Random in Security 202433

Covering the recent security news

2 min read - 415 words

Introduction

Random in Security is a summary of the cybersecurity news.

Vulnerabilities

CVE-2024-38063 - Windows TCP/IP Remote Code Execution Vulnerability

The security community was jumping onto this CVE-2024-38063 hype train. @clearbluejar published a patchdiff analysis. Paul Seekamp (@nullenc0de) published PoC code that triggers the integer underflow.

Interesting Reads

CrowdStrike Bluescreen

The headlines following the fiasco would make a good tv series.

  • Crowdstrike incident takes down internet. They released a faulty update that rendered around 8.5 million Windows devices unusable (see Official Microsoft Blog).
  • CrowdStrike offers a $10 apology gift card to say sorry for outage (see TechCrunch).
  • Delta to Seek Damages from CrowdStrike (see cnbc)
  • CrowdStrike representatives issue trademark infringement notice to ClownStrike (see ClownStrike)
  • CrowdStrike Official RCA is now out (see CrowdStrike).
  • Microsoft says Delta’s ancient IT explains long outage after CrowdStrike snafu (see arstechnica)
  • CrowdStrike accepting the PwnieAwards for “most epic fail” at defcon (see YouTube).

Some noteworthy additions to add some important historical facts:

  • CrowdStrike agent cause kernel panics in April 2024 (see RedHat, Rocky Linux).
  • Defective McAfee update caused worldwide meltdown of XP PCs in 2010 (see ZDNET). CrowdStrike’s CEO Kurtz was CTO of McAfee in 2010.

Obviously, other companies have had incidents too. For example, Google shared results of postmortem analysis in The Site Reliability Workbook.

One pending question is liability for software companies.

Chinese backdoor in MIFARE Classic

The paper MIFARE Classic: exposing the static encrypted nonce varian was quite an interesing paper. A chinese variant (FM11RF08S) of MIFARE Classic cards are found to be backdoored by the manufacturer. Special auth commands leak (static) encrypted nonces which can then be used to recover sector keys and dump the card.

By 2024, we all know MIFARE Classic is badly broken

Move on to DESFire or some other newer safer chips

Talk - Initial Access Craft in 2024

Emeric Nasi provided his talk Advanced Initial Access Craft in 2024 on recent trends and a few tricks for Initial Access. The slides are available on GitHub.

Tools

Ransomware-Tool-Matrix

A resource containing all the tools each ransomware gangs uses

CVE Markdown Charts

I stumbled over the blog of @clearbluejar. He wrote a cool articleIntroducing CVE Markdown Charts, that provides some visual analysis for related CVEs with two examples being the Microsoft Patch Tuesday and Chrome bug classes.

A simple tool to create mermaid js markdown charts from CVE IDs and CVE keyword searches.

MIFARE Classic Tool (MCT)

An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

Contact Us

+49 (0)89 21543969
office@kemetmüller.com

Services

Security Assessments | Security Consulting | Security Trainings

Blog | Glossary

Company

Privacy Policy | Imprint