MS Breach, printers, Android hacking – PSW #814

Amazing write-ups (check out part 2 as well). Thing is though the CVEs point back to October 2023, which is when I believe we covered these vulnerabilities.

I saw some advice on this one: "Don't put your supercomputer on the Internet". So, if we just don't connect our computers to the Internet, they will be safe. Ridiculous. The problem is in the BMC, and if you are going to use the BMC, it is probably connected to some network. Attackers could get on this network. The solution is to patch your BMC firmware/software.

Web authentication bypass plus authenticated command injection FTW!

Some really interesting Android hacks and vulnerabilities in here, mostly due to poor implementations and code. For example, you can really harden Android, and in some cases make it next to impossible to root or mess with bootloaders, but as usual, the devils in the implementation.

Cool research and nicely written summary: "At this point in time, an attacker can easily cause a denial of service using this exploit, but as SonicWall noted in its advisories, a potential for remote code execution exists. While it may be possible to devise an exploit that can execute arbitrary commands, additional research is needed to overcome several challenges, including PIE, ASLR, and stack canaries. Perhaps a bigger challenge for an attacker is determining in advance what firmware and hardware versions a particular target is using, as the exploit must be tailored to these parameters. Since no technique is currently known for remotely fingerprinting SonicWall firewalls, the likelihood of attackers leveraging RCE is, in our estimation, still low. Regardless, taking the appropriate precautions to secure your devices will ensure they don’t fall victim to a potentially painful DoS attack" - I think one aspect you must include when triaging these vulnerabilities is the difficult and impact of the firmware upgrade. While difficult to determine ahead of actually installing the update, if its easy and low operational risk, just apply the patch. Don't get hung up on the exploitability, as that could change at any time and I'd rather you be patched than scrambling to update all of your appliances. Also, some Linux distributions do a great job of collecting and posting user feedback on how well, or not so well, the update went for you. This crowdsourcing of the update experience is amazing, and I wish more vendors did this (unless they do and I just don't check the support forums).

Interesting article as it describes using OSQuery as an attacker to gain knowledge about the hosts and the environment. Conceivably you could evade detection using this method as many monitor the obvious enumeration attempts (ala Bloudhound), but may not look at access attempts and named pipes used to access data from OSQuery.

If you come across a D-Link using the dir815_v1.01SSb08.bin firmware, its vulnerable to this. Not certain if there is a CVE, but exploit looks legit.

Now is a good time to change passwords, implement and configure MFA, use a password manager and some of its features (but not the feature where it stores your 2FA auth codes). Also, your Flipper Zero can be enrolled as a U2F device, which is handy.

So much of the software and protocols used today were created decades ago by smart people such as David L. Mills: "In the 1970s, during his tenure at COMSAT and involvement with ARPANET (the precursor to the Internet), Mills first identified the need for synchronized time across computer networks. His solution aligned computers to within tens of milliseconds. NTP now operates on billions of devices worldwide, coordinating time across every continent, and has become a cornerstone of modern digital infrastructure."

"He said that their company had made “a true OS this time which installs full-stack self-developed technologies and doesn't rely upon the U.S. traditional Linux cores”." - And that won't contain any backdoors, right? How would we know or check? ;)

This is a neat trick, and I have one, technique was released 8 years ago by Samy :) I will say while some of the Flipper things are old, it's neat to have them all in one device, even with add-ons.

If you are looking to evaluate your Android devices hunt around for ADB Android forensics cheat sheets. They break out all of the adb commands you'll need to start validating your Android install. Also, sniffing the network and looking at the traffic is another way (or Pi-Hole). Right now, its a very manual process... I'm considering rooting some of my Android TV devices (if possible) and then using that access to remove the crapware in hopes 1) I can reduce the attack surface 2) They will run better.

I got this running on one of my systems. I say running and not working successfully because these are two very different things. My Pixel 2 updated to Android 11 at some point, and I believe this device is not vulnerable as it asks me if I want to allow another BT device to attach.

Nothing to see here. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.

You'd think this was a PCI issue, but apparently it's not. or is it???

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.

Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. - this one has to be PCI related.