AirDrop Vulns, Linux Hypocrite Commits, Wi-Fi Code Execution, & We’ll Miss You Dan – PSW #692

Did they violate the CFAA, copyright laws, or both? - "Maybe. In fact, the U.S. Supreme Court is currently considering a case that will help clarify whether accessing a database you are allowed to access, but for a purpose for which you are not authorized, constitutes a violation of the statute. When Azimuth “cracked” the iPhone, they probably violated something in the license agreement. I have no earthly clue, because, frankly, the license agreement is unreadable. In fact, that’s kind of the point."

Pen tests don't test everything, do you still need them? - "surveyed enterprises with 3,000 or more employees and found that 70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches, yet only 38 percent test more than half of their attack surface annually. Many organizations are conducting penetration tests to detect and mitigate threats yet remain dangerously vulnerable. The research shows that when using penetration testing as a security practice organizations lack visibility over their internet-exposed assets, resulting in blind spots that are vulnerable to exploits and compromise."

Same source, different take: "During pentests, highly technical and skilled individuals manually vet results to identify risks via exploitation attempts and vulnerability chaining. Scanning for vulnerabilities and penetration testing are both necessary components of a comprehensive security strategy. One does not replace the other."

"A vulnerability scan provides a point-in-time snapshot of the vulnerabilities present in an organization's digital infrastructure. However, new deployments, configuration changes, newly discovered vulnerabilities, and other factors can quickly make the organization vulnerable again. For this reason, you must make vulnerability management a continuous process rather than a one-time exercise."

"Composer is billed as a tool for dependency management in PHP, enabling easy installation of packages relevant to a project. It also allows users to install PHP applications that are available on Packagist, a repository that aggregates all public PHP packages installable with Composer. According to SonarSource, the vulnerability stems from the way package source download URLs are handled, potentially leading to a scenario where an adversary could trigger remote command injection. As proof of this behavior, the researchers exploited the argument injection flaw to craft a malicious Mercurial repository URL that takes advantage of its "alias" option to execute a shell command of the attacker's choice."

"GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network. SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack."

Vuln 1 - "After collecting the (hashed) contact identifiers, the attacker can recover phone numbers and email addresses offline. As shown in prior work, recovering phone numbers is possible in the order of milliseconds. Recovering email addresses is less trivial but possible via dictionary attacks that check common email formats such as first.lastname@{gmail.com,yahoo.com,…}." and vuln 2 - "Importantly, the malicious sender does not have to know the receiver: A popular person within a certain context (e.g., the manager of a company) can exploit this design flaw to learn all (private) contact identifiers of other people who have the popular person in their address book (e.g., employees of the company)."

Quite the list of RTOSes! Samsung TVs, ICS gear with VxWorks, wow... Bob may have to go find these exploits (There are many).

“TALOS-2020-1211 (CVE-2020-28588) is an information disclosure vulnerability that could allow an attacker to view Kernel stack memory . We first discovered this issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel.”

This story is amazing.

Thread See new Tweets Tweet soooooo a few APRS sites might have XSS problems.... 4 36 101 This was sent over radio btw >> 2 2 24 Replies Replying to @xssfox and

Pompompurin hacking group has reportedly dropped a 263GB database containing the personally identifiable information (PII) of more than 250 million U.S. citizens on a popular hacking forum. Information reportedlyincludes victims' full names, telephone numbers, mailing addresses, dates of birth, marital status, zip codes, genders, house rentals, home addresses, credit limits, political affiliations, number of proprietary cars, wages and tax information, number of pets, and number of children.

A new phishing campaign has been spotted leveraging phishing emails impersonating JP Morgan Chase Bank in order to steal customers' login credentials. One of the phishing emails appeared to include a credit card statement while the other impersonated a locked account workflow.

CISA and NIST have released a joint report titled "Defending Against Software Supply Chain Attacks" that details software supply chain attacks, the risks associated with those attacks, and how firms can successfully mitigate those attacks. https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508.pdf

A newly identified NTLM relay attack abuses a RPC vulnerability to enable elevation of privilege from "User" to "Doman Admin." Requires MITM, and POC code is available. Microsoft will not be releasing a patch.

Version 11.3 for macOS, addresses a zero-day vulnerability (CVE-2021-30657) that was being actively exploited by hackers in order to infect targeted devices with "Shlayer" malware without triggering Mac security mechanisms that have been in place for more than 10 years.

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords and is publishing information on how to check and fix compromised systems.

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. Includes victims' email addresses, SHA1 hashed passwords, addresses, phone numbers, and other sensitive information.

University of Minnesota researchers have apologized for intentionally submitting a "buggy" patch into the Linux kernel to test the integrity of the update process without permission.

"Darkside" ransomware operators have been spotted threating targeted organizations listed on the NASDAQ and other stock markets with leaking stolen data that could adversely impact their stock prices in order to intimidate them into paying the ransom.

About 1.3 million current and historic login credentials from compromised Windows RDP servers have been leaked on the "Ultimate Anonymity Services" (UAS) criminal underground forum.

Trend Micro is warning customers that hackers are now trying to exploit a previously patched, high-severity vulnerability (CVE-2020-24557) affecting its Apex One, Apex One as a Service, and OfficeScan products that could be exploited by attackers to elevate privileges on vulnerable systems.