Bypassing Biometrics, Hiding in Plain Sight, Hacker Cinema, & High Aspirations – PSW #720

Pretty good write-up of some of the ways in which to store and access secrets in AWS.

Pretty neat addition to the platform: "Collections...are live reports that contain, alongside a title and an optional description, a group of IoCs such as domain addresses, file hashes, IPs, and URLs, which can be enhanced with VirusTotal analysis metadata."

Agree or Disagree? - "Today, it’s nearly impossible to tell the good from the bad without the ability to decrypt traffic securely."

This is so interesting: "while the scanner board communicates with the communication board using normal network, the printer board seems to use CAN bus to interact with the formatter, making the architecture of this MFP somewhat similar to vehicles" Shodan is proof some people don't do this: "Secondly, since an attacker in the same network segment can exploit the vulnerability by communicating directly to JetDirect TCP/IP port 9100, it is recommended to place the printers into a separate, firewalled VLAN" Full research (A GREAT read): https://labs.f-secure.com/assets/BlogFiles/Printing-Shellz.pdf

Have to give Zoom some credit here: "Their most recent step in this regard has been the launch of end-to-end encryption followed by two-factor authentication." and now they have automatic updates. Though does not appear to support Linux clients for me and the other person using the Linux client.

Oh and they fixed a couple of vulnerabilities: "Following the report from the researcher, Zoom patched both the vulnerabilities with the latest releases. Users can take a look at the list of affected products shared in Zoom’s advisory to know about the security status of their apps. Whereas it’s ideal to ensure still updating the respective Zoom apps to the latest releases to receive any patches anyway."

Awesome: "For our final step, we add some wood glue on top of the print to bring to life a fake fingerprint that we can use on a scanner."