psw709

Paul’s Security Weekly Episode #709 – September 02, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Nmap Vulnerability Scanning/Flan Scan – 06:00 PM-06:45 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

Paul presents a Technical Segment that walks through Nmap, Vulners scripts, & Flan Scan!

Full notes with all commands (and the Dockerfile): https://securityweekly.com/wp-content/uploads/2021/09/Nmap-Flanscan-Vulners-TechSeg.pdf

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Hacking Honda, Insider Threat Galore, ChaosDB, USB File Weight, & Linux 5.14 – 07:00 PM-08:00 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Security News: Hacking Honda, a fact about single-factor, disarming your home and alarming vulnerability disclosure response, btw, you have a Sudo vulnerability, NSO under investigation, Loki and 0days, Linux turns 30, SANS appoints a new president of the college, how much does your USB thumb drive weigh?, and When “Florida Woman” attacks!

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Fired NY credit union employee nukes 21GB of data in revenge – Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution’s computer systems without authorization and destroying over 21 gigabytes of data in revenge 40 minutes after being fired.
  2. 91% of Industrial Organizations Can Be Penetrated by Hackers – More than nine in 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies. Their penetration testers gained access to the technological segment of the network of 75% of organizations. This then enabled them to access industrial control systems (ICS) in 56% of cases.

