Thermostat Hijacking, MA Androids, Windows 11, Hacking Pelotons, & John McAfee – PSW #700

"Veracode analyzed 13 million scans of 86,0000 customer repositories containing more than 301,000 unique software libraries and surveyed 2,000 developers in order to better understand the way in which they use third-party software. The analysis shows that over 79% of the time, developers are not updating the third-party libraries used in a codebase, even though this type of library is constantly changing."

"The user logs off but the session is not really closed on the server-side and/or the cookie remains valid. If an attacker is able to put his hands on the browser and access cookies, it’s easy to load this cookie into another browser and… reactivate the session. This technique is called “session impersonation” or “session hijacking”. And, if the cookie is used to hold a session to an administrative interface, it could have a very bad impact! For a while, we’ve seen markets on the dark web that… are selling cookies! "

I put this here to, maybe, make Tyler feel a little better...

“However, any valid wildcard certificate issued by any of the built-in Certificate Authorities contained within the BIOSConnect feature in BIOS will satisfy the secure connection condition, and BIOSConnect will proceed to retrieve the relevant files. The bundle of CA root certificates in the BIOS image was sourced from Mozilla’s root certificate file (certdata.txt).” and "Once this first “gatekeeper” bug is exploited to deliver malicious content back to the victim machine, attackers then have a choice of three distinct and independent overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574), any of which can be used to gain pre-boot RCE on the target device"

"He will be remembered, rightly, as an important figure in the development of the technology scene of the 1980s and 1990s. But he will also be remembered as a deeply controversial figure, who at times seemed intent in taking a path in life that might lead to trouble."

So many questions: "Buried in the fine print of many Texas energy contracts are the words “you agree to allow EnergyHub and your thermostat provider to remotely access your thermostat."

"The report makes the case for federal funding of state and local systems to provide cybersecurity training, tools and services for those in charge of maintaining IT systems, noting that 38 percent of water systems allocate less than 1 percent of their annual budgets to cybersecurity."

"After joining my personal WiFi with the SSID ‘%p%s%s%s%s%n’, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~)"

" An attacker would simply insert a tiny USB key with a boot image file containing malicious code that grants them remote root access, researchers explained. “Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with,” according to McAfee’s analysis. “With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files or set up remote backdoor access over the internet.”"

Sounds like an open S3 bucket...

Amazing write-up.

Microsoft is officially confirming the name for the next release of Windows today: Windows 11. After months of teases, hints of the number 11, and a giant Windows 11 leak, Microsoft’s new operating system is official.

Microsoft officially unveiled Windows 11 today, and the software maker is committing to make it a free upgrade for Windows 10 users. Much like how Windows 10 was free for Windows 7 and Windows 8 users, this new Windows 11 version will be free for existing Windows 10 users.

An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, Eclypsium researchers have found.

Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.

Eccentric tech entrepreneur John McAfee died by suicide in a Spanish jail cell Wednesday evening — hours after reports surfaced that he would be extradited to face federal charges in the US, according to local media.

Cybersecurity researchers have disclosed a new ransomware strain called " DarkRadiation " that's implemented entirely in Bash and targets Linux and Docker cloud containers.

TrendMicro investigation of DarkRadiation tools. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script.