CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 76: November 27 2023

November 27, 2023 Jim Guckin CyberSecurity News Byte Weekly 26:5238.26M Comments Off on Episode 76: November 27 2023

Links

https://thehackernews.com/2023/11/warning-3-critical-vulnerabilities.html

https://www.securityweek.com/windows-hello-fingerprint-authentication-bypassed-on-popular-laptops/

https://securityaffairs.com/154743/security/app-used-by-hundreds-of-schools-leaking-childrens-data.html

https://www.theregister.com/2023/11/23/blackcat_ransomware_fnf/

3 Critical ownCloud Vulnerabilities

  • ownCloud
    • open-source file-sharing software
  • graphapi App
    • CVSS score: 10/10
    • versions from 0.2.0 to 0.3.0.
    • uses third-party library that provides a URL.
      • URL is accessed, it reveals the configuration details of the PHP environment (phpinfo) (environment variables of the web server)
    • Containerized Deployment
      • environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.
    • Fix
      • delete the “owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php” file.
      • disable the ‘phpinfo’ function.
      • change secrets.
        • ownCloud admin password
        • mail server and database credentials
        • Object-Store/S3 access keys.
      • WebDAV Api
        • CVSS score: 9.8/10
        • Versions: core 10.6.0 – 10.13.0
        • Access, Modify or delete any files.
          • Username of victim is known.
          • No signing key configured.
            • Default config
          • oauth2 app
            • CVSS score: 9/10
            • Versions: oauth2 < 0.6.1
            • improper access control
            • A malicious actor can pass in a specially crafted redirect-url to the system.
              • bypasses the validation code.
              • redirect callbacks to a TLD maliciously controlled.
            • PoC for Other Vulnerability
              • CrushFTP
              • CVE-2023-43177
                • No CVSS yet
              • unauthenticated attacker to access files, run arbitrary programs on the host, and acquire plain-text passwords.
              • version 10.5.2
                • Released on August 10, 2023.

Indian App used by Schools leaks Data

  • Cybernews
    • recent investigation
  • AppsCook
    • Application Developer
    • Apps used in 600 Schools.
      • India and Sri Lanka
      • Education management
    • 96 school-specific apps
      • support online classes.
      • enable direct communication between parents and schools.
        • regarding their child’s academic performance and daily activities
      • AppsCook DigitalOcean
        • Misconfigured
        • Open without authentication
        • Leaking Data
          • Students’ names
          • Names of parents
          • Pictures of students attending pre-primary, primary, and secondary schools
          • Names of the schools’ children attend.
          • Birth certificates
          • Fee receipts
          • Student report cards/exam results
          • Home addresses
          • Phone numbers
        • Attacks
          • exploit the vulnerability of children by attempting to extort their parents.
          • revealing their daily whereabouts
            • and what they look like
          • Social Engineering
            • impersonate school officials.
            • manipulate children and parents.

Windows Hello Fingerprint Issues

  • Microsoft’s Offensive Research and Security Engineering
    • And Blackwing Intelligence
    • Bypass fingerprint authentication
  • Tested
    • Dell Inspiron 15 with a Goodix fingerprint sensor
    • Lenovo ThinkPad T14s with the Synaptics sensor
    • Microsoft Surface Pro X, which has an ELAN sensor.
  • Match-on-Chip
    • Fingerprint Sensor
    • chip has a microprocessor and memory.
    • fingerprint data never leaves the sensor.
  • Attack
    • physical access to the targeted device
    • connecting a hacking device to each laptop, via USB
    • connecting the fingerprint sensor to a specially crafted rig.
    • Dell and Lenovo
      • enumerating valid IDs associated with user fingerprints.
      • enrolling the attacker’s fingerprint by spoofing a legitimate user’s ID
    • Surface
      • unplug the Type Cover
        • keyboard
          • includes fingerprint sensor.
        • connect a USB device.
          • spoofs the fingerprint sensor.
          • instructs the system that an authorized user is logging in.

BlackCat claims the Fidelity National Finance Attack

  • Fidelity National Financial (FNF)
    • Fortune 500
    • $11 billion in total revenue in 2022
    • title insurance and settlement services
      • real estate and mortgage industries.
    • 8-K filing with the Securities and Exchange Commission (SEC)
      • shut down several systems, disrupting various areas of the business.
      • Material impact
    • What is known?
      • SEC Filing dated November 19
        • Made public 2 days later.
          • Within the 4-day reporting window
        • ALPHV/BlackCat
          • November 22
          • Posted to their leak blog.
          • Poked fun at incident response company
            • Mandiant
              • Reputation
              • lack of action regarding the attack
            • giving them more time before the leak
              • “Before disclosing whether or whether we have [not] collected any data, we will allow FNF further time to get in touch,” it said. “Wouldn’t want to disclose every card at this early stage.”
            • Impact
              • companies and home buyers
                • unable to close purchases
              • wait for the closing system to come back online.
            • Speculation
              • “CitrixBleed.”
              • Kevin Beaumont
                • Security Researcher
                • Shodan scan of Netscaler boxes
                  • Patched 2 weeks after it came out.
                • CitrixBleed
                  • CVE-2023-4966
                  • unauthenticated attacker sends a specially crafted request to NetScaler ADC or Gateway instance.
                  • obtain valid session tokens.
                  • bypass authentication

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease