December 26, 2021

CyberSecNews Weekly - 0x09-W5121

News

• Polish opposition senator hacked with spyware
  Security researchers say they’ve confirmed that a third Polish opposition figure had his phone hacked with sophisticated spyware from Israeli company NSO Group

• 0 Day FreePBX Exploit? - FreePBX / Security
  A 0-day was discovered in FreePBX and it’s very likely to be exposed on public IPs.

Tools

• cisagov/log4j-scanner
  log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

• Velociraptor
  Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.

• timb-machine/linux-malware
  Tracking interesting Linux (and UNIX malware).

Articles

• RF Bugs and their detection using Software-Defined Radio
  A fantastic introduction about SDR pentesting and bug bounty.

• Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
  Is log4j impacting also connected cars?

• What are Attackers after on IoT Devices?
  A team of researchers deployed several IoT honeypots and analyses the information collected with a bit of machine learning.

• Cloud Security Breaches and Vulnerabilities: 2021 in Review
  In this post, we look back on the 2021 cloud security data breaches and vulnerabilities in AWS, and showcase best practices to avoid them.

• Intruding 5G core networks from outside and inside
  Mobile infrastructure pentesting is a very niche field. This is a tutorial to understand how the 5G network is working and what are the risks and the methodologies to exploit it.

• Learning VoWifi, VoLTE, and IMS
  Another fantastic article about mobile networks and protocols and how to create a basic IMSI catcher.

Tutorial

• More Undetected PowerShell Dropper
  

• RCE in Visual Studio Code’s Remote WSL for Fun and Negative Profit
  The Visual Studio Code server in Windows Subsystem for Linux uses a local WebSocket WebSocket connection to communicate with the Remote WSL extension.JavaScript in websites can connect to this server and execute arbitrary commands on the target system.

IR & Reversing

• Inside a PBX - Discovering a Firmware Backdoor
  This blog post illustrates how RedTeam Pentesting discovered a real-world backdoor in a widely used Auerswald phone system (see also the advisory and CVE-2021-40859).

• Extracting The WiFi Firmware And Putting Back A Keylogger
  How to reverse a WiFi chip and add a keylogger into the firmware, exploiting a insecure encryption method.

• Example of how attackers are trying to push crypto miners via Log4Shell