Security Stack Sheet #57

Word of the week“Client-Side Battlefront”

https://cdn-images-1.medium.com/max/800/1*ODrF2XuUEuTPQyN_UjPJRA.png

Links HERE and HERE

Word of the week special

cid:<a href=

Link to tweet thread HERE

Risk Acceptance

cid:<a href=[email protected]″>

Unknown source

Bonus

cid:<a href=

Link HERE

DO YOU AGREE?

cid:<a href=[email protected]″>

Link HERE

cid:<a href=[email protected]″>

Link HERE

Hahaha – Russian Rewards for bounties

cid:<a href=[email protected]″>

Link HERE – thanks to Prash

cid:<a href=[email protected]″>

Change fish with exploit.

Link HERE

https://pbs.twimg.com/media/D8t8b-DW4AgBGMN.jpg:large

Link HERE

Crypto challenge of the week

Hacky Easter 2019! – started on the 16th of April!

Link HERE

https://pbs.twimg.com/profile_images/708919573614039040/EwgmBsjU_400x400.jpg

Try this Medium one:

New Egg Design

Thumper is looking for a new design for his eggs. He tried several filters with his graphics program, but unfortunately the QR codes got unreadable. Can you help him?!

egg design

Link HERE

Dates

May 25th2019: 1 year of GDPR Live! See incidents section below

June 30th2018: TLS1.1 mandatory for PCI-DSS compliance  BEWARE!

Link HERE

Now: TLS1.2 mandatory for proper security

HTTPS everywhere HERE

Deprecating TLSv1.0 and TLSv1.1 gracefully with Cloudflare Workers

Link HERE

Halloween Brexit! or later or not or bust Brexit Fatigue HERE

cid:<a href=[email protected]″>

Link HERE

September 2019: PSD2 security mandatory

November 3rd 2020: Trump’s second term start

Book on the week/month

Not exactly a book

Picture

Link HERE Feedback and discussion HERE

Vulnerability disclosure publications and discussion tracking

Link HERE

Comic of the week

Why Are Other Companies Not Doing It - Dilbert by Scott Adams

AND

No alt text provided for this image

##Some OWASPstuff first

-A new OWASP project is building a top 10 of security risks for APIs – DRAFT

cid:<a href=[email protected]″>

Link HERE

-OWASP dependency-check 5.0.0 released

Image result for owasp dependency check

Link HERE

-Some basics – OS command injection

Link HERE

-Live Hacking like a MVH – A walkthrough on methodology and strategies to win big

Link HERE

-How do we Stop Spilling the Beans Across Origins?

A primer on web attacks via cross-origin information leaks and speculative execution

Link HERE

-Presentation Tips for Technical Talks

Link HERE

-Introducing experimental integrity policies to Node.js

Link HERE – thanks to Mike

-Server-Side Request Forgery (SSRF)

Link HERE

-Freshly (un)retired, Gary McGraw takes on machine-learning security (Q&A)

Link HERE

-Remember: Pushing Left Like a Boss

This is a “Train the Trainer” document, to be used by someone who wants to present this talk for an audience. If you were hoping to learn more about this topic, and not to learn how to present this talk, stop reading this document and do this instead: 1) watch the video of this talk, 2) read the blog series based on this talk and 3) follow the author of this talk to continue learning about this topic, Tanya Janca

Link HERE

-Threat Modelling cookbook

Link HERE

-Remember: Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?

cid:<a href=[email protected]″>

Link HERE

-Reverse engineering workshops

Link HERE

cid:<a href=[email protected]″>

Link HERE

Events

OWASP eventsHERE

All InfoSec events HERE

First AWS Security Conference – AWS re:Inforce 2019

Link HERE

Hack In Paris 2019 HERE

AppSec Europe Tel-Aviv May 2019

Slides soon!

OWASP Summit London

Github repoHERE

The complete Security Events calendar – Peerlyst

Link HERE

Remember: Application Protection and Performance Monitoring

Using Datadog + Signal Sciences

Link HERE

Bsides London 2019 Presentations

AWS vs Azure Security

cid:<a href=[email protected]″>

Link HERE

Related: On-Premises vs. Azure Security Stack

No alt text provided for this image

Link HERE

A Safer Way to Pay – Chester Wisniewski

Link HERE

Other presentations from Bsides 2019 HERE

Incidents

Global ALERT level

cid:<a href=[email protected]″>

BLUE or GUARDEDindicates a general risk of increased hacking, virus, or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred. 

Incident data HERE Find your country

Link HERE

NCSC Weekly Threat Report

Provided Image

Unsecured database exposes security logs of major hotel chains

Security researchers have discovered an unsecured database that exposed the security logs – and therefore potential cyber security weaknesses – of major hotels managed by the Pyramid Hotel Group.

Pyramid Hotel Group manages hotels in the US, Hawaii, the Caribbean, Ireland, and the UK, including Marriott, Sheraton and Hilton properties

Organisations still struggle to manage vulnerability patching

Almost 27% of organisations globally have suffered a breach as a result of vulnerabilities that have remained unpatched, according to Tripwire’s 2019 Vulnerability Management Survey.

59% of organisations surveyed said they could detect new hardware and software on their network within hours, with some suggesting it would take mere minutes. Worryingly, 21% said it would take days, 7 percent said weeks, and 11% couldn’t detect new devices at all

Microsoft drop password expiration policies

Microsoft has acted to change its security rules meaning users will no longer have to reset credentials periodically.

This update, which you can read about in Microsoft’s blog post, strengthens the argument that regularly changing passwords is bad for security. Authored by Microsoft consultant Aaron Margosis, the post also describes periodic password expiration as “ancient and obsolete mitigation of very low value,”

Link HERE

Transatlantic Cable podcast, episode 96 – by Kaspersky

Links HERE

Troy Hunt Weekly update 142

cid:<a href=[email protected]″>

Link HERE

Incidents & events detail

AKAMAI REVEALS HACKERS TARGETED THE GAMING INDUSTRY WITH OVER 12 BILLION ATTACKS IN 17 MONTHS

cid:<a href=[email protected]″>

Link HERE

Some sage security advice after Radiohead’s unreleased music hack

Bad news: Radiohead was hacked

Link HERE

DON’T LEAK SENSITIVE DATA VIA SECURITY SCANNING TOOLS

https://cdn-images-1.medium.com/max/1000/1*K_abqAbUCbwgUzKuMu73FA.png

Link HERE

Mobile Malware Analysis : Overlay and How to Counter it (partly)

Link HERE

Subdomain Enumeration: 2019 Workflow

Link HERE

Someone slipped a vuln into crypto-wallets via an NPM package. Then someone else siphoned off $13m in coins to protect it from thieves

Link HERE

Diebold Nixdorf warns customers of RCE bug in older ATMs

ATM vendor rolls out software update, says no attacks detected in the wild, low chance of exploitation

Link HERE

Microsoft says mandatory password changing is “ancient and obsolete”

Bucking a major trend, company speaks out against the age-old practice

Link HERE

The GoldBrute botnet is trying to crack open 1.5 million RDP servers

Link HERE

cid:<a href=[email protected]″>

Link HERE

For two hours, a large chunk of European mobile traffic was rerouted through China

It was China Telecom, again. The same ISP accused last year of “hijacking the vital internet backbone of western countries.”

Link HERE

Research of the week

Improving Vulnerability Remediation Through Better Exploit Prediction

Despite significant innovations in IT security products and research over the past 20 years, the information security field is still immature and struggling. Practitioners lack the ability to properly assess cyber risk, and decision-makers continue to be paralyzed by vulnerability scanners that overload their staff with mountains of scan results. In order to cope, firms prioritize vulnerability remediation using crude heuristics and limited data, though they are still too often breached by known vulnerabilities for which patches have existed for months or years. And so, the key challenge firms face is trying to identify a remediation strategy that best balances two competing forces. On one hand, it could attempt to patch all vulnerabilities on its network. While this would provide the greatest coverage of vulnerabilities patched, it would inefficiently consume resources by fixing low-risk vulnerabilities. On the other hand, patching a few high-risk vulnerabilities would be highly efficient, but may leave the firm exposed to many other high-risk vulnerabilities. Using a large collection of multiple datasets together with machine learning techniques, we construct a series of vulnerability remediation strategies and compare how each perform in regard to trading off coverage and efficiency. We expand and improve upon the small body of literature that uses predictions of published exploits, by instead using exploits in the wild as our outcome variable. We implement the machine learning models by classifying vulnerabilities according to high- and low-risk, where we consider high risk vulnerabilities to be those that have been exploited in actual firm networks

