CyberSecNews Weekly - 0x19-W1022
News
- Cyber threat activity in Ukraine: analysis and resources
A must read analysis from Microsoft about cyber threat in the Ukraine war scenario
Tools
-
flightsim
An utility to safely generate malicious network traffic patterns and evaluate controls. -
Casdoor
Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC and SAML
Articles
-
Ukraine-Cyber-Operations
Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. -
NSA Cybersecurity Technical Report - Network Infrastructure Security Guidance
Tutorial
-
How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations
-
The 8KB bypass in Google Cloud Platform WAF
Google Cloud Armor provides a rule-based policy framework that can be used by customers of the Google Cloud Platform to mitigate various types of common web application attacks. The Cloud Armor service has a documented limitation of 8 KB as the maximum size of web request that it will inspect. The default behavior of Cloud Armor in this case can allow malicious requests to bypass Cloud Armor and directly reach an underlying application. -
Escaping privileged containers for fun
Despite the fact that it is not a ‘real’ vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn’t), this could really be handy at some point in the future
IR & Reversing
- New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations.