Yard Sale – PSW #708
This week, we kick off the show with a technical segment, all about working with OpenVAS! Next up, we welcome Patrick Wardle, founder of Objective-See, to talk Trends in Mac Malware and Apple Security!! In the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin,& more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
1. Working With OpenVAS – PSW #708
Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
2. Trends in Mac Malware & Apple Security – Patrick Wardle – PSW #708
Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well.
In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis.
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
3. Yard Sales, Bitcoin Thief Charged, Mouse Privilege Escalation, & LED Eavesdropping – PSW #708
This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin, & yard sales!
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on SecurityInteresting: "Mark Rasch, a former prosecutor with the U.S. Justice Department, said the plaintiff is claiming the parents are liable because he gave them notice of a crime committed by their kids and they failed to respond. “A lot of these crimes are being committed by juveniles, and we don’t have a good juvenile justice system that’s well designed to both civilly and criminally go after kids,” Rasch said."
- 2. Linux Attackers Take Advantage of Unpatched Vulnerabilities"“The answer to the question of why so many systems are still running end-of-life versions of Linux distributions is patching, misconfigurations and software-defined infrastructure,” explained Aaron Ansari, vice president of cloud security at Trend Micro. “People start out with outdated images, or misconfigure them or never patch them due to inability or fear of breaking the custom app.”"
- 3. Cybercriminals Inducing Insiders to Plant MalwareIs training and awareness enough? - "The takeaway here is that companies should expect to see more of these types of pitches, both cold and warm, via email and other communication mediums. Why? Because they are effective, even if the batting average is below .200. The cost for cybercriminals to engage is low, and every success produces an attractive ROI. Provide your employees with triage training and a path to report when that proverbial knock sounds at their door."
- 4. Firmware: Beyond Securing the Software StackI'd say this must be part of your vulnerability and patch management programs today. Malware already exists that exploits firmware, so, there's that.
- 5. CERIAS – Center for Education and Research in Information Assurance and Security
- 6. F5 Bug Could Lead to Complete System Takeover
- 7. From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits – The Citizen Lab
- 8. Google, Amazon, Microsoft unveil massive cybersecurity initiatives after White House meeting
- 9. How Data Brokers Sell Access to the Backbone of the InternetBut the data can be used for good too! - ""Thanks to Team Cymru for providing access to their Pure Signal Recon product. Their tool’s ability to show Internet traffic telemetry from the past three months provided the breakthrough we needed to identify the initial victim from Candiru’s infrastructure," the report reads. " - This is netflow data...
- 10. Security and compliance still a challenge for container architectures – Help Net Security
- 11. How do I select an automated red teaming solution for my business? – Help Net Security
- 12. Details Disclosed for Zoom Exploit That Earned Researchers $200,000
- 13. New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
- 14. Top 10 Things You Must Do to Avoid Getting HackedNot a bad list, one that I would use to have a conversation with users and/or develop a security policy. Multi-factor, password vault, keep software updated, use something other than SMS for 2nd factor, don't install random crap software from the Internet (and browser extensions too).
- 15. IoT devices are insecure by default
- 16. HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site ScriptingStored XSS in a printer, could be an interesting sleeper attack? Not sure what else you could get other than the creds to the printer, if they have any to begin with...
- 17. Watch as hackers disrupt Iran’s prison computers; leak live footage
- 18. Get a Free SSL Certificate From AWS
- 19. Will Low-Code Development Lead to Security Problems and Data Breaches?
- 20. Vulnerability allowed hackers to tamper medication in infusion pumpNo details, but an interesting video: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/overmedicated-breaking-the-security-barrier-of-a-globally-deployed-infusion-pump/ - Looks like how some of the AV gear is configured, as there is not authentication (or easily bypassed) and you can interact with the device and send commands, causing the device to behave differently in the real-world.
