Cybersecurity Newsletter, September 28 - October 4
Qrator

Welcome to the regular networking and cybersecurity newsletter, brought to you by Qrator Labs!
This time we are interested in the most interesting materials published between September 28 and October 4, 2020.

Plane-tracking site Flight Radar 24 DDoSed... just as drones spotted buzzing over Azerbaijan and Armenia 

"Popular plane-tracking website Flight Radar 24 has been the victim of multiple DDoS attacks over the past few days – and though the site's operators haven't attributed blame, some have wondered if a regional conflict may have been the cause."
 

Attacks Aimed at Disrupting the Trickbot Botnet

"Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations." - Brian Krebs.
 

Code scanning is now available!

"GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning. You can enable it on your public repository today!"
 

Cached and Confused: Web Cache Deception in the Wild

"Web cache deception (WCD) is an attack proposed in 2017, where an attacker tricks a caching proxy into erroneously storing private information transmitted over the Internet and subsequently gains unauthorized access to that cached data. Due to the widespread use of web caches and, in particular, the use of massive networks of caching proxies deployed by content distribution network (CDN) providers as a critical component of the Internet, WCD puts a substantial population of Internet users at risk."
 

Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints

"In the past months, our Vulnerability and Malware Research teams joined efforts to focus on the exploits inside the malware and specifically, on the exploit writers themselves. Starting from a single Incident Response case, we built a profile of one of the most active exploit developers for Windows, known as “Volodya” or “BuggiCorp”. Up until now, we managed to track down more than 10 (!) of their Windows Kernel Local Privilege Escalation (LPE) exploits, many of which were zero-days at the time of development."
 

Complexity has broken computer security, says academic who helped spot Meltdown and Spectre flaws

"So says Daniel Gruss, assistant professor in the Secure Systems group at Austria's Graz University of Technology. Gruss and his colleagues discovered some of the biggest recent security snafus, including the Meltdown and Spectre microprocessor design flaws, a working Rowhammer exploit, attacks on Intel SGX including Plundervolt, and many more besides."
 

The Powerful HTTP Request Smuggling 

"TL;DR: This is how I was able to exploit a HTTP Request Smuggling in some Mobile Device Management (MDM) servers and send any MDM command to any device enrolled on them for a private bug bounty program."
 

Forcing Firefox to Execute XSS Payloads during 302 Redirects

"However, modern browsers (Google Chrome, Internet Explorer, Firefox) do not interpret the HTTP response body if the HTTP response status code is a 302, so our cross-site scripting payload is useless. Time to find a bypass!"
 

Who’s Behind Monday’s 14-State 911 Outage?

"Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States." - Brian Krebs.
 

Scaling the root of the DNS

"However, the DNS is simple in the same way that Chess or Go are simple. They have all constrained environments governed by a small set of rigid rules, but they all possess astonishing complexity." - Geoff Huston.
 

D-Wave releases its next-generation quantum annealing chip

"Today, quantum computing company D-Wave is announcing the availability of its next-generation quantum annealer, a specialized processor that uses quantum effects to solve optimization and minimization problems. The hardware itself isn't much of a surprise—D-Wave was discussing its details months ago—but D-Wave talked with Ars about the challenges of building a chip with over a million individual quantum devices. And the company is coupling the hardware's release to the availability of a new software stack that functions a bit like middleware between the quantum hardware and classical computers."
 

Repository of the week - DUF - Disk Usage/Free Utility (Linux, BSD & macOS)

 

Thank you for being such an awesome subscriber!

For feedback or any suggestions, please write to us at cybersec@qrator.net.