Name: Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767
Uploaded: 2022-12-14T00:00:00.000-05:00
Description: Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767

This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!

Featured image for (Live 12/14, 7-9pm ET) Security News – PSW #767 segment from PPWorks

Hence, by implementing the following five-step process, Yair could delete files in a directory he didn't have modification privileges.

Create a special path with the malicious file at C:tempWindowsSystem32driversndis.sys
Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot
Delete the C:temp directory
Create a junction C:temp → C:
Reboot when prompted.

Antivirus and EDR solutions tricked into acting as data wipers

Having installed a Eufy video doorbell, Paul logged in to the device’s web interface, where he analyzed the source code in the browser and showed that the camera sends a picture to the vendor’s server every time someone appears in the frame. This means that at least one of Eufy’s guarantees (“no clouds”) isn’t true.

Moore then tweeted several more times about some far more serious data protection issues. Apparently, Eufy’s “reliable” encryption uses a fixed key identical for all users. Worse, this key actually appeared in Eufy code posted by the company itself on GitHub. Later, the tech website The Verge, with reference to Moore and another security expert, confirmed the worst-case scenario: anyone online, it seems, can view the video stream simply by connecting to a unique address of the device.

Are home video surveillance systems safe?

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.

New Python malware backdoors VMware ESXi servers for remote access

EMBA

NETGEAR Router Network Misconfiguration

Desktop OpenSolaris fork OpenIndiana releases Hipster

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security

Vulnerability Prioritisation – PwnDefend

Paul's Security Weekly

If you&#8217;re looking for a bunch of us security nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the atmosphere is relaxed and very conversational. This is a longer show, typically 2+ hours, for those with a long commute.

Headshot for Ed Skoudis from PPWorks

President of SANS Technology Institute, Director of Holiday Hack Challenge

Headshot for Adrian Sanabria from PPWorks

Director of Product Marketing

Headshot for Bill Brenner from PPWorks

Senior Vice President, Audience Content Strategy

Headshot for Jason Albuquerque from PPWorks

Chief Operating Officer

Headshot for Jeff Man from PPWorks

Sr. InfoSec Consultant – Online Business Systems

Headshot for Larry Pesce from PPWorks

Product Security Research and Analysis Director

Headshot for Matt Alderman from PPWorks

VP, Product

Headshot for Tyler Robinson from PPWorks

Founder & CEO

Vulnerability Management

Security Staff Acquisition & Development

Malware

News

Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767

Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767

Guest

Hosts

Related

Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods – SWN #346

Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More – SWN #345

Vulnerability Reporting, Zyxel, GPS Spoofing – PSW #808