EMOTET Disrupted, “Ghost” Hackers, & Why Privacy is ‘Like Bubblewrap’ – PSW #681

It's called "hacking" for a reason (we're not experts in ALL software LOL): ''the attacker successfully logged into the StackOverflow development environment, using a crafted login request that bypassed access controls, and then successfully escalated privileges. They then got access to TeamCity, the JetBrains continuous integration product...Although not having secrets in source code seems like a no-brainer, developers sometimes find this hard to avoid How does TeamCity work? “The attacker is clearly not overly familiar with the product so they spend time looking up Q&A on Stack Overflow on how to use and configure it"

We go after accounts when people are on vacation, and apparently permanent vacation too: "The account of the late employee wasn’t shut down because various internal services had been configured to use it, presumably because the deceased had been involved in setting up those services in the first place. Closing down the account, we assume, would have stopped those services working, so keeping the account going was probably the most convenient way of letting the dead person’s work live on."

Best advice in this article is here: "You have to make sacrifices, you have to put in the hard work and the grind, to become a good Penetration Tester. Practice, practice, and practice! Sometimes, it will be hard to see all of your friends partying and feeling good on Social Media, while you are staying home, trying to crack that HackTheBox machine, practicing for OSCP or learning about SQL Injections, but remember how worth it will be in the end. Think about the long-term."

A really long article that takes its time to get to this mediocre point: "In a sense, we should think of privacy not as something that resides in an individual, but something that surrounds them. This is where the bubble wrap metaphor comes in - a layer that’s transparent enough to allow you to be seen but also a protection against harmful intrusion. The more bubble wrap, the more protection, but also the greater the degree of constriction: sure I can bubble wrap my experience online (no cookies, no tracking, ProtonMail account, etc) but it’s going to be a slower, more plodding experience, which has its own costs."

https://flip.it/wU3y34

"The South African Revenue Service has released this week its own custom web browser for the sole purpose of re-enabling Adobe Flash Player support, rather than port its existing website from using Flash to HTML-based web forms."

So, not an 0day: "This story and its headline have been updated to clarify that this exploit was not a zero-day, as SonicWall had patched it."

https://flip.it/4RCDFm

This is the best way to fix this problem, but unfortunately it's not available to everyone: "The tweet was fired to 130,000 followers and an associate at Google Security spotted the message. The issue was then personally escalated, although the developer added that others may have seen the tweet and helped, too."

I believe this is the real vulnerability: "Since actions/checkout was executed in the step before the vulnerable workflow file is used, there was a GitHub token with write permission to the repository. So I made a plan to use this token"

ttps://twitter.com/mvp4p3r