January 9, 2022

CyberSecNews Weekly - 0x11-W0222

News

• Vulnerability in log4j 2.17.0 more hype than substance
  Not all CVEs are created equal. Understanding what is important to focus on when fixing Log4j vulnerabilities is important for your company.

• Smishing Botnets Going Viral in Iran
  In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services.

• QR code scammers hitting on-street parking in Texas cities
  The City of Houston urges the public to be aware of a scam involving fraudulent QR codes being affixed to on-street parking pay stations.

Tools

• CodeAnalysis
  Tencent Cloud Code Analysis is a code compr ehensive analysis platform. It supports Java/C++/Objective-C/C#/JavaScript/Python/Go/PHP and more, covering common programming languages and it track not only code security and vulnerabilities but also code quality and software defects.

• log4jscanner
  A log4j vulnerability filesystem scanner and Go package for analyzing JAR files by Google.

• laurel
  Transform Linux Audit logs for SIEM usage.

• heroku-guardian
  Easy to use CLI security checks for the Heroku platform. Validate baseline security configurations for your own Heroku deployments.

• DNSStager
  Hide your payload in DNS.

• XSRFProbe:
  XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit.

• PowerUpSQL: PowerUpSQL
  A PowerShell Toolkit for Attacking SQL Server

Articles

• We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one: BugAlert.org
  Introducing bugalert.org, a free and open-source service for alerting security and IT professionals of high-impact and 0day vulnerabilities by email, SMS, and phone calls (and via Twitter).

• Edition 14: To WAF or not to WAF
  Effectiveness of WAFs are a hotly debated subject in AppSec circles. This article tries to bring a structure to that discussion.

• The Attackers Guide to Azure AD Conditional Access
  Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. In this article, the author describes the common weakness in the configuration and the threat that you need to face in case you deploy AD Conditional Access.

• Incident response case management, DFIR-IRIS and a bit of MISP
  How to use DFIR-IRIS from Airbus Cybersecurity as case management system for incident response

• Tiemoko Ballo
  Using a modern fuzzing technique to validate the high-level logic of a safe Rust library.

Tutorial

• Preventive controls with AWS Identity
  AWS Identity offers a set of features that let customers apply preventive controls to their AWS environment. This includes AWS Organizations service control policies (SCPs). In this blog article from AWS is described how to get started with SCPs, common use cases, and how to write your own SCPs.

• The Kubernetes Network Security Effect
  Learn everything about the Kubernetes (K8s) network security effect.

• Setting up AWS SSO and AWS Client VPN
  How to setup an AWS-based infrastructure with multiple accounts, SSO, and VPN client

• SeverlessCraic Ep7 Security Part 2 - Threat Modelling & Other Tools
  A long video about Serverless threat modelling.

• ClusterFuzzLite: Continuous fuzzing for all
  

IR & Reversing

• Sears Garage Door Signal Reverse Engineering
  

• jonathandata1/pegasus_spyware: decompiled pegasus_spyware
  

• Malicious Python Script Targeting Chinese People