2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare
BrakeSec Education Podcast · Amanda Berlin, Bryan Brake, and Brian Boettcher
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
https://www.mindtools.com/pages/article/newHTE_95.htm
https://www.infoq.com/news/2021/07/microsoft-linux-builder-mariner/
https://www.productplan.com/glossary/action-priority-matrix/
More PrintNightmare issues: https://www.bleepingcomputer.com/news/microsoft/windows-10-july-security-updates-break-printing-on-some-systems/
""After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication," Microsoft explained."
https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/
"Shlayer, discovered in 2018, is constantly maintained and also evolving. The graph below is representative of Shlayer continually being a go-to piece of malware that attackers use to compromise the victim's machine. We observed an uptick in Shlayer detections occurring before the release of CVE-2021-30657 (the Gatekeeper bypass) that was being exploited by Shlayer. This vulnerability was subsequently patched on April 26, 2021."
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/
https://access.redhat.com/security/cve/cve-2021-33910
"It works by enabling attackers to misuse the alloca() function in a way that would result in memory corruption. This, in turn, allows a hacker to crash systemd and hence the entire operating system. Practically speaking, this can be done by a local attacker mounting a filesystem on a very long path. This causes too much memory space to be used in the systemd stack, which results in a system crash." There's no way to remedy this problem. While it's not present in all current Linux distros, you'll find it in most distros such as the Debian 10 (Buster) and its relatives like Ubuntu and Mint. Therefore, you must, if you value keeping your computers working, patch your version of systemd as soon as possible. You'll be glad you did.
https://redmondmag.com/articles/2021/07/21/serioussam-windows-flaw.aspx
https://securityaffairs.co/wordpress/120576/security/apple-cve-2021-30807-zero-day.html?
https://github.com/GossiTheDog/HiveNightmare
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#AmazonMusic: https://brakesec.com/amazonmusic
#Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec