January 31, 2022

CyberSecNews Weekly - 0x14-W0522

News

• Malicious app on Google Play drops banking malware on users’ devices
  Pradeo’s researchers discovered a malicious mobile application called 2FA Authenticator distributed on Google Play and installed by 10K+ users.

• PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
  The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.

• Amazon GuardDuty now detects EC2 instance credentials used from another AWS account
  

Tools

• Amazing-Cybersec-Resources
  Amazing Collection of Cyber Security resources (Books, Tutorials, Blogs, Podcasts, …)

• lobster-pot
  Scans every git push to your Github organisations to find unwanted secrets.

• stratus-red-team
  Granular, Actionable Adversary Emulation for the Cloud.

• Deepfence
  Cloud native security observability platform for your applications and infrastructure from development through production

• attack_data
  A repository of curated datasets from various attacks collected by Splunk

Articles

• Cloud HSM architecture | Google Cloud
  

• Over 20k servers have their iLO exposed to the internet
  

• Phishing study in large organizations: Findings from a Large-Scale and Long-Term Study
  

Tutorial

• Write more secure code with the OWASP Top 10 Proactive Controls
  This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

• Fuzzing101
  Learn fuzzing like a boss

• Stop Storing Secrets In Environment Variables!
  Debatable position about how to securely manage secrets in your programs

• Configuring Linux AuditD for Threat Detection
  

• ROP Chaining: Return Oriented Programming
  ROP Chaining is an advanced technique to exploiting buffer owerflows and “smash the stack for fun and profit”(cit.)

• Principals in AWS IAM
  This article explains the basics of AWS authentication: the way you gain an identity that you can use to access AWS services

• Securing Azure Kubernetes networking with Calico
  With a few lines of YAML, Calico will keep watch as you build application-controlled networking.

• How I Discovered Thousands of Open Databases on AWS
  

IR & Reversing

• We purchased a machine from China and it came with malware preinstalled
  This UK company bought a pick and place machine from China and found a malware preinstalled. The malware writeup is not very deep and interesting, but in the discussion in HN someone said that the infection come through an infected not genuine version of Windows 7 Ultimate.

• Decompiled 2022 Beijing iOS & Android Apps