Security Weekly
Paul's Security WeeklySubscribe
Supply chain, Threat Management, Vulnerability Management, Malware, Compliance Management

PSW #749 – Larry Pesce

Full Audio

View Show Index

Segments

1. Apple Airtag Detection & Simulation – PSW #749

We’ve heard about the recent abuses for Apple’s AirTags used in tracking and stalking issues in recent months. While tools exist for detection under the Apple ecosystem, limited options exist for Android and none under Linux. We’ll explore the AirTag beacons and showcase some tools for detecting beacons and creating our own for testing under Linux. We’ll also show some ways to take our methods even further as an exercise left unto the reader.

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Principal Security Evangelist at Eclypsium
Founder at Guardedrisk
Product Security Research and Analysis Director at Finite State
Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. FreeBSD, Steam Decks, Ancient Computers, UEFI Rootkits, & Office Macro Saga Continues – PSW #749

In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Principal Security Evangelist at Eclypsium
  1. 1. Zyxel authentication bypass patch analysis (CVE-2022-0342) – hn security
    Great research post.
  2. 2. Zero Day Initiative — Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
    Software supply chain anyone? - "The most interesting outcome of this analysis is that ESXi’s TCP/IP stack is based on FreeBSD 8.2 and does not include security patches for the vulnerabilities disclosed over the years since that release of FreeBSD. This result also prompted us to analyze the nature of vulnerabilities disclosed in other open-source components used by VMware, such as OpenSLP and ISC-DHCP. Once again, we observed that most of the disclosed vulnerabilities had upstream patches before the disclosure." Also, this post is amazing. They go on to identify which FreeBSD version VMware is using, identify the missing patches and so forth.
  3. 3. Securing Open-Source Software – Schneier on Security
    "Designing an institutional framework that would secure open source requires addressing adverse incentives, ensuring efficient resource allocation, and imposing minimum standards." - I take issue with this. One of the things that make open-source software so amazing is the fact that it's OPEN. The incentives, adverse or otherwise, should only be that software is made available to everyone for free. Who decides who gets more or fewer resources? This should be left to the community. And don't even talk about minimum standards because then the software is not truly open.
  4. 4. Increased Use Of Windows BitLocker Is Causing Headaches For Linux Dual Booting – Phoronix
  5. 5. Hardcoded password in Confluence app has been leaked on Twitter
    Whoa: "The company warned that even when Confluence installations don't actively have the app installed, they may still be vulnerable. Uninstalling the app doesn't automatically remediate the vulnerability because the disabledsystemuser account can still reside on the system."
  6. 6. T-Mobile to pay $500M for one of the largest data breaches in US history [Updated]
  7. 7. Office macro security: on-again-off-again feature now BACK ON AGAIN!
    This is getting crazy, also: "Organisations that relied on sharing documents via cloud services, and who hadn’t taken the appropriate precautions to denote which external servers should be treated as official company sources found their macros blocked by default, and voiced their displeasure loudly enough that Microsoft officially relented around the middle of 2022." - Look, just turn this off. Easy for me to say...
  8. 8. Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog
  9. 9. Serious Privilege Escalation Vulnerability Found In Zyxel Firewall
    We need to level set on the language: "Security researchers discovered a serious vulnerability in the Zyxel Firewall, allowing for local privilege escalation. However, a remote attacker could also exploit the flaw, adding to the severity of the issue." - privilege escalation and authentication bypass needs more explaining, no more Jedi mind tricks!
  10. 10. Senators Introduce Quantum Encryption Preparedness Law
    Better hope they protect his list very well: "The Act, co-sponsored by senators Rob Portman (R-OH) and Maggie Hassan (D-NH), calls for every executive agency to create an inventory of all the cryptographic systems in use, along with the IT systems that they will prioritize for migration to post-quantum cryptography. They will also define processes for evaluating the process of that migration."
  11. 11. Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options
    So many vulnerabilities: https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
  12. 12. Threat of Firmware Attacks on Firms Grows
    I was hoping for more than a sponsored article for HP Wolf.
  13. 13. Is Your Home or Small Business Built on Secure Foundations? Think Again…
    This is a plug for this: https://www.iotsecurityfoundation.org/ - Great idea, lots of challenges.
  14. 14. Newly found Lightning Framework offers a plethora of Linux hacking capabilities
  15. 15. For SMBs, Microsoft offers a new layer of server protection
  16. 16. Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
    This is great research, and all too common in embedded systems. Turns out multiple projects/vendors re-used vulnerable code from Broadcom in their web servers.
  17. 17. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
    This is just one really awesome thing about this: "This specific point in the execution was chosen because at this stage the boot manager is loaded in memory, but isn’t yet running." - So each time the system boots up, at the point when the bootloader is loaded into memory, the bootloader is modified, then the kernel is modified. SO AWESOME (I mean for the attacker, not for defenders...).
  18. 18. CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
  19. 19. FOISted: a MikroTik remote jailbreak
    Neat stuff, more info here: https://margin.re/blog/pulling-mikrotik-into-the-limelight.aspx
  20. 20. How I revived three ancient computers with ChromeOS Flex
    I really want to try this and see how it works. Curious if anyone else has?
Founder at Guardedrisk
Product Security Research and Analysis Director at Finite State
  1. 1. GPSJam GPS/GNSS Interference Map
    GPSJam Daily maps of GPS interference "You can always tell where Putin is"
  2. 2. Elescope: tracking .ru drones through RF telemetry
    Elescope was not developed by local team or opportunistic SIGINT vendor. One DSP wizard, one RE/hacking freak, and a bunch of other folks. All foreign. The true
Senior Cyber Advisor at Lawrence Livermore National Laboratory
  1. 1. Hardcoded password in Confluence app has been leaked on Twitter
    Atlassian disclosed several vulnerabilities, including a hard-coded password issue affecting the Questions for Confluence app. Atlassian has since reported that the password has been leaked online, which makes patching the app even more urgent. Username: disabledsystemuser Email: [email protected] Password: disabled1system1user6708 Update Questions for Confluence app ver 2.7.x >= 2.7.38 or > 3.0.5 https://twitter.com/therceman/status/1550791890026565638
  2. 2. Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities
    In addition to fixing almost 40 flaws, Apple has addressed a memory corruption vulnerability (CVE-2022-2294) impacting its WebRTC component, which was disclosed by Google last week as part of its release of software fixes for iOS, iPadOS, tvOS, and WatchOS.
  3. 3. SonicWall Warns of Critical GMS SQL Injection Vulnerability
    SonicWall has released "urgent patches" to address a critical vulnerability (CVE-2022-22280) impacting Global Management System (GMS) installations before 9.3.1-SP2-Hotfix-2 that could be exploited by remote, unauthenticated attackers to send a specially crafted request to the impacted application and execute arbitrary SQL commands in the applications database.
  4. 4. Rare ‘CosmicStrand’ UEFI Rootkit Swings into Cybercrime Orbit
    The "CosmicStrand" Windows firmware rootkit is reportedly being used in attacks targeting the Unified Extensible Firmware Interface (UEFI) in order to remain undetected and maintain persistence on targeted systems.
  5. 5. Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11
    Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system. default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts.
  6. 6. FileWave MDM offered attackers superuser privilege
    The Filewave mobile device management suite had a pair of vulnerabilities which security researchers have shown could let attackers push malware out as a phone update or obtain access to enterprise networks.
  7. 7. Digital security giant Entrust breached by ransomware gang
    Entrust has revealed it suffered a June 18, 2022, "cyberattack" during which hackers managed to breach its network and steal data, which could affect an array of critical and sensitive organizations using Entrust solutions for authentication and identity management.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related