    Report: https://www.ptsecurity.com/ww-en/analytics/ics-risks-2021/

  3. Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners’ home addresses in Google Earth – The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible CSV file that pinpoints domestic homes as likely firearm storage locations – a worst-case scenario for victims of the breach.
  4. QNAP works on patches for OpenSSL bugs impacting its NAS devices – Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS). Synology customers also still waiting on updates.
  5. Microsoft Exchange ProxyToken bug can let hackers steal user email – Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails. Tracked as CVE-2021-33766, ProxyToken gives unauthenticated attackers access to the configuration options of user mailboxes, where they can define an email forwarding rule. Fixed in July CU and SA updates.
  6. ARM China Seizes IP, Relaunches as an ‘Independent’ Company – ExtremeTech – The onetime CEO of ARM China, Allen Wu, has reportedly seized control of ARM’s Chinese business venture, ARM China. Mr. Wu is accused of attempting to launch his own company, Alphatecture, by leveraging his position at ARM China to do so.
  7. Critical F5 bug could lead to wide range of security vulnerabilities – F5 has fixed more than a dozen high-severity security vulnerabilities in its networking device, with one of them being elevated to critical severity and CVSS score of 9.9 under specific conditions. All vulnerabilities are part of this month’s delivery of security updates, addressing almost 30 vulnerabilities for multiple F5 devices.
  8. Hackers release Belarus data in bid to topple Lukashenko – Opponents of the Belarus government said they have pulled off an audacious hack that has compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko’s regime.
  9. Earth Baku (APT41) Active Target Victims in Indo-Pacific Region – Trend Micro has uncovered a cyberespionage campaign by Earth Baku, or APT41, against organizations in the Indo-Pacific region. The campaign has been continuing since July 2020.
  10. Microsoft Tracks Widespread Credential Phishing Campaign – Microsoft has been tracking a widespread credential phishing campaign using open redirector links combined with social engineering lures that spoof known productivity tools to trick users. Attackers also use a CAPTCHA verification page to add a sense of legitimacy to the campaign.
  11. Microsoft warns Azure customers of critical Cosmos DB vulnerability – Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users’ databases by giving them full admin access without requiring authorization. Microsoft advises users to regenerate their Cosmos DB primary keys, and leverage a vNET or firewall to further protect their Cosmos DB Accounts.
  12. Chinese National Pleads Guilty to Illegal Exports to Northwestern Polytechnical University – A Chinese national pleaded guilty today in federal court in Boston in connection with illegally procuring and causing the illegal export of $100,000 worth of U.S. origin goods to Northwestern Polytechnical University (NWPU), a Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army on the advancement of its military capabilities.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
  2. NPM package with 3 million weekly downloads had a severe vulnerability
  3. Superhero Loki Lurks Like a Zero-Day Threat – Does the “TVA is just like a SoC” analogy hold up?
  4. The ‘Unhackable’ Wii Mini Has Been Hacked
  5. How to Secure your AWS infrastructure?
  6. Confluence Server 7.12.4 OGNL Injection Remote Code Execution
  7. Israeli Foreign Minister Promises Closer Look at NSO – Darknet Diaries has a great episode with details on this (though despite amazing effort, was not able to interview NSO, which speaks volumes): “NSO has come under widespread criticism over reports that its flagship spyware product, Pegasus, has been misused by governments to spy on dissidents, journalists, human rights workers and possibly even heads of state. Pegasus is able to stealthily infiltrate a target’s mobile phone, giving users access to data, email, contacts and even their cameras and microphones.”
  8. Beginners Guide to Azure Sentinel
  9. It’s time to create a TJ Hooper for information security – “Many companies have a prevailing practice regarding information security — that they need to do only the bare minimum to get by. They do that while millions of consumer records are breached weekly.”
  10. A deep-dive into the SolarWinds Serv-U SSH vulnerability
  11. Pwned! The home security system that can be hacked with your email address
  12. Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords
  13. SANS Technology Institute Selects Ed Skoudis As Its New President – Congrats Ed!
  14. Widespread credential phishing campaign abuses open redirector links
  15. Authentication Bypass Vulnerability In Exchange Server – CyberWorkx
  16. Cyberhack Hides Malicious Code in Your Graphics Card’s VRAM
  17. A popular smart home security system can be remotely disarmed, researchers say – TechCrunch – “If a malicious actor knows a user’s email address, they can use it to query the cloud-based API to return an International Mobile Equipment Identity (IMEI) number, which appears to also serve as the device’s serial number.” – And with the email and the IMEI, you can use the API to disarm the system. Also, I feel like this is 20-years-ago behavior from a vendor: “Rapid7 revealed details of the two vulnerabilities on Tuesday after not hearing from Fortress in three months, the standard window of time that security researchers give companies to fix bugs before details are made public. Rapid7 said its only acknowledgment of its email was when Fortress closed its support ticket a week later without commenting. Fortress owner Michael Hofeditz opened but did not respond to several emails sent by TechCrunch with an email open tracker. An email from Bottone Reiling, a Massachusetts law firm representing Fortress, called the claims “false, purposely misleading and defamatory,” but did not provide specifics that it claims are false, or if Fortress has mitigated the vulnerabilities.”
  18. Does a USB drive get heavier as you store more files on it? – Actually…
  19. CISA: Don’t use single-factor auth on Internet-exposed systems – “The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet. “
  20. HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform – And they are just either discovering or disclosing this now? SBOM anyone? – “The Aruba AirWave management platform is HPE’s real-time monitoring and security alert system for wired and wireless infrastructures. The Sudo bug (CVE-2021-3156) was reported in January by Qualys researchers and is believed to impact millions of endpoint devices and systems.”
  21. Hacker Claims Honda And Acura Vehicles Vulnerable To Simple Replay Attack – ” The crux of the allegations are that simply recording signals from a Honda or Acura keyfob is enough to compromise the vehicle. Reportedly, no rolling code system is implemented and commands can easily be replayed.”
  22. When you finish celebrating Linux turning 30, try new Linux 5.14, says Linus Torvalds – Interesting, we seem to be really destroying the basic concepts of permissions and rings: “memfd_secret lets applications create an area of memory that only that application can access. Not even the kernel can access the designated area of memory. Which matters, because Spectre and Meltdown meant cached data could be accessed. memfd_secret is designed to provide a safe place for secrets like cryptographic keys or passwords to reside.”
  23. Florida Woman Convicted Of Damaging Her Former Employer’s Computers After She Was Fired – Yikes: “While she was being terminated, and just before she was escorted from the building, CALONGE was observed by two employees of Employee-1 repeatedly hitting the delete key on her desktop computer. Several hours later, CALONGE logged into a system (“System-1”) used by Employer?1 to receive and manage applications for employment with the company, which the company had invested two years and over $100,000 to build. During the next two days, CALONGE rampaged through System-1, deleting over 17,000 job applications and resumes, and leaving messages with profanities inside the system.”
  24. ChaosDB: Unauthorized Privileged Access to Microsoft Azure Cosmos DB – “By exploiting a chain of vulnerabilities in the Jupyter Notebook feature of Cosmos DB, a malicious actor can query information about the target Cosmos DB Jupyter Notebook. By doing so, the attacker will obtain a set of credentials related to the target Cosmos DB account, the Jupyter Notebook compute, and the Jupyter Notebook Storage account, including the Primary Key. Using these credentials, it is possible to view, modify, and delete data in the target Cosmos DB account via multiple channels. Below is a diagram that illustrates the attack.”
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. Iframe Security – 08:00 PM-08:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our speakers: Lesley Carhart, John Strand, Alyssa Miller, Dave Kennedy, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, Justin Kohler, Jay Beale, Trenton Ivey & Ryan Cobb!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Benjamin will discuss securing iframes with the sandbox attribute.

This segment is sponsored by Acunetix.

Visit https://securityweekly.com/acunetix to learn more about them!

Guest(s)

Benjamin Daniel Mussler

Benjamin Daniel Mussler – Senior Security Researcher at Acunetix

@mussler

Web Application Security Researcher at Acunetix

Hosts

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly