Hello everyone! Last Week's Security News, August 1 - August 8.
Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It's like an Oscar or Tony in the information security world. Pwnie Awards recognizes both excellence and incompetence. And, in general, is a very respectable, adequate and fun event.
There were 10 nominations. I will note a few.
"You can make a fortune in Ransomware with a little bit of math
It's called encryption, just a little bit of math cause a conniption"
and
"You can blame IT or some Russian sociopath
But personally I blame math"
Brilliant. =)
Now I would like to talk about the Apple scandal. They want to detect illegal photos on users' iPhones and report them to a special non-profit organization established by the US Congress. As far as I understand, report this to the police, but not directly.
And when you hear this, you can imagine that some system component in the iPhone operating system is scanning the file system, somehow cleverly analyzing the files on the device, or uploading them to the cloud for analysis and informing officials. But this is not the case. At least for now.
Apple will check photos on users' device, but only
In general, so far it does not look like some kind of total surveillance mechanism or something that could easily become such a mechanism. But it's always a good idea to think about who exactly controls your devices. Even if this someone has the best intentions. So, as I mentioned in another video, the iPhone is an odd choice if you're serious about privacy. Not only because the iPhone is the number one target for attackers, but also because of the features of the platform itself.
Last week there was an interesting update to the PrintNightmare story.
Mimikatz creator Benjamin Delpy created an Internet-accessible print server that installs a print driver and launches a DLL with SYSTEM privileges. The current version drivers launches a SYSTEM command prompt. This new method effectively allows anyone, including threat actors, to get administrative privileges simply by installing the remote print driver. Once they gain administrative rights on the machine, they can run any command, add users, or install any software, effectively giving them complete control over the system. This technique is especially useful for threat actors who breach networks for the deployment of ransomware as it allows quick and easy access to administrative privileges on a device that helps them spread laterally through a network.
And finally I would like to tell about critical vulnerabilities (CVE-2021-1609, CVE-2021-1610) in Cisco VPN routers. A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a remote, unauthenticated attacker to take over a device – and researchers from Tenable said there are at least 8,800 vulnerable systems open to compromise.
“While both flaws exist due to improper validation of HTTP requests and can be exploited by sending specially crafted HTTP requests, CVE-2021-1610 can only be exploited by an authenticated attacker with root privileges,” according to Tenable. “Successful exploitation would grant an attacker the ability to gain arbitrary command execution on the vulnerable device’s operating system.” If patching isn’t possible, users should make sure that remote web management is disabled, the firm added.