January 2, 2022

CyberSecNews Weekly - 0x10-W0122

News

• LastPass confirms credential stuffing attack against some of its users
  Password manager app LastPass said today that a threat actor has launched a credential stuffing attack against its users in an attempt to gain access to their cloud-hosted password vaults.

• Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
  Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

• PHP LFI with Nginx Assistance
  New method to exploit PHP local file inclusion (LFI) vulnerabilities with Nginx assistance.

• SEGA Europe Suffers Major Security Breach
  VPNOverview discovered a cloud security (unprotected S3 bucket) breach affecting SEGA Europe, leaving users vulnerable to spear phishing and ransomware attacks.

• noPac: A Tale of Two Vulnerabilities That Could End in Ransomware
  Numerous public proof-of-concept exploits reveal that the noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) are trivial to exploit and lead to privilege escalation.

Tools

• olafhartong/ThreatHunting
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

• JetBrains/qodana-action
  Using this GitHub Action, run Qodana with your GitHub workflow to scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects

• khaoticdude/nSpector
  A tool to take Nmap scans, and store the results in a queryable database.

• Osmedeus
  Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allow you to automatic your reconnaissance methodology on a large number of targets

Articles

• More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
  A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.

• PrintNightmare and SSH Tunnels for Fun
  

Tutorial

• How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF
  

• Memory Analysis with Volatility
  Volatility is an open-source memory forensics framework for incident response and malware analysis.

• How to Secure an AWS Serverless Application
  

• How to Detect DNS Tunneling in the Network?
  

• Using HTTP Basic Auth in 2022
  Is HTTP Basic Auth still worth in 2022?

IR & Reversing

• Hacking the Nokia Fastmile
  Reversing a Nokia 5G Bridge runnning Android.

• Linux.Midrashim: Assembly x64 ELF virus
  x64 ELF virus written in Assembly

• Strategically Aged Domain Detection: Using DNS Traffic Trends
  Strategically aged domain detection can capture domains registered by advanced persistent threats or likely to be used for network abuses.

• Fixing the Unfixable: Story of a Google Cloud SSRF