Tag Archive for: Admin

Microsoft Windows 10 security warning viral Razer OMG admin hack tweet

/in


Just when you thought things couldn’t get much worse for Windows 10 users after a miserable few weeks of security issues from PrintNightmare through to SeriousSAM and even a potential Windows Hello facial recognition bypass, they only went and did.

A security researcher was so fed up with being ignored when reporting a shockingly simple hack that could give any user admin rights on a Windows 10 computer that he tweeted the zero-day exploit. A tweet that quickly went viral.

Annoyed security researcher discovers simple Windows 10 zero-day

I spoke with the security researcher, who only wants to be known by the Twitter handle of j0nh4t, who told me how the hack came to light. “I noticed the Razer Synapse installer was bundled with ‘driver’ installs via Windows Update,” while using the mouse, j0hn4t says, “I was annoyed by this behavior and decided to take a deeper look.” Unfortunately, what that look revealed was an issue that’s shockingly trivial to exploit.

All it took for anyone to exploit this vulnerability was to plug in a Razer mouse, or the dongle it uses, and then shift-right from the Explorer window opened by Windows Update to choose a driver location and open a PowerShell with complete SYSTEM, or admin if you prefer, rights. And it got worse as an attacker would also be able to use the hack and save a service binary that could be “hijacked for persistence” and executed before the user even logs on during the boot process.

“I think Microsoft should take a look in the mirror on how they manage ‘driver’ updates,” j0nh4t says, whilst appreciating the fine line of balancing user experience and usability involved. “Should Windows Update solely provide drivers so the device works at a minimum level and the user goes out of their way to download additional software?” the researcher says, adding that “this is a somewhat dangerous and interesting attack vector.”

I reached out to Microsoft regarding the privilege escalation issue, and a spokesperson told me, “We are aware of recent reports, and we are investigating the issue. While this issue requires physical access to a targeted device, we will take any necessary steps to help protect customers.”

The exploit…

Source…

Razer to fix Windows installer that grants admin powers if you plug in a mouse • The Register

/in


In brief Razer is working on an updated installer after it was discovered you can gain admin privileges on Windows by plugging in one of the gaming gear maker’s mice or keyboards.

In fact, inserting any USB device that declares itself a Razer mouse or keyboard will lead to an exploitable situation.

As documented late last week by a Twitter user called j0nh4t, if you plug into a Windows 10 or 11 machine a device identified as a Razer mouse or keyboard, Microsoft’s OS will automatically download and run Razer’s installer for the manufacturer’s Synapse software, which can be used to configure the peripheral.

During the installation process, which runs at the System level, you can spawn a Powershell terminal from an Explorer window that runs with these high-level privileges. Thus, you can gain local admin access on a machine, if you can login in somehow and plug in a gadget – useful for penetration testing, at least. It is also possible to tell the installer to use a user-controlled folder to store an executable that is run on every boot, which can be hijacked by a rogue user.

The bug finder said they had no luck in getting Razer’s attention when trying to report these flaws, and after they put a zero-day exploit for the Powershell hole on Twitter, the manufacturer got in touch and offered a vulnerability bounty. A new version of the installer to address these problems is being prepared for release, we’re told. We wonder how many Windows installers have these same weaknesses.

A spokesperson for Razer told us today: “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.

“We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated…

Source…

Ziggy ransomware admin announces refunds for all targeted victims

/in


The administrators of Ziggy ransomware have reportedly decided to lead an honest life and refund the victims of their ransomware attacks. This historic announcement comes a couple of months after the hacker group decided to shut shop and release decryption keys for free.

As admitted by the ransomware’s operators in statements given to the likes of Bleeping Computer and Threatpost, the Ziggy ransomware gang decided to shut shop in February following a string of law enforcement successes against well-established ransomware gangs, notably Emotet and NetWalker. Gripped by the fear of being next, the ransomware gang quickly released an SQL file with 922 decryption keys that could be used by the victims to unlock their files.

Ziggy is an old-fashioned ransomware variant that only encrypts files before putting up a ransom note on targeted systems. Modern ransomware variants also copy data from hijacked files to enable their operators to blackmail victims by threatening to publish stolen files even if the victims successfully decrypt files on their own.

Recently, Bleeping Computer reported that the Ziggy ransomware gang has decided to issue refunds to all victims. All that victims need to do is to send an email to ziggyransomware@secmail[.]pro along with the payment proof and the computer ID. The gang will process the refund to the victim’s bitcoin wallet within two weeks. The admin of Ziggy ransomware also confirmed that the refund will be in Bitcoin at the value on the payment day.

The Ziggy ransomware administrator also told BleepingComputer that they lived in a “third-world country” and had to sell their house off in order to refund the money to their victims. Also, their decision to issue refunds was based on the fear of law enforcement operations targeting their bases. Threatpost received a similar response from the Ziggy admin. “Hello dear. Yes, I’m Ziggy ransomware developer. We decided to return victims’ money because we fear law-enforcement action,” the response read.

Ransomware gangs have made similar promises in the past but it’s best that organisations take their word with a pinch of salt. Last year, after the COVID-19 pandemic engulfed the…

Source…

Systems Admin Arrested for Hacking Former Employer

/in

The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays. 

New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company.

Navarro worked as a human resources systems administrator at the Manhattan branch of the department store from 2012 to October 2019. Through his role, the defendant had access to the company’s data management and timekeeping system. 

The 30-year-old is accused of accessing a network of his former employer from his Brooklyn apartment to tamper with data. It is further alleged that Navarro deleted data to prevent consultants hired to replace him from accessing Century 21’s computer network.

The Manhattan District Attorney’s Office stated: “Prior to his last day, he stole employee data from the company and created an unauthorized ‘superuser’ account on the company’s network—which allowed him access to the network after his resignation.” 

The department store discovered the security breach after Navarro’s replacements were unable to get into the system. An investigation by the company determined that changes had been made to Century 21’s holiday payroll policy.

As a result of the changes, certain employees would have been paid for holidays even if they had not worked on those particular dates. Century 21 spent thousands of dollars to correct the changes and deletions allegedly made by Navarro. 

“If left undetected, this former employee’s alleged tampering could have cost Century 21 more than $50,000,” said District Attorney Cy Vance.

“Unauthorized access to computer networks and the theft of valuable proprietary data are serious threats to the Manhattan business community.”

A New York Supreme Court indictment has charged Navarro with attempted grand larceny in the second degree, criminal mischief in the second degree, computer tampering in the third degree, computer trespass, petit larceny, and the criminal possession of stolen property.

Source…