- 1. SSRF vulnerabilities and where to find them – Detectify Labs
- 2. Fingerprintx Tool: An Internship Project for the Real World – Praetorian
- 3. Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
- 4. Russia gives citizenship to ex-NSA contractor Edward Snowden
"A decree signed Monday by Russian President Vladimir Putin listed Snowden as one of 75 foreign citizens listed as being granted Russian citizenship. After fleeing the U.S. in 2013, Snowden was granted permanent Russian residency in 2020 and said at the time that he planned to apply for Russian citizenship without renouncing his U.S. citizenship." - Could he be called for military services for Russia? Has he disclosed secrets to Russia? Also, curious how he is making a living these days...
- 5. How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000
"On August 17, the attackers used the hijacking to first obtain a TLS certificate for cbridge-prod2.celer.network, since they were able to demonstrate to certificate authority GoGetSSL in Latvia that they had control over the subdomain. With possession of the certificate, the hijackers then hosted their own smart contract on the same domain and waited for visits from people trying to access the real Celer Bridge cbridge-prod2.celer.network page."
- 6. SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security
"A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life." - SIM swapping gets real. Why is it typically younger kids who are "holders"?
- 7. Negotiating a golden parachute clause in a CISO contract
- 8. Mythic Case Study: Assessing Common Offensive Security Tools
- 9. Introducing Hintfo – The Hacker Factor Blog
"After chatting with Jeffrey last July, I decided to create my own "just metadata viewer". Since metadata contains helpful hints and internal information about files, I named my new service Hintfo (it's online at https://hintfo.com/). It works as easily as Jeffrey's: You upload a file to Hintfo and it shows you the metadata."
- 10. Shift F10 bypass and Autopilot privilge escalation
- 11. $35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned
It can be costly to properly destroy data on older equipment (we interviewed someone a while back on this subject). However, I think its still cheaper than paying fines of $35 million.
- 12. What’s behind the different names for hacker groups
"Microsoft picks names from the periodic table. CrowdStrike gives Chinese state groups a name with "Panda" in it, Russian state groups get a "Bear" name, Iranian groups have "Kitten" names, and North Korean group are "Chollima." Broadcom's Symantec uses names of insects. Palo Alto Networks names groups after constellations." - Not gonna lie, I kinda like how CrowdStrike does it. But why can't we all agree on a standard? I mean, we agree on so many other stand...oh nevermind...
- 13. Vultron: A Protocol for Coordinated Vulnerability Disclosure
- 14. New hacking group ‘Metador’ lurking in ISP networks for months
- 15. Linux System Call Monitoring – Black Hills Information Security
- 16. Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
- 17. 350,000 open source projects at risk from Python vulnerability
- 18. Hunting for Unsigned DLLs to Find APTs
- 19. When Ransomware Meets IoT: What’s Next?
"Trojan ZuoRAT was found to target initially routers to then enumerate and move laterally to workstations in the victim’s network. Beyond that, we spoke directly with security leaders at financial organizations, who confirmed that IP cameras are among their riskiest devices according to their own internal security assessments." - I'm concerned with the bricking of devices being tied to ransomeware. Its so easy to brick a device remotely today, just keep dropping devices until a ransom is paid, not that I want to give anyone ideas. However, recovery from a firmware wipe is hard.
- 20. Attackers abuse web security flaw in Sophos Firewall
This must be trivial to exploit: "This is a code injection vulnerability in the User Portal and Webadmin components of the Sophos firewall that could be abused by remote attackers to execute arbitrary code on the vulnerable versions of Sophos firewalls." Ref: https://thesecmaster.com/how-to-fix-cve-2022-3236-a-critical-rce-vulnerability-in-sophos-firewall/
- 21. Attackers impersonate CircleCI platform to compromise GitHub accounts
- 22. ISC fixed high-severity flaws in the BIND DNS software
- 23. CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation
Hot mess: "This vulnerability happens due to a vulnerable version of ApacheOfBiz (CVE-2020-9496) that exposes an XML-RPC endpoint at /webtools/control/xmlrpc in case of Manage Engine products this endpoint is /xmlrpc. This endpoint can deserealizes java objects, as part of this processing, any serialized arguments for the remote invocation are deserialized, therefore if the classpath contains any classes that can be used as gadgets to achieve remote code execution, an attacker will be able to run arbitrary system commands." References: https://www.bigous.me/2022/09/06/CVE-2022-35405.html and https://github.com/viniciuspereiras/CVE-2022-35405/
- 24. New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access
This is the dangerous part: "In terms of supply chain impact, it will take 6-9 months based on our data for the vulnerabilities to be patched by device manufacturers at least on all the enterprise devices"