December 12, 2021

CyberSecNews Weekly - 0x07-W4921

News

• RCE 0-day exploit found in log4j, a popular Java logging package
  This is the hot topic of the week: Lunasec has discovered a RCE on log4j package, a very common logging library for Java. The impact of this vulnerability is very hughe and still not clearly defined.

• Introducing Microsoft Defender for Containers
  Container usage is increasing in the software development. Microsoft is introducing a new product in the Defender family dedicated to them.

• Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers
  Google disrupts a sophisticated blockchain-based botnet, dubbed Glupteba, that affected more than 1 milion computers around the world.

• Vulnerabilities in all common Wi-Fi routers detected
  A major security check by IT magazine CHIP and IoT Inspector uncovers security vulnerabilities in all Wi-Fi routers by well-known manufacturers.

• Audit Logs of Azure Monitor log queries
  Azure Monitor logs is announcing a new capability to collect audit logs about query execution

• Amazon VPC Network Access Analyzer
  The new Amazon VPC Network Access Analyzer helps you identify network configurations that lead to unintended network access.

• Online avatar service Gravatar allows mass collection of user info
  A user enumeration method discovered by an Italian security researcher Carlo Di Dato demonstrates how can Gravatar data be easily scraped by web crawlers and bots.

• Actual CVE-2021-44228 payloads captured in the wild
  Cloudflare explains how to detect the infamous log4j vulnerability

Tools

• projectdiscovery/nuclei
  Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

• cossacklabs/acra
  Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

• SnaffCon/Snaffler
  a tool for pentesters to help find delicious candy

Articles

• Threat news: TeamTNT stealing credentials using EC2 Instance Metadata
  TeamTNT malware targeted a Kubernetes Pod and attempted to steal AWS credentials using the EC2 instance metadata.

• New research shows IoT and OT innovation is critical to business but comes with significant risks
  Microsoft partnered with the Ponemon Institute to produce empirical data to help us better understand the state of IoT and OT security from a customer’s perspective.

• Getting started with the Security Foundations Blueprint automation repo
  The security foundations blueprint automation repo contains Terraform code that implements the best practices discussed in the security foundations guide.

• Hunting for Low-Hanging Fruit in applications at AWS environments
  A list of common misconfiguration to check in a AWS environment

Tutorial

• Process Ghosting
  Understanding how endpoint products work to identify malicious actions can lead to the discovery of security gaps which can be used for evasion during red team operations.

• Azure Privilege Escalation via Azure API Permissions Abuse
  Turn particular API permissions into Global Admin

• Implement malware scanning using AWS Serverless technologies
  

• Falco 101
  All you need to learn to get started with Falco

IR & Reversing

• Python Shellcode Injection From JSON Data