Windows TCO Leftovers
-
Darren Goossens ☛ Remote desktop to Linux — have to log in 3 times – DSPACE
I am accessing a Linux box via the remote desktop program that come with Microsoft Windows. I log into the box, but then I have to type in my credentials 2 more times, after getting a prompt that says something about creating colour profiles. I don’t get the same issue when I log into the machine directly using the attached monitor, or when I tunnel in via ssh -Y.
-
Sophos ☛ Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign – Sophos News
We also noted the utilization of the command C:\Windows\System32\cscript.exe REHABI~1.JS spawning PowerShell.exe, as shown in Figure 4. The cscript.exe command line tool is specific to Windows Server. The commands passed to PowerShell were not captured in this case.
-
Dark Reading ☛ GootLoader Cyberattackers Target Bengal Cat Fans in Oz
Following a download, the user is redirected to a different website containing a large JavaScript file. This leads to multiple processes being run on the user's device, allowing threat actors to pass commands and establish persistence to deploy Gootkit — the second stage of the payload— and the malware then acts as a precursor to other tools, such as ransomware or Cobalt Strike.
-
The Register UK ☛ Cybercrooks target Bengal cat lovers in Australia
Among these processes, there appeared to be signs of the crooks establishing persistence and passing commands to PowerShell to deploy Gootkit, the third stage of the malware that leads to tools like Cobalt Strike and ransomware being dropped.
-
Integrity/Availability/Authenticity
-
Krebs On Security ☛ FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
-