- 1. CVSS as a Framework, Not a Score
- 2. Is a password manager worth your money?
Agree or disagree? - "Until passwords go the way of the dodo you need to keep them protected, safe, and accessible. Whether you use a paid, free, or homegrown password manager, use something to keep these most valuable keys protected. Personally, I feel paying a small amount to a company gives me the right to demand better services and improvements, something being a free user does not."
- 3. Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries – CyberScoop
"A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed." - So many questions and theories.
- 4. Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks
This wreaks of "we want to put a limitation on our products". And when you do that, people just want to hack it. Why? Because you put a limitation on your products.
- 5. SamyGO
We have 17 Samsung TVs in the studio now (and several more in other parts of the office and studios). Naturally, I've been curious about hacking them. My intentions are to gain some more control over them, e.g. I don't need any "Smart" features! Also, I don't need audio. Initial research led me here. Mute -> 1-8-2 -> Power is a fairly well-known way to access a "secret" service menu. However, this site details so many more hacks and hidden menus. My goal is to really just turn the TVs into monitors. So much more is possible!
- 6. HDMI 8X8 Matrix 4K@60Hz 4:4:4 Control4 Driver – J-Tech Digital
I was investigating this product. I found that the default password is "Admin/Admin" by guessing as it was not documented. The IP configuration asked for a default gateway, however, I could find no evidence of firmware updates. In fact, there were no firmware updates posted to the vendor site and no way to apply firmware updates via the web interface or via the serial connection. There is a USB-C port, but the documentation does not mention it. The device runs Telnet on port 23, however, the default credentials do not work on that service.
- 7. Python jsonpickle 2.0.0 Remote Code Execution
Check your jsonpickle.
- 8. Ukraine says Russia hacked its document portal and planted malicious files
"Wednesday’s statement came two days after Ukraine’s National Coordination Center for Cybersecurity reported what it said were “massive DDoS attacks on the Ukrainian segment of the Internet, mainly on the websites of the security and defense sector.” An analysis revealed that the attacks used a new mechanism that hadn’t been seen before. DDoS attacks take down targeted servers by bombarding them with more data than they can process." - Nothing new here, just more Russia hacking Ukraine and everyone else in the world turning a blind eye.
- 9. This chart shows the connections between cybercrime groups
Attribution is hard doesn't even begin to cover. When are we going to dig deeper and start identifying which groups were responsible for each phase of the attacks?
- 10. Cisco Warns of Critical Auth-Bypass Security Flaw
- 11. Cybersecurity Canon
Some of my favorite hacking/security books in here (and some are not my favorites).
- 12. Unauthorized RCE in VMware vCenter
"After sending an unauthorized request to /ui/vropspluginui/rest/services/*, I discovered that it did not in fact require any authentication." - That's your problem right there...
- 13. Heavily used Node.js package has a code injection vulnerability
"This library is still work in progress. It is supposed to be used as a backend/server-side library (will definitely not work within a browser)," states the developer behind the component." - We cannot just blindly trust all our components and libraries. A human, sometimes, has to read the documentation and performs a risk assessment, that is until the deadline is approaching and you can save 5 days by implementing an experimental library someone else wrote.
- 14. Chinese spyware code was copied from America’s NSA Researchers
If you leave missiles laying around and they fall into the wrong hands, it's a bigger deal than "cyber" weapons.
- 15. Ukraine sites suffered massive attacks launched from Russian networks
"The Ukrainian authorities did not attribute the attack to a specific threat actor." - This does not mean they don't know, they just don't want to say and show their hand. If they know who, it tips them off, and potentially any/all tactics and methods used to observe the attackers.
- 16. Python programming language hurries out update to tackle remote code vulnerability
"The bug occurs because "sprintf" is used unsafely. The impact is broad because Python is pre-installed with multiple Linux distributions and Windows 10."
- 17. Clubhouse Chats Are Breached, Raising Concerns Over Security
- 18. John Deere Lied For Years About Making Its Tractors Easier To Service
- 19. Zombie infection threat as country unlocks 50,000-year-old viruses
- 20. New type of supply-chain attack hit Apple, Microsoft and 33 other companies
- 21. Microsoft: SolarWinds attack took more than 1,000 engineers to create
"Microsoft, which was also breached by the bad Orion update, assigned 500 engineers to investigate the attack said Smith, but the (most likely Russia-backed) team behind the attack had more than double the engineering resources. "When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000," said Smith."
- 22. France Ties Russia’s Sandworm to a Multiyear Hacking Spree
"Remarkably, ANSSI says the intrusion campaign dates back to late 2017 and continued until 2020. In those breaches, the hackers appear to have compromised servers running Centreon, sold by the firm of the same name based in Paris. Though ANSSI says it hasn't been able to identify how those servers were hacked, it found on them two different pieces of malware: one publicly available backdoor called PAS, and another known as Exaramel, which Slovakian cybersecurity firm ESET has spotted Sandworm using in previous intrusions. While hacking groups do reuse each other's malware—sometimes intentionally to mislead investigators—the French agency also says it's seen overlap in command and control servers used in the Centreon hacking campaign and previous Sandworm hacking incidents." - Supply chain attack?