CyberSecNews Weekly - 0x12-W0322
News
-
Dutch athletes warned to keep phones and laptops out of China
Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. -
A Quick CVE-2022-21907 FAQ (work in progress)
A summary about the new CVE affecting MS systems -
Open source developer corrupts widely-used libraries, affecting tons of projects
-
Orca Discovers AWS CloudFormation Vulnerability
Orca Security’s vulnerability researcher, Tzah Pahima, discovered a zero day AWS CloudFormation vulnerability, which AWS quickly mitigated within 6 days. -
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware
The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks. -
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there’s no patch in sight.
Tools
-
ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers. -
vulscan
Advanced vulnerability scanning with Nmap NSE. -
fuxploider
File upload vulnerability scanner and exploitation tool. -
apkingo
A tool written in Go to get detailed information about apk files. -
iptable_evil
An evil bit backdoor for iptables. -
ThreatHunter-Playbook
A Threat hunter’s playbook to aid the development of techniques and hypothesis for hunting campaigns.
Articles
-
Azure Firewall DevSecOps in Azure DevOps
This post details the DevOps repo pipeline delivery of Azure Firewall with DevSecOps, including the least privilege permissions for the service principals. -
Continuous Access Evaluation in Azure AD is now generally available!
-
Learn about 4 approaches to comprehensive security that help leaders be fearless
An interesting article from Microsoft Security Team describing the strategies to increase security posture in your enterprise, leveraging a Zero Trust model. -
SSH Bastion host best practices: How to Build and Deploy a Security-Hardened SSH Bastion Host
Learn best practices to build and deploy a security-hardened SSH bastion host based on OpenSSH server. -
10 real-world stories of how we’ve compromised CI/CD pipelines
With the spreading of DevOps methodology, CI/CD pipelines are going to become more critical every day. In this article NCCGroup researchers explained how to attack them starting from their own real world experience.
Tutorial
-
Domain Escalation – sAMAccountName Spoofing
Detailed tutorial about how CVE-2021-42278 works and how to exploit it in a pentesting session. -
Pivoting Through Internal Networks with Sshuttle and Ligolo-ng
“Pivoting” is a common method used by attackers to navigate throughout a network, by using a compromised “foothold” host to gain access to other internal networks and hosts that are not accessible from external. -
How Proton helped Gmail overcome a DKIM replay attack
A tutorial about how to prevent your domain from impersonation with SPF, DKIM and DMARK and how to protect against a specific kind of relay attack.
IR & Reversing
-
Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
A very detailed writeup from Rapid7 about how they discover CVE-2021-20038 afffecting SonicWall SSL VPN products. -
Patchwork APT caught in its own web
The Patchwork APT, an Indian group targeting Pakistan exposes themselves with their own RAT.