Singing Elephant – PSW #722
Full Audio
View Show IndexSegments
1. Lock Picking & Physical Security – Deviant Ollam – PSW #722
Many of us, myself included, learned lock picking techniques from Deviant. He comes on the show to talk about physical security in a pandemic, how to train for lock picking and physical security assessments, share some war stories and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
While paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing’s best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified safe technician and GSA certified safe and vault inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.
Hosts
2. The State Of Internet Exposed Services – John Matherly – PSW #722
John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segments of devices impact the security of Internet, such as printers, medial devices, SMB, RDP and more!
Announcements
We had an absolute blast putting together this year's SW Unlocked virtual event! All presentations are now available on-demand for your viewing pleasure. Please visit https://securityweekly.com/unlocked to register and watch now!
Guest
John Matherly is an Internet cartographer, engineer and founder of Shodan, the world’s first search engine for the Internet-connected devices. He has been at the forefront of Internet of Things for the past 10 years and his research has been covered on CNN, Bloomberg, Washington Post and many other outlets. Prior to Shodan, John received a bachelors degree in bioengineering and worked as a software engineer on bioinformatics applications.
Hosts
3. Zip Tie Pick, Wifi/Bluetooth Bugs, Domain Controllers, & Beetle Behavior – PSW #722
The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Precopulatory oral sex found in darkling beetlesThis is too funny: "As the researchers note, males giving females oral genital stimulation is rare in invertebrates. So they were surprised when they found male darkling desert beetles contacting and orally manipulating female genitalia multiple times prior to copulation." - Also note there are people who are researching this and having discussions about this topic, presumably with a straight face, which is more than you can say for us...
- 2. The Lock-Picker, the Lockmaker, and the Odyssey to Expose a Major Security FlawHow a $400 grade 1 lock was bypassed with a zip tie: "At about 6 a.m., two hours after he started working on the lock, he pushed his homemade tool through the drain hole, caught the lever, gave a gentle tug, and the lock sprung open. When he reinserted the zip tie and pulled again, it locked. It worked again, and again, and again."
- 3. Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
- 4. Walk-Through Metal Detectors Can Be Hacked, New Research Finds"The vulnerabilities specifically exist in the Garrett iC module, which provides network connectivity to the Garrett PD 6500i or Garrett MZ 6100 walk-through metal detectors commonly used at security checkpoints. An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through. They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors."
- 5. China suspends deal with Alibaba for not sharing Log4j 0-day first with the governmentWell, the Chinese Government will only use these for good, right? - "The move also comes months after the Chinese government issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to disclose them first-hand to the government authorities mandatorily."
- 6. Bugs in billions of WiFi, Bluetooth chips allow password, data theftPretty neat! The ability to exploit other chips via shared memory: "Once the researchers achieved code execution on one chip, they could perform lateral attacks on the device's other chips using shared memory resources. In their paper, the researchers explain how they could perform OTA (Over-the-Air) denial of service, code execution, extract network passwords, and read sensitive data on chipsets from Broadcom, Cypress, and Silicon Labs."
- 7. A deep dive into an NSO zero-click iMessage exploit: Remote Code ExecutionThis is amazing: "JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent."
- 8. Windows 10 21H2 adds ransomware protection to security baseline
- 9. Secret Backdoors Found in German-made Auerswald VoIP System"Two backdoor passwords were found in the firmware of the COMpact 5500R PBX," researchers from RedTeam Pentesting said in a technical analysis published Monday. "One backdoor password is for the secret user 'Schandelah', the other can be used for the highest-privileged user 'admin.' No way was discovered to disable these backdoors." - Mr. Potato head, backdoors are not secrets! Well, not any longer...
- 10. Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE) – SysdigThis is one of the better write-ups, start here if you've not done a deep dive into log4j yet.
- 11. New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G
- 12. An Analysis of The Log4Shell Alternative Local Trigger"WebSockets are not restricted by same-origin policies like a normal cross-domain HTTP request and they expect the server itself to validate the Origin of the request. While they are useful, they also introduce a fair amount of risk as they do not include many security controls to limit their utilization." - Doesn't this mean that many web app vulnerabilities could be triggered via WebSockets?
- 13. Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666)
- 14. Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers"While CVE-2021-42278 enables an attacker to tamper with the SAM-Account-Name attribute, which is used to log a user into systems in the Active Directory domain, CVE-2021-42287 makes it possible to impersonate the domain controllers. This effectively grants a bad actor with domain user credentials to gain access as a domain admin user."
- 1. Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’After thoroughly reviewing the "FORCEDENTRY" iPhone exploit, researchers at Google's Project Zero say they have uncovered a never-before-seen "hacking roadmap" that includes a PDF file that appears to be a GIF image loaded with a custom-coded virtual CPU constructed out of "Boolean pixel operations." According to Google's Ian Beer and Samuel Groß, "We assess this to be one of the most technically sophisticated exploits we've ever seen." According to Google, after receiving an exploit sample from Citizen Lab, it collaborated with Apple's Security Engineering and Architecture (SEAR) group to perform a technical analysis, which revealed a high degree of technical sophistication in an exploit that was sold to governments worldwide.
- 2. Bad things come in threes: Apache reveals another Log4J bugBad things come in threes: Apache reveals another Log4J bug Third major fix in ten days is an infinite recursion flaw. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j.
- 3. Conti ransomware uses Log4j bug to hack VMware vCenter serversThe "Conti" ransomware gang has been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to obtain "rapid" access to targeted organizations' internal VMware vCenter Server instances and encrypt virtual machines.
- 4. TellYouThePass ransomware revived in Linux, Windows Log4j attacksMalicious actors have brought back an old and almost-retired malware family known as TellYouThePass, using it to target Linux and Windows devices vulnerable to the critical remote code execution vulnerability in the Apache Log4j library (CVE-2021-44228)
- 5. Log4j vulnerability now used to install Dridex banking malwareMalicious actors have been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to infect targeted Linux devices with "Meterpreter" and Windows devices with the "Dridex" banking Trojan.
- 6. Clop ransomware gang is leaking confidential data from the UK policeClop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom. Researchers say the "Clop" ransomware gang managed to access, steal, and leak "confidential" information belonging to some 13 million individuals, which included data belonging to the U.K. police taken from its police national computer (PNC) system.
- 7. FBI: State hackers exploiting new Zoho zero-day since OctoberThe FBI's Cyber Division has revealed that state-backed APT actors have been actively exploiting the authentication bypass vulnerability (CVE-2021-44515) affecting Zoho's ManageEngine Desktop Central since at least October 2021 in order to conduct network reconnaissance and move laterally throughout compromised networks.
- 8. Mitigating Log4Shell and Other Log4j-Related VulnerabilitiesCISA, the FBI, the NSA, and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially exploit CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
