It’s All in the Logs | TechSNAP 361
All Jupiter Broadcasting Shows
Shownotes Transcript
Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.
Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!
Links:
Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app )
It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name “SEKRET”. (The new class images have a WarGames theme, hence the shout-outs to classic video games!)
Thousands of servers found leaking 750MB worth of passwords and keys )
Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to access MySQL and PostgreSQL databases, content management systems, and other types of production servers.
Atlanta city government systems down due to ransomware attack )
FBI called in as some city services are interrupted, employees told to turn off PCs.
Android malware found inside apps downloaded 500,000 times )
The malware was sneaked onto the Google Play store disguised as seven different apps -- six QR readers and one 'smart compass' -- and bypassed security checks by hiding its true intent with a combination of clever coding and delaying its initial burst of malicious activity.
From hacked client to 0day discovery )
We will discover in this article how a recent incident response to a customer was handled and how we discovered an otherwise publicly unknown vulnerability that was never reported by the manufacturer which left thousands of users unprotected from this security flaw.