Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes — My verification test is below. Note that it gets stored in on-disk, collected logs (non-volatile logs).
• Thousands of servers found leaking 750MB worth of passwords and keys — Leaky etcd servers could be a boon to data thieves and ransomware scammers.
• Atlanta city government systems down due to ransomware attack — FBI called in as some city services are interrupted, employees told to turn off PCs.
• Android malware found inside apps downloaded 500,000 times | ZDNet — Cybercriminals have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps.
• From hacked client to 0day discovery — The client’s account had been blocked because it was spotted sending spam. Once connected to the service, it was clear that the monthly quota of the account was almost reached and that the latest emails sent shown on the dashboard had content that were clearly spam.
• Listener Feedback from Jeff S
• Listener Feedback from Tyler

Plus the news of the week that could impact your systems, feedback, and more.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com

Links:

• SamSam Ransomware Hits Hospitals, City Councils, ICS Firms — The SamSam crew usually scans the Internet for computers with open RDP connections and they break into networks by brute-forcing these RDP endpoints to spread to more computers.
• RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an… — How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software.
• EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World — The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.
• Lenovo Discovers and Removes Backdoor in Networking Switches — Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates earlier this week.
• Intel says Meltdown / Spectre patch causes reboots in computers with newer processors too — Data center performance can degrade by up to 25 percent for certain workloads.
• VMware pulled Spectre patches on Friday. — Affected updates are the ones for ESXi under VMSA-2018-0004 that contained CPU microcode. Despite these being the affected patches, all of the patches under VMSA-2018-004 have been pulled.
• Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7 — The set of Spectre mitigation patches for the GNU Compiler Collection (GCC) were accepted to mainline and will be part of GCC 8 with the GCC 8.1 stable release that will likely be due out around March. This is on top of many other changes/features of GCC 8.
• New Linux Method to Check your System — grep . /sys/devices/system/cpu/vulnerabilities/*
• AMD Processor Security — AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week.
• Skyfall and Solace
• An Introduction to Configuration Management | DigitalOcean — As a broader subject, configuration management (CM) refers to the process of systematically handling changes to a system in a way that it maintains integrity over time. Even though this process was not originated in the IT industry, the term is broadly used to refer to server configuration management
• Configuration Management on the Desktop — It installs GNOME, sets up my wallpaper, applies my GTK/icon themes, sets up my keyboard shortcuts, etc. It also sets up my SSH keys, user dotfiles, OpenSSH config, and much more.