URLs to allow SMB NTLM hash theft or NTLM relay attacks.

Microsoft supports sending HTML-based 64-encoded GIFs, but does not scan the byte content of these GIFs. This allows malicious commands to be delivered within a normal-looking GIF. Since Microsoft stores Teams messages in a parsable file located locally on the victim’s machine, it can be accessed by a less privileged user.

Microsoft servers fetch GIFs from remote servers that allow data exfiltration via GIF file names.

The sources for this piece include an article in BleepingComputer.

Steps to Recover Lost and Deleted Data in Linux

Losing files can generally be a painful experience, especially when it comes to a lot of vital information and Linux users are not exempted. Often, when these files are deleted, they cannot be recovered because people do not have the technical know-how to deal with them.

It is however possible to recover files. To recover deleted or lost files, illustration is needed. For example, a file ‘linuxshelltips’ on removable media (/dev/sdb5) on our Linux system at (/media/dnyce/117137A85FFD287C) partition was deleted and needs to be restored.

It is possible to recover deleted files in Linux with TestDisk Data Recovery Tool. Not only is the tool effective in recovering lost data, it can also be used to restore corrupted file systems in a Linux environment.

TestDisk Data Recovery Tool can be installed on major Linux distributions. Once installed, it is important to switch to the root user account and start TestDisk and press [Enter] on the highlighted option that says “Create a new log file.”

Once the action has been taken, users will receive a list of all the hard disk devices present on their systems. They can then navigate to the device from which they want to recover their lost data.

The next action is to use the keyboard arrow keys and navigate to the [Proceed] menu option at the bottom of the drive list.

Although TestDisk tends to highlight the most practical option, users are advised to select the default option for the partition table by pressing [Enter] on the keyboard, then clicking on the [Advanced] option and pressing [Enter] on the keyboard.

After that, users can navigate to the partition option, which displays the [Undelete] option at the bottom of the terminal window, and press [Enter] on their keyboard.

After the action, the deleted linuxshelltips file is restored.

Users who wish to recover more than one file are advised to use the keyboard key [a] to select/deselect them. To copy multiple selected files, it is recommended to use the keyboard key [c].

The sources for this piece include an article in Linuxshelltips.

PostgreSQL Database: A Black Hole for You, A Goldmine for Someone Else

Cyberattacks come in all shapes in sizes. At times, the attacker’s express intent is to disrupt, or to steal something valuable. At other times, an attacker is trying to achieve a goal that is not necessarily intended to cause your organization any harm.

Sometimes malware simply sits on your computing infrastructure, quietly performing its job without immediately causing obvious damage – but it still drains your resources, essentially acting as a black hole. This type of malware will cost you a ton of money, but it also risks significant reputational damage.

In this article we will cover cryptojacking which involves a sneaky bit of malware that you might never notice is there – but that’s going to cost you anyway. Worse, this malware is hiding in one of the most unlikely locations: your SQL database.

Continue reading “PostgreSQL Database: A Black Hole for You, A Goldmine for Someone Else”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching