Psw660

From Security Weekly Wiki
Revision as of 17:45, 29 July 2020 by Paul Asadoorian (talk | contribs) (Added By Paul's Craptastic PPWorks Code)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Paul's Security Weekly Episode #660 - July 30, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Gravwell Big Bang Release - 06:00 PM

Description

Hosts

2. MIDAS - 07:00 PM

Description

Hosts

3. Security News - 08:00 PM

Description

Hosts

Paul Asadoorian's Content:

Articles

  1. DIY: Hunting Azure Shadow Admins Like Never Before
  2. Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
  3. CVE-2020-8163
  4. Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
  5. Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
  6. Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
  7. GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
  8. Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
  9. Offensive Security Acquires Cybersecurity Training Project VulnHub
  10. 11 Tips And Tricks To Write Better Python Code
  11. Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
  12. The Age of Mass Surveillance Will Not Last Forever - I kinda agree: Meanwhile, the corporations of the world digested the realization that their darkest shame—their willful complicity in crimes against the public—had not been punished. Rather, these collaborators had been actively rewarded, with either explicitly retroactive immunity or informal guarantees of perpetual impunity. They became our latest Big Brother, striving to compile perfect records of private lives for profit and power. From this emerged the contemporary corruption of our once-free internet, called surveillance capitalism.
  13. BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
  14. Hackers Broke Into Real News Sites to Plant Fake Stories - Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. GRU? NO evidence, but why not mention them: While FireEye has made no such claims that the Ghostwriter news site compromises were the work of the GRU, Hultquist argues that the incidents in Poland and the Baltics should nonetheless serve as a warning.
  15. New tool detects shadow admin accounts in AWS and Azure environments
  16. The Garmin Ransomware Hack Is Horrifying - So opt-out, and all the features go bye-bye (* shaking my head): While most Garmin smartwatches do not connect to the internet natively and store workout information on the devices themselves, the Garmin Connect app does not allow users to transfer their workout information to the app without storing it on Garmin’s servers. Garmin allows users to “Opt Out” of sharing workout information with the company, but opting out makes the app essentially useless
  17. New Features in Python 3.9