In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Jamie and Karsten join us for a discussion about recent attack trends, threat actors, and campaigns carried out by malicious threat actors. Everything from gift card scams to the latest techniques used by attacks for successful phishing campaigns!
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems.
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!
Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer – This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defense technologies.
Hacking group exploits ZeroLogon in automotive, industrial attack wave – The possibly Chinese government state-sponsored “Cicada” (APT10, Stone Panda, Cloud Hopper) advanced persistent threat (APT) group has been spotted leveraging the “Zerologon” vulnerability (CVE-2020-1472) in a worldwide attack campaign targeting businesses connected to Japan in order to access and exfiltrate sensitive information.
Vertafore data breach exposed data of 27.7 million Texas drivers – Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that after an employee inadvertently stored three files containing the PII on an unsecured external storage service that was ultimately accessed by an unknown third party.
Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak – Misconfigured Amazon S3 bucket belonging to Canoga Park, Calif.-based used electronics reseller TronicsXchange exposed on the Internet containing more than 2.6 million files that included victims’ personally identifiable information (PII) and biometric images
CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024 – Security Boulevard – We might need more than this: “Organizations need a way to harden their industrial assets to avoid the costs of an industrial cybersecurity incident both in terms of corporate fees and personal liability to CEO and board members. Organizations must leverage frameworks like ISA/IEC62443, NERC CIP, and MITRE to strengthen their OT assets’ security and select industrial cybersecurity solutions that help create a reliable cyber operational resilience program.”
The Most Common API Vulnerabilities – This is one of my favorites: ” This occurs when an API is not designed to prohibit future requests after a first untrustworthy request was recognized and rejected.” You should fix it, but then I will have to adjust my attack code ;)
Hackers can use just-fixed Intel bugs to install malicious firmware on PCs – “The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevent unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. “
Windows 10 update problem: We’re fixing Kerberos authentication bug, says Microsoft – “Microsoft addressed the vulnerability by changing how the KDC validates service tickets used with the Kerberos Constrained Delegation (KCD) because there was a bypass issue in the way KDC determines if a service token can be used for KCD delegation. Microsoft explains there are three registry setting values – 0, 1, and 2 – for PerformTicketSignature to control it, but admins might encounter different issues with each setting.”
Hacked Security Software Used in Novel South Korean Supply-Chain Attack – “In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera. The software, called Wizvera VeraPort, is used by South Korean government websites and requires visitors to use a VeraPort browser plug-in for identity verification. “To understand this novel supply-chain attack, you should be aware that South Korean internet users are often asked to install additional security software when visiting government or internet banking websites,” ESET wrote.”
Citrix SD-WAN Bugs Allow Remote Code Execution – Well, that right there is your problem: “The Citrix SD-WAN infrastructure runs on Apache with CakePHP2 as the framework. Researchers at Realmode found a hole in the way the CakePHP2 framework handles URLs. For that, Citrix uses the function “_url in CakeRequest.php”.” Who thought it was a good idea to implement this in PHP?
How to Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers – “What we can’t see in the GIF is the Netcat connection being made to the attacker’s system when fake_video.mp4 opens. The target believes fake_video.mp4 is legitimate and has no idea the operating system was just compromised.” Turns out you can execute commands inside the .desktop file, neat trick. Not sure if there is a fix, which makes this even neater.
Why unplugging your router every month is actually good for your Wi-Fi – This is the worst article I’ve read all year: “Rebooting the router could do any number of things that will benefit it. Sometimes, computers just freak out. Perhaps there’s a bug that’s causing the CPU to overheat. Or, perhaps the system is heavy trouble managing your router’s memory. Whatever the issue, turning your router off and then back on again will likely fix it.” Just poorly written, and so many statements in this article are simply not true.
Report: Researchers Find ‘Backdoor’ Security Flaw in TCL Smart TVs – A three-month investigation from security researcher “Sick Codes” and Shutterstock application security engineer John Jackson discovered that it’s possible to access a TCL smart TV file system over Wi-Fi via an undocumented TCP/IP port, and then collect, delete, or overwrite files without the need for any sort of password or security clearance. The problem does not affect Roku-based TCL TVs. Original research here: https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/
Apple released a new MacBook Air and I’m disheartened – Just ignore everything else, the big complaint here is that the new Air looks just like the old Air: “Yet here were the words “new” and “future” and the same basic design and color choices on what looks like the same old Air.” Nevermind all of the awesome things introduced with the M1 chip, and also potential security risks (I’m just waiting for the first vulnerabilities in Rosetta 2). Oh, and the incompatibilities since its ARM, not x86.