From Security Weekly Wiki
Jump to navigationJump to search
#[ Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks] - They brute-forced the key! Okay, but not really, the implementation had vulnerabilities that allowed brute-forcing to be feasible: ''“We are able to run an exhaustive key search to identify the encryption key that is used to encrypt the hashed password used to protect the application on the PLC,” ...The brute-force effort was made possible thanks to two flaws, researchers noted: First, the random nonce and secret key used in the encryption process are exchanged in cleartext...And secondly, the seed that is used to generate the keys is only two bytes long. This means that there are only 65,535 possible combinations of seed.''
#[ Yantra Manav A wormable SSH bot] - Love it: ''This blog post is purely based on my learning process on creating and emulating a wormable SSH bot. ''
#[ SaltStack Salt REST API Arbitrary Command Execution]- ''According to the advisory, an unauthenticated attacker could use shell injection to execute arbitrary code on the Salt-API via the Salt SSH client. Interestingly, the patch was pushed to SaltStack’s GitHub on August 18th, though it’s not clear why the update and details were only recently disclosed. Based on the patch details, the fix prevents Popen with shell=True in the Salt SSH client.'' (From:
#[ Microsoft advises users to stop using SMS- and voice-based MFA - Help Net Security]
#[ The alleged decompiled source code of Cobalt Strike toolkit leaked online]


Navigation menu