Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes — My verification test is below. Note that it gets stored in on-disk, collected logs (non-volatile logs).
• Thousands of servers found leaking 750MB worth of passwords and keys — Leaky etcd servers could be a boon to data thieves and ransomware scammers.
• Atlanta city government systems down due to ransomware attack — FBI called in as some city services are interrupted, employees told to turn off PCs.
• Android malware found inside apps downloaded 500,000 times | ZDNet — Cybercriminals have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps.
• From hacked client to 0day discovery — The client’s account had been blocked because it was spotted sending spam. Once connected to the service, it was clear that the monthly quota of the account was almost reached and that the latest emails sent shown on the dashboard had content that were clearly spam.
• Listener Feedback from Jeff S
• Listener Feedback from Tyler

Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Audio Adversarial Examples — We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.
• Keylogger found on thousands of WordPress-based sites, stealing every keypress as you type — But, in a twist, this particular attack isn’t just interested in mining Monero. While the website’s front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users’ login credentials.
• Qubes Air: Generalizing the Qubes Architecture | Qubes OS — Qubes Air is the next step on our roadmap to making the concept of “Security through Compartmentalization” applicable to more scenarios. It is also an attempt to address some of the biggest problems and weaknesses plaguing the current implementation of Qubes, specifically the difficulty of deployment and virtualization as a single point of failure. While Qubes-as-a-Service is one natural application that could be built on top of Qubes Air, it is certainly not the only one. We have also discussed running Qubes over clusters of physically isolated devices, as well as various hybrid scenarios. I believe the approach to security that Qubes has been implementing for years will continue to be valid for years to come, even in a world of apps-as-a-service.
• Making network authentication simple in a Bring Your Own Device environment — In this article, we explore in depth the challenges we faced regarding compatibility, security, and user experience, and the solutions we came up with. We explain how we combined 802.1X authentication (wired & wireless) and per-subscriber VLANs to offer our users a quality Internet experience.
• “Autosploit” tool sparks fears of empowered “script kiddies” — "AutoSploit attempts to automate the exploitation of remote hosts."
• AutoSploit: Automated Mass Exploiter — Clone the repo. Or deploy via Docker.
• How To Use psad to Detect Network Intrusion Attempts — The key to using psad effectively is to configure danger levels and email alerts appropriately, and then follow up on any problems. This tool, coupled with other intrusion detection resources like tripwire can provide fairly good coverage to be able to detect intrusion attempts.
• Portainer: Simple management UI for Docker
• What is iSCSI (Internet Small Computer System Interface)