Custom Python Encryption, Shady 0-Days, & The Great iPwn – PSW #679
In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting attacks targeting your smart device, & the rise of Uncaptcha3!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
""What we're really seeing is not people selling vulnerabilities, but selling the access that they obtained using those vulnerabilities," he says.
That access is then used to deploy ransomware or malware, create a botnet with the company’s computer system, steal proprietary information, etc. Because of the global COVID-19 pandemic, Sannikov says there's been an important shift toward access-as-a-service where the hacker or hacking group doesn't steal data themselves. He compares it to specialized teams of thieves targeting a house." I interviewed Roman Sannikov, director of cybercrime and underground intelligence at Recorded Future, great dude, well trusted.
"What we're really seeing is not people selling vulnerabilities, but selling the access that they obtained using those vulnerabilities," he says. That access is then used to deploy ransomware or malware, create a botnet with the company’s computer system, steal proprietary information, etc. Because of the global COVID-19 pandemic, Sannikov says there's been an important shift toward access-as-a-service where the hacker or hacking group doesn't steal data themselves. He compares it to specialized teams of thieves targeting a house." - This comes from Roman Sannikov, director of cybercrime and underground intelligence at Recorded Future. I've interviewed Roman in the past, awesome dude, and trust his analysis and research.
“A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.”
More supply chain: "The issue with Great Suspender appears to have been the use of an open-source analytics package, Open Web Analytics (OWA), in conjunction with remote scripts and a CDN – the concern was that user information was being spirited away."
I read the title and was like "Oh man, this is bad". However, this article is awesome. It walks you through how to create a custom encryption algorithm in Python for your C2, evading detection by not using anything standard that may be picked up by security tools. Two thumbs up!
"Carry-out" is a stretch, supplement is a better term here: "Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks…"
"A cross-site-scripting (XSS) attack is more dangerous if an attacker can jump out of the renderer process and execute code on the user’s computer. Disabling Node.js integration helps prevent an XSS from being escalated into a so-called “Remote Code Execution” (RCE) attack."
Use Google to hack Google! "The idea of the attack is very simple: You grab the mp3 file of the audio reCAPTCHA and you submit it to Google’s own Speech to Text API. Google will return the correct answer in over 97% of all cases."
"The program, conducted by the Defense Digital Service (DDS), is invitation-only, so not everyone can participate, but the Department of Defense does have an ongoing vulnerability disclosure program through which anyone can report security holes at any time in exchange for “thanks.”"
22-page document on Zerologon, good stuff. I can't help but think though, of all the companies breached recently, how many spent a significant amount of time dealing with this issue, but were still breached by some other means? Time better spent on other issues leads to a stronger security posture?
"...investigators appear to be concerned that a poorly secured, improperly configured, or vulnerable TeamCity instance may have helped the attackers plant their malicious code somewhere in the software supply chain. TeamCity, like other software, is regularly patched for vulnerabilities."
Sr. InfoSec Consultant – Online Business Systems, Director DEI at Hak4kidz, Tribe of Hackers
Product Security Research and Analysis Director at Finite State
Former employees of a competitor provided Ticketmaster with URLs of ticketing web pages and stolen passwords that were used to unlawfully collect business intelligence by repeatedly accessing the competitor’s systems without authorization.
New malware strain that relies on obtaining victims' Basic Service Set Identifier (BSSID) in addition to stealing their IP addresses, and then checking the BSSID against Alexander Mylnikov's free BSSID-to-geo database in order to obtain victims' last geographical locations.
Distributed Denial of Secrets (DDoSecrets) transparency collective published a new data set containing approximately 1TB of data that includes more than 750,000 emails, photos, and documents belonging to five companies. The groups is also reportedly offering to privately share another 1.9TB of data lifted from more than 12 other organizations with academic researchers and/or journalists.
Babuk targets victims using executables customized for each victim that contain a hard-coded extension, ransom note, and a Tor victim URL. Once executed on targeted systems, attackers can use command-line arguments (i.e., lanfirst, lansecond, nolan) to control how the ransomware encrypts network shares and whether to encrypt them before the local file system is encrypted.
American intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure. Hackers allegedly exploited TeamCity to compromise networks.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation?
(2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready)
This week in the Security News Dr. Doug talks : SBOMs save the world, Elon, cut cabling, biometric lawsuits, sim swapping, tracking pixels, and fake LinkedIn accounts along with Show Wrap Ups from this week!