This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Paul Asadoorian
- From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) – RCE Security
Goto story #1
- Intel disputes seriousness of Data Centre Manager authentication flaw
Here we go again, the difference between RCE and privilege escalation. Here's Intel's take: "Intel acknowledges that Ahrens uncovered a vulnerability – tracked as CVE-2022-33942 and assessed with a severity score of 8.8 – but disputes its seriousness. According to Intel, the issue represents only a privilege elevation flaw rather an RCE risk." Here's the issue: "The chain’s first vulnerability bypasses DCM’s entire authentication process if the application is configured to allow authentication from Active Directory groups with publicly known SIDs. Since Intel’s DCM only relies on the SID and there’s no validation of the given active directory service, it is trivially easy to force the application to communicate with an arbitrary Kerberos/LDAP server. The arbitrary server then answers the authentication requests from Intel’s DCM by simply returning a successful authentication, including a known/matching SID. This ultimately allows authenticating using any user with any password and any Active Directory domain."
- The Art of Bypassing Kerberoast Detections with Orpheus – TrustedSec
- Old Zero-Day Vulnerabilities Remain Unpatched on Samsung, Google Phones – ExtremeTech
"Tensor uses a Mali GPU, so Google’s security team found flaws that the Pixel team failed to add to the regular software updates. Google is not alone in making this mistake, but it’s still not a great look."
- What’s Hurl?
Super duper awesome: "Hurl is a command line tool that runs HTTP requests defined in a simple plain text format. It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for fetching data, testing HTTP sessions and testing XML / JSON APIs."
- Docker Hub repositories hide over 1,650 malicious containers
"Sysdig used its automated scanners to scrutinize 250,000 unverified Linux images and identified 1,652 of them as malicious." - Yea, so this is why I just prefer to build my own containers. I should qualify that, I build them from a select starting point and do not rely on somone else's complete build of Grav, I will start with an OS-level container (e.g. Ubuntu) and build it out from there, perhaps even copying from the available Dockerfiles, but ensuring there is less of a chance of a supply chain issue.
- FCC Bans Authorizations for Devices That Pose National Security Threat
"As discussed above, section 889(f)(3) defines “covered telecommunications equipment or services” as including telecommunications and video surveillance equipment produced by Huawei, ZTE, Hytera, Hikvision, and Dahua." - Here's the problem, most of the components come from China. So you have to get down to the component level to really combat the threat.
- Mind the Gap
Goto story #4
- Linux Password Mining
Neat article, I learned some stuff (gdb -> bash -> dump memory space was a nice trick).
- Exploiting CORS Misconfigurations
- Hacking Smartwatches for Spear Phishing – Cybervelia
- Exploiting an N-day vBulletin PHP Object Injection Vulnerability
- Containers: Rootful, Rootless, Privileged and Super Privileged
This is a great guide, keep it handy. I plan to go back and read it carefully, but it explains some things I've had to work around when configuring containers. For example, for two containers to share a volume I have to do stuff like this in both Dockerfiles: "useradd -r -U -u 1001 www" in order to get around some permission errors.
- Hard Disk Firmware Hacking (Part 1)
- mjg59
- Making Cobalt Strike harder for threat actors to abuse
- Till REcollapse – 0xacb
"The REcollapse tool can generate inputs according to these rules, and supports multiple fuzzing sizes and encodings. It can also be helpful to bypass WAFs and weak vulnerability mitigations. The goal of this tool is to generate payloads for testing. Actual fuzzing shall be done with other tools like Burp (intruder), ffuf, or similar."
- A Confused Deputy Vulnerability in AWS AppSync
- HTTP/3 connection contamination: an upcoming threat?
- SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover
- Reverse Engineering Reveals EV Charger Has A Sense Of Security
- Over a third of vulnerabilities reviewed by ethical hackers did not have a CVE
"Detectify on Thursday reported that 35% of the vulnerabilities reviewed by its private network of ethical hackers did not have a CVE assigned." - This is expected. If bug bounty (ish) programs, such as the excellent one run by Detectify, are finding known CVE vulnerabilities, we have a problem. The goal is to find ones that do not have a CVE. If it has a CVE you can like;y use off-the-shelf scanning and patching tools to discover and/or remediate the issues.
- OpenSSF Adopts Microsoft-Built Supply Chain Security Framework
- InfoSec Handlers Diary Blog – SANS Internet Storm Center
- Linux PrivEsc — Linux Kernel Exploits
Nice guide
- CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
Sam Bowne
- Dropbox acquires Boxcryptor assets to bring zero-knowledge encryption to file storage
Dropbox has announced plans to bring end-to-end encryption to its business users, and it’s doing so through acquiring “key assets” from Germany-based cloud security company Boxcryptor.
- Hijacking service workers via DOM Clobbering
This attack exploits websites that use the importScripts() function to retrieve JavaScript from a different domain. It performs "DOM Clobbering"--using an anchor element to overwrite a global variable, which is then used by the application in an unsafe way, such as generating a dynamic script URL. This enables three key outcomes: HTML filter evasion, Bypassing CSP, and Escalating XSS.
- Vulnerability affects Hyundai and Genesis vehicles made after 2012
We could remotely control the locks, engine, horn, headlights, and trunk. We did it by adding a CRLF character at the end of an already existing victim email address during registration, which bypassed authentication on the website.
- Integration of Zeek into Microsoft Defender for Endpoint
We extended Zeek to support Windows-based systems. This can detect attacks on Azure, including PrintNightmare and password spray attacks.
- Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.
- MIT Researchers Solve Dendrites Mystery To Creating Smaller & Lighter Batteries
A breakthrough study finds the root cause of dendrite formation in lithium batteries, which cause them to short out and catch fire. The root cause is fractures deep in the electrolyte, and can be prevented by putting pressure on the electrolyte layer. This opens the way make a new type of rechargeable lithium battery that is safer, lighter, and more compact than existing models.
- Embrace what may be the most important green technology ever. It could save us all
Precision fermentation is a refined form of brewing, and is being applied to create a new generation of staple foods. The microbes they breed feed on hydrogen or methanol and produce high-protein flour, proteins, and fats which can replace meat, fish, milk and eggs. Precision fermentation using methanol needs 1,700 times less land than the most efficient agricultural means of producing protein: soy grown in the US.
