Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767
This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!
Guest
Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.
Hosts
- 1. Antivirus and EDR solutions tricked into acting as data wipers
Hence, by implementing the following five-step process, Yair could delete files in a directory he didn't have modification privileges.
Create a special path with the malicious file at C:tempWindowsSystem32driversndis.sys Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot Delete the C:temp directory Create a junction C:temp → C: Reboot when prompted.
- 2. Are home video surveillance systems safe?
Having installed a Eufy video doorbell, Paul logged in to the device’s web interface, where he analyzed the source code in the browser and showed that the camera sends a picture to the vendor’s server every time someone appears in the frame. This means that at least one of Eufy’s guarantees (“no clouds”) isn’t true.
Moore then tweeted several more times about some far more serious data protection issues. Apparently, Eufy’s “reliable” encryption uses a fixed key identical for all users. Worse, this key actually appeared in Eufy code posted by the company itself on GitHub. Later, the tech website The Verge, with reference to Moore and another security expert, confirmed the worst-case scenario: anyone online, it seems, can view the video stream simply by connecting to a unique address of the device.
- 3. New Python malware backdoors VMware ESXi servers for remote access
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.
- 4. EMBA
- 5. NETGEAR Router Network Misconfiguration
- 6. Desktop OpenSolaris fork OpenIndiana releases Hipster
- 7. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- 8. FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security
- 9. Vulnerability Prioritisation – PwnDefend