February 27, 2022

CyberSecNews Weekly - 0x18-W0922

News

• New Destructive Malware Used In Cyber Attacks on Ukraine
  

Tools

• Security-Datasets: Re-play Security Events
  

• AzureADAssessment
  Tooling for assessing an Azure AD tenant state and configuration

• microsoft/msticpy
  Microsoft Threat Intelligence Security Tools.

Articles

• Exploiting CSRF With The Default SameSite Policy
  Default “SameSite” settings are not the same as “SameSite: Lax” set explicitly. TLDR? A two-minute window from when a cookie is issued is open to exploit CSRF.

• How Bitwarden encrypts your data
  

• ATT&CK for Mobile: Reintroduction and 2022 Goals
  

• Best practices for REST API security: Authentication and authorization
  If you have a REST API accessible on the internet, you’re going to need to secure it. Here’s the best practices on how to do that.

• F-Droid: how is it weakening the Android security model?
  This write-up will attempt to emphasize major security issues with F-Droid that you should consider.

• GitHub Advisory Database now open to community contributions
  Anyone can now provide additional information and context to further the community’s understanding and awareness of security advisories.

• BGP Security in 2021
  

• What I Learned After Using an SSH Honeypot for 7 Days | Infragistics Blog
  

Tutorial

• How to secure API Gateway HTTP endpoints with JWT authorizer | Amazon Web Services
  This blog post demonstrates how you can secure Amazon API Gateway HTTP endpoints with JSON web token (JWT) authorizers.

• Relaying Kerberos over DNS using krbrelayx and mitm6
  

• Bypassing 2FA using noVNC
  

• MicrosoftLearning/AZ500-AzureSecurityTechnologies
  Microsoft Azure Security Tutorial

• Checklist for container security - devsecops practices
  Checklist for container security

IR & Reversing

• Find You: Building a stealth AirTag clone
  

• LockBitRansomware_Whitepaper.pdf