November 21, 2021

CyberSecNews Weekly - 0x04-W4621

News

• New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica
  Researchers figure out how to obtain the “fuse encryption key” unique to each CPU.

• Iranian targeting of IT sector on the rise - Microsoft Security Blog
  Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.

• Trojan Source and Python
  The Trojan Source vulnerabilities have been rippling through various development communities since their disclosure on November 1. The oddities that can arise when handling Unicode, and bidirectional Unicode in particular, in a programming language have led Rust, for example, to check for the problematic code points in strings and comments and, by default, refuse to compile if they are present. Python has chosen a different path, but work is underway to help inform programmers of the kinds of pitfalls that Trojan Source has highlighted.

• Linux has a serious security problem that once again enables DNS cache poisoning
  Bizarre behavior overlooked in Linux for more than a decade revives scary attack scenario.

Tools

• chenjiandongx/sniffer: 🐶 A modern alternative network traffic sniffer.
  🐶 A modern alternative network traffic sniffer. Contribute to chenjiandongx/sniffer development by creating an account on GitHub.

Articles

• HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks - Microsoft Security Blog
  HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.

• It’s Now Possible To Sign Arbitrary Data With Your SSH Keys
  ssh-keygen can sign and verify signatures, and it’s way better than PGP

• Uncovering brandjacking with VirusTotal
  Malicious activity comes in all kinds of colors and flavors, sometimes abusing users’ trust by impersonating well known brands to get thei…

• TPM sniffing – Sec Team Blog
  An explanation about how TPM works and how to sniff TPM keys with an hardware hack.

• How we protect our most sensitive secrets from the most determined attackers
  As a bank, we have private keys and other ‘secrets’ we need to protect, to keep our customers and ourselves safe. Our security controls work together to stop even the most determined and capable attackers.

• Portable Malware Analyzis Lab - /dev/random
  Short tutorial about the installation of a malware analyzis lab on Proxmox.

• Understanding HKDF
  HKDF is a key-derivation function that uses HMAC under-the-hood. It’s defined in RFC 5869

• Router Bugs and Security Vulnerabilities
  An archive of consumer list vulnerabilities. Check if your home router is vulnerable

• Prevent Secrets Leaks at Scale in Repositories
  Uploading sensitive data to a source code repository can lead to fatal consequences. In this article, they guys from Typeform are going to explaining how they prevent that.

Tutorial

• Windows Security Updates for Hackers « Bitsadmin’s blog - Mystery guest in your IT infrastructure
  Frequently colleagues and clients get to my (virtual) desk and pose the following question to me: “I know which patches (KBs) are installed on a Windows syst…

• OAuth with Cloudflare Workers on a Statically Generated Site
  An article on implementing OAuth user registration for a newsletter on a statically generated site using Cloudflare workers.

IR & Reversing

• Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes | Sysdig
  How to detect the Muhstik Botnet attacking a Kubernetes Pod to control the Pod and mine cryptocurrency and DDoS.

• Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days
  Introduction A Vulnerability Researcher’s Favorite Stress Relief Continuing in our series of research findings involving Netgear 1 produc…

• Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity
  ESET researchers uncover strategic web compromise (aka watering hole) attacks against high-profile websites in the Middle East.