https://pbs.twimg.com/media/D83zlzvUcAEFHd-.png

Link HERE

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Today, more and more web browsers and extensions provide anonymity features to hide user details. Primarily used to evade tracking by websites and advertisements, these features are also used by criminals to prevent identification. Thus, not only tracking companies but also law-enforcement agencies have an interest in finding flaws which break these anonymity features. For instance, for targeted exploitation using zero days, it is essential to have as much information about the target as possible. A failed exploitation attempt, e.g., due to a wrongly guessed operating system, can burn the zero-day, effectively costing the attacker money. Also for side-channel attacks, it is of the utmost importance to know certain aspects of the victim’s hardware configuration, e.g., the instruction-set architecture. Moreover, knowledge about specific environmental properties, such as the operating system, allows crafting more plausible dialogues for phishing attacks. In this paper, we present a fully automated approach to find subtle differences in browser engines caused by the environment. Furthermore, we present two new side-channel attacks on browser engines to detect the instruction-set architecture and the used memory allocator. Using these differences, we can deduce information about the system, both about the software as well as the hardware. As a result, we cannot only ease the creation of fingerprints, but we gain the advantage of having a more precise picture for targeted exploitation. Our approach allows automating the cumbersome manual search for such differences. We collect all data available to the JavaScript engine and build templates from these properties. If a property of such a template stays the same on one system but differs on a different system, we found an environment-dependent property. We found environment-dependent properties in Firefox, Chrome, Edge, and mobile Tor, allowing us to reveal the underlying operating system, CPU architecture, used privacy-enhancing plugins, as well as exact browser version. We stress that our method should be used in the development of browsers and privacy extensions to automatically find flaws in the implementation

Link HERE

2019 SANS Automation & Integration Survey

Misconception #1: Anything can be automated

Misconception #2: Automation will replace people with machines or robots

Misconception #3: Existing tools can be easily integrated to automate anything

Misconception #4: Automation is easy to measure

Misconception #5: Automation is quick to implement

cid:<a href=[email protected]″>

Link HERE

“The Sponge Function”

https://cdn-images-1.medium.com/max/800/1*Ejsy0RSX6kN6WCLsrqz2Mg.jpeg

Link HERE

Tool of the week

PENETRATION TESTING PRACTICE LAB – VULNERABLE APPS / SYSTEMS

cid:<a href=[email protected]″>

Link HERE

cid:<a href=[email protected]″>

Link HERE

RDPassSpray : Python3 tool to perform password spraying using RDP

Link HERE

Guardian Firewall for iOS

Link HERE

Myki Password Manager

Link HERE

How to securely provide database credentials to Lambda functions by using AWS Secrets Manager

Figure 1: Solution architecture

Link HERE – thanks to Mike

Working with passwords in PowerShell prologue

Link HERE

cid:<a href=[email protected]″>

Link HERE

AWS S3 BUCKET DISCOVERY

BUILD YOUR OWN TOOLS WITH THE SECAPPS FUZZER

Link HERE

Other interesting articles

##A CTO’s Take on the Security Operations Maturity Model

Security operations maturity results in faster MTTD/MTTR and cyberthreat resilience

Link HERE

##Is Vulnerability Management Hopeless?

No, but you have to decide how much you’re willing to change to make it more effective…

Link HERE

##Why the UK must invest more resource into cyber security—now

As digital transformation continues to roll across every aspect of our lives, the UK’s ability to function effectively is ever increasingly dependent on cyber security

Why the UK must invest more resource into cyber security—now image

Link HERE

##And finally, Beyond the Dark Forest Theory of the Internet

Re-learning how to be yourself online

Link HERE

AND

Programmer migration patterns

cid:<a href=[email protected]″>

Link HERE

##HACKING, TOOLS and FUN – CHECK BELOW!

AppSec Ezine

Must see

URL: https://www.inputzero.io/2019/06/hacking-smart-tv.html

Description: Hacking Smart TV – Supra Smart Cloud TV  (CVE-2019-12477).

URL: http://bit.ly/2I0PuWB  (+)

Description: The Unusual Case of Status code 301 Redirection to AWS Credentials Leak.

URL: http://bit.ly/31aZJz2  (+)

Description: Google bug bounty – LFI on production servers in //springboard.google.com.

Link HERE and credits toHERE

Leave a Reply

Your email address will not be published. Required fields are marked *