M1 Chip Flaw, Boeing 747 Hacking, Don’t Blame the Intern, & John Deere – PSW #696

Paul Asadoorian

1. Cybersecurity leaders lacking basic cyber hygiene – Help Net Security
   This is interesting? - "48% of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%)."
2. Introducing Security By Design
   But what is the incentive? - "That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including Google Play, has many built-in security features that help protect developers and users. The course Introduction to app security best practices takes these protections one step further by helping you take advantage of additional security features to build into your app."
3. nginx 1.20.0 DNS Resolver Off-By-One Heap Write
4. Bypassing Container Image Scanning
   This is awesome, and a simple little trick to lock down the container: "For example, try building RUN apt-get remove apt into the image after all of it’s essential packages have been installed. The packages will remain on the image, but the runtime scanner will be unable to query with apt list, therefore resulting in 0 vulnerabilities found." Of course, you should not be running as root anyhow. Ooooh and this: "If you know exactly where and how the runtime scanner binary gets injected, find a way to prevent it. For example in the microscanner case above, we know it will add the scanner binary at /microscanner . In this case, we can add a layer before the microscanner gets written that creates a symlink to /dev/null. Meaning at image build time the microscanner binary gets discarded instead of written to the filesystem."
5. Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
6. Kali Linux team releases Kaboxer, a tool for managing applications in containers – Help Net Security
7. “Unpatchable” vuln in Apple’s new Mac chip – what you need to know
   "According to Hector Martin, this register can be read from by userland programs running at EL0, though he doesn’t know what the register is actually used for, if anything. However, userland programs aren’t supposed to be able to write into it, given that it’s a system register and supposedly off-limits to EL0 programs. But Martin discovered that userland code can write to just two individual bits inside this register – bits that are apparently otherwise unused and therefore might be considered unimportant or even irrelevant… …and those bits can then be read out from any other userland program."
8. New Rowhammer Vulnerability Exploits Increasingly Smaller DRAM Chips
9. NASA identified 1,785 cyber incidents in 2020
10. Let’s Stop Blaming Employees for Our Data Breaches
11. Hackers used macOS 0-days to bypass privacy features, take screenshots
    "According to Jamf researchers Jamf researchers Jaron Bradley, Ferdous Saljooki, and Stuart Ashenbrenner, the malware controls legit applications that can capture screen records or screenshots without requiring user consent as soon as it infects the device."
12. CVE-2021-21551: Learning Through Exploitation
13. Bosses putting a ‘digital leash’ on remote workers could be crossing a privacy line
14. The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
    ". By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”"
15. M1RACLES: An Apple M1 Vulnerability
16. Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
17. Vulnerability in VMware product has severity rating of 9.8 out of 10
18. Bluetooth bugs open the door for attackers to impersonate devices
19. SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern – CyberScoop
    Backpedaling: "“What happened at the congressional hearings where we attributed it to an intern was not appropriate, and was not what we are about or is not what we are about,” he said. “We have learned from that and I want to reset it here by saying that we are a very safe environment, and we want to attract and retain the best talent.”" and this: "“As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said."
20. Bose Corporation discloses breach after ransomware attack. – CyberWorkx
21. Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cad
    Awesome write-up, down the rabbit hole we go: "Suddenly they had a private vulnerability disclosure program. It did not exist when we started. 24 hours later, I received the invitation to the program… I was the only researcher in the program The program was created that day Every single asset had no bounty The company does not allow public disclosure"
22. How to protect your Wi-Fi devices from new FragAttacks vulnerabilities
23. The Full Story of the Stunning RSA Hack Can Finally Be Told
24. Global Socket
    If you trust someone else's computers...
25. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
26. Getting a persistent shell on a 747 IFE
    This was neat. Windows NT!

Larry Pesce

1. FragAttacks + Antenna for Hire™: The Perfect Storm in Your Network Airspace
2. Can the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol
3. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
4. Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners