BYU-I CSA MEETING 2022-Spring: Week 02
Thursday, April 28, 2022
BeEF – Browser Exploitation Framework presented by Dax
Web Exploits! Database? Web Front End? Web Backend?
We will show you how hackers break in.
BeEF on Github
Hacking News
“The Secretary of State for Finance of Rio de Janeiro confirmed on Friday that it was dealing with a ransomware attack on its systems.
The LockBit ransomware group claimed to have attacked systems connected to the government offices, stealing about 420 GB. The group threatened to leak the stolen data on Monday.”
https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/
“Lemon_Duck gains access to exposed Docker APIs and runs a malicious container to fetch a Bash script disguised as a PNG image. The payload creates a cronjob in the container to download a Bash file (a.asp) that performs the following actions:–Kill processes based on names of known mining pools, competing cryptomining groups, etc.
–Kill daemons like crond, sshd and syslog.
–Delete known indicator of compromise (IOC) file paths.
–Kill network connections to C2s known to belong to competing cryptomining groups.
–Disable Alibaba Cloud’s monitoring service that protects instances from risky activities.”
https://www.bleepingcomputer.com/news/security/docker-servers-hacked-in-ongoing-cryptomining-malware-campaign/
“Vermilion Strike, a malicious implementation of Cobalt Strike’s Beacon function, can target Linux computers with remote access capabilities without being discovered. It’s certain that malware will follow now that Microsoft is aggressively integrating Windows Subsystem for Linux (WSL) into Windows 11. In fact, all the code that’s being written for botnets and for malware can run on new Windows platforms.”
https://www.securityweek.com/how-linux-became-new-bullseye-bad-guys
“Ideally, this new recruiting solution should enable recruiters to assess a variety of skills and functions mapped to frameworks such as NIST/NICE and MITRE ATT&CK. In addition, NICE job descriptions should be incorporated into the solution — solving the challenge of writing precise job descriptions for most positions.”
https://www.securityweek.com/overcoming-cybersecurity-recruiting-challenges
“We discovered the vulnerabilities by listening to messages on the System Bus while performing code reviews and dynamic analysis on services that run as root, noticing an odd pattern in a systemd unit called networkd-dispatcher. Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities.”
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
“Jamie Moles, a senior technical manager at ExtraHop, said the bot-elimination mission could have spinoff benefits for the entire industry. “While this seems like a Sisyphean task, if he’s successful, the methods used by Twitter to eliminate bots from the platform may generate new techniques that improve the detection and identification of spam emails, spam posts, and other malicious intrusion attempts,” Moles said.”
https://www.securityweek.com/can-elon-musk-spur-cybersecurity-innovation-twitter
