Zip Tie Pick, Wifi/Bluetooth Bugs, Domain Controllers, & Beetle Behavior – PSW #722

Paul Asadoorian

1. Precopulatory oral sex found in darkling beetles
   This is too funny: "As the researchers note, males giving females oral genital stimulation is rare in invertebrates. So they were surprised when they found male darkling desert beetles contacting and orally manipulating female genitalia multiple times prior to copulation." - Also note there are people who are researching this and having discussions about this topic, presumably with a straight face, which is more than you can say for us...
2. The Lock-Picker, the Lockmaker, and the Odyssey to Expose a Major Security Flaw
   How a $400 grade 1 lock was bypassed with a zip tie: "At about 6 a.m., two hours after he started working on the lock, he pushed his homemade tool through the drain hole, caught the lever, gave a gentle tug, and the lock sprung open. When he reinserted the zip tie and pulled again, it locked. It worked again, and again, and again."
3. Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
4. Walk-Through Metal Detectors Can Be Hacked, New Research Finds
   "The vulnerabilities specifically exist in the Garrett iC module, which provides network connectivity to the Garrett PD 6500i or Garrett MZ 6100 walk-through metal detectors commonly used at security checkpoints. An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through. They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors."
5. China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
   Well, the Chinese Government will only use these for good, right? - "The move also comes months after the Chinese government issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to disclose them first-hand to the government authorities mandatorily."
6. Bugs in billions of WiFi, Bluetooth chips allow password, data theft
   Pretty neat! The ability to exploit other chips via shared memory: "Once the researchers achieved code execution on one chip, they could perform lateral attacks on the device's other chips using shared memory resources. In their paper, the researchers explain how they could perform OTA (Over-the-Air) denial of service, code execution, extract network passwords, and read sensitive data on chipsets from Broadcom, Cypress, and Silicon Labs."
7. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
   This is amazing: "JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent."
8. Windows 10 21H2 adds ransomware protection to security baseline
9. Secret Backdoors Found in German-made Auerswald VoIP System
   "Two backdoor passwords were found in the firmware of the COMpact 5500R PBX," researchers from RedTeam Pentesting said in a technical analysis published Monday. "One backdoor password is for the secret user 'Schandelah', the other can be used for the highest-privileged user 'admin.' No way was discovered to disable these backdoors." - Mr. Potato head, backdoors are not secrets! Well, not any longer...
10. Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE) – Sysdig
    This is one of the better write-ups, start here if you've not done a deep dive into log4j yet.
11. New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G
12. An Analysis of The Log4Shell Alternative Local Trigger
    "WebSockets are not restricted by same-origin policies like a normal cross-domain HTTP request and they expect the server itself to validate the Origin of the request. While they are useful, they also introduce a fair amount of risk as they do not include many security controls to limit their utilization." - Doesn't this mean that many web app vulnerabilities could be triggered via WebSockets?
13. Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666)
14. Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
    "While CVE-2021-42278 enables an attacker to tamper with the SAM-Account-Name attribute, which is used to log a user into systems in the Active Directory domain, CVE-2021-42287 makes it possible to impersonate the domain controllers. This effectively grants a bad actor with domain user credentials to gain access as a domain admin user."

Lee Neely

1. Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’
   After thoroughly reviewing the "FORCEDENTRY" iPhone exploit, researchers at Google's Project Zero say they have uncovered a never-before-seen "hacking roadmap" that includes a PDF file that appears to be a GIF image loaded with a custom-coded virtual CPU constructed out of "Boolean pixel operations." According to Google's Ian Beer and Samuel Groß, "We assess this to be one of the most technically sophisticated exploits we've ever seen." According to Google, after receiving an exploit sample from Citizen Lab, it collaborated with Apple's Security Engineering and Architecture (SEAR) group to perform a technical analysis, which revealed a high degree of technical sophistication in an exploit that was sold to governments worldwide.
2. Bad things come in threes: Apache reveals another Log4J bug
   Bad things come in threes: Apache reveals another Log4J bug Third major fix in ten days is an infinite recursion flaw. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j.
3. Conti ransomware uses Log4j bug to hack VMware vCenter servers
   The "Conti" ransomware gang has been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to obtain "rapid" access to targeted organizations' internal VMware vCenter Server instances and encrypt virtual machines.
4. TellYouThePass ransomware revived in Linux, Windows Log4j attacks
   Malicious actors have brought back an old and almost-retired malware family known as TellYouThePass, using it to target Linux and Windows devices vulnerable to the critical remote code execution vulnerability in the Apache Log4j library (CVE-2021-44228)
5. Log4j vulnerability now used to install Dridex banking malware
   Malicious actors have been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to infect targeted Linux devices with "Meterpreter" and Windows devices with the "Dridex" banking Trojan.
6. Clop ransomware gang is leaking confidential data from the UK police
   Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom. Researchers say the "Clop" ransomware gang managed to access, steal, and leak "confidential" information belonging to some 13 million individuals, which included data belonging to the U.K. police taken from its police national computer (PNC) system.
7. FBI: State hackers exploiting new Zoho zero-day since October
   The FBI's Cyber Division has revealed that state-backed APT actors have been actively exploiting the authentication bypass vulnerability (CVE-2021-44515) affecting Zoho's ManageEngine Desktop Central since at least October 2021 in order to conduct network reconnaissance and move laterally throughout compromised networks.
8. Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
   CISA, the FBI, the NSA, and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially exploit CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.