Vending Machine Hack, Chucky’s Amber Alert, HarmonyOS, & Realtek Vulns – PSW #682
Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: "Hey, that web app on that IoT/network device was really secure!"? Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft: how not to run Docker in Azure Functions.
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Security in a Complex World"So, all these years later, how do we console the Bruce Schneier's of the world? How do we have innovation and security? There is one possibility. Since innovation won't slow, the key is to use innovation to make ever-expanding complexity comprehensible and its effects predictable. In other words, fight fire with fire."
- 2. Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
- 3. Huawei’s HarmonyOS: “Fake it till you make it” meets OS developmentSo, it's basically a pirated version of Android, only with more backdoors.
- 4. How Hackers Are Infiltrating the World of Online Gaming – Latest Hacking NewsThere is no "How" in this article, it is only about how people hack games. Basically, people cheat, steal in-game artifacts, and fake game updates. In case you didn't already know that...
- 5. Sloppy patches are a breeding ground for zero-day exploitsSloppy or just putting a splotlight on bad code? "In a blog post, Maddie Stone of Google’s Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely related to previously publicly disclosed vulnerabilities, and “potentially could have been avoided if a more thorough investigation and patching effort” were made." and "Maddie Stone specifically highlights three vulnerabilities (in Internet Explorer, Google Chrome, and Microsoft Windows) that were exploited in-the-wild, but were not properly fixed after they were reported to each software vendor."
- 6. Free coffee! Dutch researcher hacks prepaid vending machinesOh, it's just this: "Unfortunately, as Venhoof discovered, older Nespresso cards are based on the Mifare Classic NFC chip, which uses strong-but-not-quite-strong-enough cryptography."
- 7. Critical Cisco Flaws Open VPN Routers Up to RCE AttacksWhen is the last time you said: "Hey, that web app on that IoT/network device was really secure!". Okay, never: "The flaws exist because HTTP requests are not properly validated in the management interface, according to Cisco. An attacker could exploit the vulnerabilities, merely by sending a specially crafted HTTP request to the management interface of one of the affected router models. From there, they would be able to execute arbitrary code as a root user, Cisco said." I feel like I've read the same advisory a thousand times.
- 8. Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror moviesTest data is funny sometimes: "“This was actually a test we were running on a dev server and it accidentally went out. We appreciate you reaching out to us to verify this. We do apologize for this inconvenience (to) you.”"
- 9. NIST Offers Tools to Help Defend Against State-Sponsored Hackers
- 10. Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module"The most severe issue we discovered is VD-1406, a remote stack overflow that allows an attacker in the proximity of an RTL8195 module to completely take over the module, without knowing the Wi-Fi network password (PSK) and regardless of whether the module is acting as a Wi-Fi access point or client. "
- 11. emba, an analyzer for Linux-based firmware of embedded devices
- 12. Detecting Threats with Process Tree Analysis without Machine Learning
- 13. A Look at iMessage in iOS 14
- 14. Vovalex is likely the first ransomware written in D
- 15. Why Russia May Have Stepped Up Its Hacking Game
- 16. Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
- 17. New Linux malware steals SSH credentials from supercomputersOne way to get some time on a Supercomputer: ""On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file""
- 18. Intezer – How We Escaped Docker in Azure FunctionsDear Microsoft, please listen to this show: " With these extra capabilities it was clear that the container was run with the ––privileged flag."
- 1. Experts discovered a new Trickbot module used for lateral movementTrickbot operators have been spotted leveraging a new Trickbot module dubbed "masrv" (masrvDll32 and masrvDll64) which uses the "Masscan" open-source utility to scan local networks, allowing attackers to more easily move laterally across targeted organizations' networks in search of vulnerable devices with open ports that can be compromised.
- 2. New Linux malware steals SSH credentials from supercomputersA new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of SSH. Even with SSH, you should enable MFA, and limit certificates trusted for authentication.
- 3. Trickbot Back from the Dead in New CampaignSecurity researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late in 2020
- 4. Operation NightScout: Supply?chain attack targets online gaming in AsiaESET discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. DIsable or untnstall until known good patch available.
- 5. CISA Launches Campaign to Reduce the Risk of RansomwareCISA has launched a campaign to reduce the risk of ransomware, including a one-stop resource for alerts, guides, fact sheets, training and other resources. While the initial focus is on supporting COVID-19 response organizations and K-12 educational institutions, there is real value to any organization wanting to combat ransomware.
- 6. ZINC attacks against security researchers – Microsoft SecurityMicrosoft’s Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team write that over that past months, they have “detected cyberattacks targeting security researchers by an actor we track as ZINC.”
- 7. US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hackUS courts have been instructed to issue standing or general orders that “highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system.
- 8. North Korean hackers are targeting security researchers with malware, 0-daysA North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google's Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware.
- 9. Intel says it wasn’t hacked after all; blames internal error for financial results leaking outThe URL of their earnings infographic was inadvertently leaked, and accessed by third-parties, necessitating an immediate release of the earnings report. Unintentional insider incidents are common and can cause significant damage, including the accidental exposure of sensitive financial data.