My Shared Links — Week 51/2022
Collection of the {cyber,info}security resources and links I have found insightful and shared during week #51 of 2022.
Eufy camera security breach admission leaves many questions unanswered
Early December, Paul Moore, a security researcher, revealed a frightening security situation with Eufy home security products including camera-equipped doorbells. In the thread and accompanying videos, Moore shows proof that Eufy cameras are sending data that is said to be “stored locally” to the cloud, even when cloud storage is disabled.
Brand owner Anker has finally responded to proof of a major Eufy camera security breach, but its official statement still leaves a great many questions unanswered. The company has now admitted that it lied to users about all footage and images being stored locally, and never sent to the cloud, after Paul Moore proved that this was not true …
OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022–41080 and CVE-2022–41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.
Okta says its GitHub account hacked, source code stolen
Depending of the quality of that given source code.. and the cybercriminals’ skills… We may or may not have our 2022 X-Mas Log4J 💥 Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub source code repositories were hacked this month.
According to a ‘confidential’ email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta’s source code.
The now (in)famous Misconfigured Amazon Web Services S3 bucket strikes again.
Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students’ information as well as the education publishing giant’s own source code and digital keys, according to security researchers.
Apparently, the misconfigured S3 buckets could have been accessed by anyone with a web browser as far back as 2015.
DraftKings warns data of 67K people was exposed in account hacks
Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.
In credential stuffing attacks, automated tools are used to make a massive number of attempts (up to millions at a time) to sign into accounts using credentials (user/password pairs) stolen from other online services.
Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications
Russia’s cyber operations in Ukraine have apparently not had much military impact. This was probably for a multitude of reasons: Russia’s offensive limitations, as well as the defensive efforts of Ukraine and its partners; the particular context of this war, as well as structural features of cyberspace and warfare generally.
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
The Cymulate Offensive Research Group, and one of its lead researchers, Ilan Kalendarov, were able to extend the methodology [hardware breakpoints] into a new technique named “Blindside” to allow for the method to work on a broader scale. Instead of hooking a specific function, the Blindside technique instead loads a non-monitored and unhooked DLL and leverages debug techniques that could allow for running arbitrary code. This permits more flexibility in what code can be executed outside the watchful eye of many commercial EDR and XDR platforms.
LinkedIn has massively cut the time it takes to detect security threats. Here’s how it did it
LinkedIn revitalized its cybersecurity operations to be more effective than ever — by working smarter, not harder.
Protecting against phishing, malware and other cyber threats is a difficult cybersecurity challenge for any organization — but when your business has over 20,000 employees and runs a service used by almost a billion people, the challenge is even tougher.