Vulnerability Management, Leadership, Zero trust, Security Staff Acquisition & Development, Threat Management
M1 Chip Flaw, Boeing 747 Hacking, Don’t Blame the Intern, & John Deere – PSW #696
This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
Paul Asadoorian
Principal Security Researcher at Eclypsium
- 1. Cybersecurity leaders lacking basic cyber hygiene – Help Net SecurityThis is interesting? - "48% of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%)."
- 2. Introducing Security By DesignBut what is the incentive? - "That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including Google Play, has many built-in security features that help protect developers and users. The course Introduction to app security best practices takes these protections one step further by helping you take advantage of additional security features to build into your app."
- 3. nginx 1.20.0 DNS Resolver Off-By-One Heap Write
- 4. Bypassing Container Image ScanningThis is awesome, and a simple little trick to lock down the container: "For example, try building RUN apt-get remove apt into the image after all of it’s essential packages have been installed. The packages will remain on the image, but the runtime scanner will be unable to query with apt list, therefore resulting in 0 vulnerabilities found." Of course, you should not be running as root anyhow. Ooooh and this: "If you know exactly where and how the runtime scanner binary gets injected, find a way to prevent it. For example in the microscanner case above, we know it will add the scanner binary at /microscanner . In this case, we can add a layer before the microscanner gets written that creates a symlink to /dev/null. Meaning at image build time the microscanner binary gets discarded instead of written to the filesystem."
- 5. Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
- 6. Kali Linux team releases Kaboxer, a tool for managing applications in containers – Help Net Security
- 7. “Unpatchable” vuln in Apple’s new Mac chip – what you need to know"According to Hector Martin, this register can be read from by userland programs running at EL0, though he doesn’t know what the register is actually used for, if anything. However, userland programs aren’t supposed to be able to write into it, given that it’s a system register and supposedly off-limits to EL0 programs. But Martin discovered that userland code can write to just two individual bits inside this register – bits that are apparently otherwise unused and therefore might be considered unimportant or even irrelevant… …and those bits can then be read out from any other userland program."
- 8. New Rowhammer Vulnerability Exploits Increasingly Smaller DRAM Chips
- 9. NASA identified 1,785 cyber incidents in 2020
- 10. Let’s Stop Blaming Employees for Our Data Breaches
- 11. Hackers used macOS 0-days to bypass privacy features, take screenshots"According to Jamf researchers Jamf researchers Jaron Bradley, Ferdous Saljooki, and Stuart Ashenbrenner, the malware controls legit applications that can capture screen records or screenshots without requiring user consent as soon as it infects the device."
- 12. CVE-2021-21551: Learning Through Exploitation
- 13. Bosses putting a ‘digital leash’ on remote workers could be crossing a privacy line
- 14. The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms". By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”"
- 15. M1RACLES: An Apple M1 Vulnerability
- 16. Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
- 17. Vulnerability in VMware product has severity rating of 9.8 out of 10
- 18. Bluetooth bugs open the door for attackers to impersonate devices
- 19. SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern – CyberScoopBackpedaling: "“What happened at the congressional hearings where we attributed it to an intern was not appropriate, and was not what we are about or is not what we are about,” he said. “We have learned from that and I want to reset it here by saying that we are a very safe environment, and we want to attract and retain the best talent.”" and this: "“As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said."
- 20. Bose Corporation discloses breach after ransomware attack. – CyberWorkx
- 21. Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie CadAwesome write-up, down the rabbit hole we go: "Suddenly they had a private vulnerability disclosure program. It did not exist when we started. 24 hours later, I received the invitation to the program… I was the only researcher in the program The program was created that day Every single asset had no bounty The company does not allow public disclosure"
- 22. How to protect your Wi-Fi devices from new FragAttacks vulnerabilities
- 23. The Full Story of the Stunning RSA Hack Can Finally Be Told
- 24. Global SocketIf you trust someone else's computers...
- 25. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
- 26. Getting a persistent shell on a 747 IFEThis was neat. Windows NT!
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Product Security Research and Analysis Director at Finite State
- 1. FragAttacks + Antenna for Hire™: The Perfect Storm in Your Network Airspace
- 2. Can the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol
- 3. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
- 4. Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners