Compliance, Privacy, Remote access, Social engineering

Facebook Dump, Hacking Your Dishwasher, Zoom 0-Click Exploit, & Ubiquity Response – PSW #690

This week in the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, LinkedIn and more_eggs, APTs targeting Fortinet, SAP Applications Are Under Active Attack again, Is your dishwasher trying to kill you?, Ubiquiti All But Confirms Breach Response Iniquity, Cyber Threat Analysis, 11 Useful Security Tips for AWS and other stuff too, Signal Adds Cryptocurrency Support and Not everyone is a fan, Zoom 0-click exploit, when firmware attacks, attackers blowing up Discord.

Register for Joff's Fun Regular Expressions class here:

Full episode and show notes


  • Don't miss any of your favorite Security Weekly content! Visit to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!


Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. What Are The Fundamentals of a Domainless Enterprise? – JumpCloud
  2. 2. LinkedIn and LOLBINs - "a phishing campaign which used job titles scraped from user profiles to convince victims to open and execute evil files and links, which in this case, used an attack tool called more_eggs. The eggy script executes in memory and uses native binaries (“living off the land”) to foil detection efforts."
  3. 3. Is your dishwasher trying to kill you? - There is an interesting balance between physical harm and monetary gain, though they could relate when it comes to IoT security. Poisoning water is one thing, ransomawaring your dishwasher is another thing. Will they intersect?
  4. 4. Ubiquiti All But Confirms Breach Response Iniquity – Krebs on Security - New statements (mostly more hand-waving), Krebs says: "Ubiquiti’s statement largely confirmed the reporting here by not disputing any of the facts raised in the piece. And while it may seem that Ubiquiti is quibbling over whether data was in fact stolen, Adam said Ubiquiti can say there is no evidence that customer information was accessed because Ubiquiti failed to keep logs of who was accessing its databases."
  5. 5. Zero Trust creator talks about implementation, misconceptions, strategy – Help Net Security
  6. 6. OpenBSD OpenSMTPD 6.6 Remote Code Execution
  7. 7. Light Roast 102: Cyber Threat Analysis - This is an interesting role, curious to see how it's developing. Who monitors assets and threats? What role, if any, should security play in operations?
  8. 8. Chinese Hackers Selling Intimate Stolen Camera Footage
  9. 9. Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
  10. 10. 11 Useful Security Tips for Securing Your AWS Environment - Few are actually only relevant to AWS...
  11. 11. Signal Adds Cryptocurrency Support – Schneier on Security - Not everyone is a fan: "I think this is an incredibly bad idea. It’s not just the bloating of what was a clean secure communications app. It’s not just that blockchain is just plain stupid. It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI."
  12. 12. $200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own - Update from Zoom: "We thank the Zero Day Initiative for allowing us to sponsor and participate in Pwn2Own Vancouver 2021, an event highlighting the critical and skillful work performed by security researchers. We take security very seriously and greatly appreciate the research from Computest. We are working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue. The attack must also originate from an accepted external contact or be a part of the target’s same organizational account. As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust. If you think you’ve found a security issue with Zoom products, please send a detailed report to our Vulnerability Disclosure Program in our Trust Center."
  13. 13. Should firms be more worried about firmware cyber-attacks? - "Its survey of 1,000 cyber-security decision makers at enterprises across multiple industries in the UK, US, Germany, Japan and China has revealed that 80% of firms have experienced at least one firmware attack in the past two years. Yet only 29% of security budgets have been allocated to protect firmware." - I actually believe the 29% to be much lower.
  14. 14. Attackers Blowing Up Discord, Slack with Malware - All kinds of abuse! "“Webhooks are essentially a URL that a client can send a message to, which in turn posts that message to the specified channel — all without using the actual Discord application,” they said. The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network, they added."
  15. 15. Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
  16. 16. Library Dependencies and the Open Source Supply Chain Nightmare - “It's a devil's bargain,” Contrast’s co-founder and CTO Jeff Williams told SecurityWeek, “because the farther you get behind, the harder it is to get back up to date. So, you accrue technical debt if you don't keep your libraries patched. But commercial companies are focused on rolling out new features and they don't want to do those library updates if they don't absolutely have to.”
  17. 17. FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited - Should the NSA help monitor and thwart attacks without the 4th Amendment handcuffs? - "The U.S. Constitution's Fourth Amendment bars the government from domestic surveillance unless a crime is suspected. But in the digital age, these U.S. privacy protections have an unintended consequence. They help hide foreign intelligence agencies that can disguise their tracks and make it appear as if they are operating from inside the U.S."
  18. 18. After A Major Hack, U.S. Looks To Fix A Cyber ‘Blind Spot’
  19. 19. ‘Anomalous surge in DNS queries’ knocked Microsoft’s cloud off the web last week
  20. 20. New vulnerabilities discovered allow access to user data and complete takeover - "Web server: allows a remote attacker with access to the web server (default port 8080) to execute arbitrary shell commands, without prior knowledge of the web credentials. DLNA server: allows a remote attacker with access to the DLNA server (default port 8200) to create arbitrary file data on any (non-existing) location, without any prior knowledge or credentials. It can also be elevated to execute arbitrary commands on the remote NAS as well."
  21. 21. RootMy.TV: Coming soon! (Developer “pre-release” available now!) - "TL;DR; If you want root on any* current WebOS LG TV, do not install updates for the time being, and wait patiently. If you're a developer or researcher, read the latest update below."
Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. Office Depot Configuration Error Exposes One Million Records - A misconfigured Elasticsearch server has been found exposed online without a password and containing approximately one million records that included customers' PII. Information reportedly included victims' full names, phone numbers, home addresses, office addresses, @members.ebay addresses, marketplace logs, order histories, and hashed passwords.
  2. 2. New wormable Android malware poses as Netflix to hijack WhatsApp sessions - The fraudulent FlixOnline" app promised global "unlimited entertainment" and two months of a premium Netflix subscription for free due to the pandemic. Once downloaded, however, the malware 'listens in' on WhatsApp conversations and auto-responds to incoming messages with malicious content. Upon installation, the app asks for overlay permissions -- a common ingredient in the theft of service credentials -- as well as Battery Optimization Ignore, which stops a device from automatically closing down software to save power.
  3. 3. The DOTGOV Act: Local Cybersecurity a National Imperative - As the federal .gov program moves under CISA’s jurisdiction, the time is right to ensure more cities and counties transition to a .gov domain and take advantage of being seen as a government entity. Currently, just 10 percent of local governments have a .GOV domain.
  4. 4. LinkedIn Phishing Ramps Up With More-Targeted Attacks - The spear phishing campaign tries to manipulate LinkedIn users into clicking on a malicious ZIP file that installs a fileless backdoor Trojan known as more_eggs.
  5. 5. APTs targeting Fortinet, CISA and FBI warn - The FBI and the CISA have issued a joint alert about APT actors scanning on ports 4443, 8443 and 10443 for known vulnerabilities in Fortinet FortiOS SSL VPNs. See also
  6. 6. VMware fixes authentication bypass in Carbon Black Cloud Workload appliance - VMware has addressed a critical vulnerability, CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers by manipulating a URL in the admin interface to bypass authentication.
  7. 7. 533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online - PII belonging to roughly 533 million Facebook users around the world that was initially compromised by exploiting a Facebook vulnerability in 2019 has been leaked on a popular cyber crime forum and made accessible free of charge.
  8. 8. Clop Ransomware operators plunder US universities - Accellion FTA used by universities to share information, "Clop" ransomware operators leaked PII and financial data belonging to students and staff stolen from Stanford Medicine, the University of California, and University of Maryland Baltimore (UMB). Range of sites with data published:
  9. 9. Personal data of 30,000 users of NTUC’s e2i training and job matching services may have been breached - Job matching services provided by Singapore's National Trades Union Congress' Employment and Employability Institute (e2i) was breached by attackers. Not clear if leaked, but third-party liability needs to be understood.
  10. 10. Malware attack on Applus blocked vehicle inspections in some US states - Vehicle inspections in eight U.S. states (Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin) were interrupted after provider Applus Technologies suffered a cyber attack on March 30 that forced it to disconnect its IT systems from the Internet to prevent the malware infection from spreading.
  11. 11. Watch Out! Mission Critical SAP Applications Are Under Active Attack - Attackers are now actively targeting unsecured SAP applications in campaigns designed to steal sensitive data and sabotage critical processes. CVE-2020-6287 and CVE-2020-6207 are rated as High-risk due to the potential to gain remote unauthorized system access.
  12. 12. Hackers From China Target Vietnamese Military and Government - "Cycldeck" group has been linked to a cyber espionage campaign that took place between June 2020 and January 2021 and targeted Vietnamese government and military organizations. Likely result of Vietnamese efforts to block China's expansion into the South China Sea.
  13. 13. EtterSilent maldoc builder used by top cybercriminal gangs - EtterSilent includes features that allow it to bypass Microsoft Defender, Windows Antimalware Scan Interface (AMSI), and popular email services, including Gmail. EtterCell documents, created by the EtterSilent builder, are downloader payloads that use Excel 4.0 macro functions to download and execute malicious payloads.
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad