Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767
This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!
Guest
Ed Skoudis is a Faculty member at IANS Research and the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.
Hosts
- 1. Antivirus and EDR solutions tricked into acting as data wipers
Hence, by implementing the following five-step process, Yair could delete files in a directory he didn't have modification privileges.
Create a special path with the malicious file at C:tempWindowsSystem32driversndis.sys Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot Delete the C:temp directory Create a junction C:temp → C: Reboot when prompted.
- 2. Are home video surveillance systems safe?
Having installed a Eufy video doorbell, Paul logged in to the device’s web interface, where he analyzed the source code in the browser and showed that the camera sends a picture to the vendor’s server every time someone appears in the frame. This means that at least one of Eufy’s guarantees (“no clouds”) isn’t true.
Moore then tweeted several more times about some far more serious data protection issues. Apparently, Eufy’s “reliable” encryption uses a fixed key identical for all users. Worse, this key actually appeared in Eufy code posted by the company itself on GitHub. Later, the tech website The Verge, with reference to Moore and another security expert, confirmed the worst-case scenario: anyone online, it seems, can view the video stream simply by connecting to a unique address of the device.
- 3. New Python malware backdoors VMware ESXi servers for remote access
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.
- 4. EMBA
- 5. NETGEAR Router Network Misconfiguration
- 6. Desktop OpenSolaris fork OpenIndiana releases Hipster
- 7. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- 8. FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security
- 9. Vulnerability Prioritisation – PwnDefend