- 21. AWS privilege escalation: exploring odd features of the Trust Policy
- 22. How Threat Detection is Evolving
- 23. People shouldn’t care about privacyThe use-cases for fully homomorphic encryption are interesting, but also the limiting factor as many different data types and processes will actually need to read your data, therefore you should still care about privacy: "Preventive Medicine: Imagine knowing in advance what you need to do to stay healthy throughout your life. This is increasingly possible with AI but requires sharing all your health data — everything from your DNA to your medical history to your lifestyle habits. With FHE, you could send all of this data in encrypted form, and the AI would respond with encrypted health recommendations that you alone could see. Facial Recognition: From science fiction to the palm of your hand, facial recognition is now a part of our everyday experience. We use facial recognition to enter buildings, to unlock our phones, to tag people in pictures, and soon, to log in to websites everywhere. This, however, requires your biometric fingerprint to be on file, which, in the wrong hands, can be used to impersonate you. With FHE, you could authenticate yourself securely, without anybody being able to steal this biometric data. Voice Assistants: Every time you or someone in your family speaks to Siri, Alexa, or Google Assistant, personal information is sent to the companies behind them. With FHE, your voice query would be sent encrypted to your AI assistant, and they could respond without actually knowing what you asked! This means you would no longer have to worry about your family’s data being misused or stolen. It would no longer matter if you had microphones in the most sensitive places in your home because nobody would be able to listen to what you say."
- 24. Microsoft Breaks Silence on Barrage of ProxyShell Attacks
- 25. New variant of PRISM Backdoor ‘WaterDrop’ targets Linux systems“The threat actor behind this variant has managed to maintain a zero or almost-zero detection score in VirusTotal for its samples and domains. This is most likely due to their campaigns being fairly small in size. The waterdropx[.]com domain was registered to the current owner on August 18, 2017, and as of August 10, 2021, it was still online,” - https://cybersecurity.att.com/blogs/labs-research/prism-attacks-fly-under-the-radar - "We have conducted further investigation of the samples and discovered that several campaigns using these malicious executables have managed to remain active and under the radar for more than 3.5 years. The oldest samples Alien Labs can attribute to one of the actors date from the 8th of November, 2017." - It's HTTP and it's using a specific User-Agent, I would think this could be easily detected...
- 26. Phishing campaign uses UPS.com XSS vuln to distribute malware
- 27. 1Password Secret Retrieval?—?Methodology and ImplementationIN-depth technical article that details what was tried and what worked to accomplish this: "This .NET application is built on the same version of the CLR (4.7.2) the latest 1Password binary uses at the time of upload (8/13/21). This binary gets function pointers to various critical functions responsible for decrypting secrets within the 1Password SQLite database and waits until the 1Password application is unlocked by the user. Once unlocked, it writes the results as a JSON array to C:UsersPublic1Password.log for you to view and parse." (https://github.com/djhohnstein/1PasswordSuite)
- 28. Razer bug lets you become a Windows 10 admin by plugging in a mouse"When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong. When you change the location of your folder, a 'Choose a Folder' dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open 'Open PowerShell window here,' which will open a PowerShell prompt in the folder shown in the dialog." - I also saw on Twitter a theory that you could do this with any programmable USB device, like a rubber ducky... (https://twitter.com/Serianox_/status/1429355333756071937)
- 1. Iran prison abuse exposed by hackers’ CCTV leak
- 2. 4 Steps Organizations Can Take to Increase Diversity in Cybersecurity
- 3. T-mobile hacker: Their security is awful
- 4. Razer Mouse Grants Windows Admin Privileges
- 5. Reversing SMART Health Cards
- 6. Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain – IoT Inspector
- 7. Botnet targets hundreds of thousands of devices using Realtek SDK
- 8. Eavesdropping By LED
- 9. Field Notice: FN – 63697 – Protective Boot on Certain Network Cables Might Push the Mode Button and Cause an Unexpected Reset on the 48-Port Models of Cisco Catalyst 3650 and 3850 Series Switches – Workaround Provided
- 1. Linux turns 30: Linus Torvalds on his “just a hobby” operating systemThank you Gus! In 1991, Unix was an important but secondary x86 operating system. That year, on August 25, a mild-mannered Finnish graduate student named Linus Benedict Torvalds announced on the Usenet group comp.os.minix that he was working on "a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones." No one knew it, not even Torvalds, but the technology was going to change forever.
- 2. Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reportedEarlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that they are aware of. For perspective on how large this attack was: Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of their Q2 average rps rate of legitimate HTTP traffic.