Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-09-26 to 2022-10-03.
Initially, the blue team at GTSC observed attacks Exchange in August 2022. The details were shared with Microsoft via Trend Micro ZDI. As other attacks were observed by GTSC before any official patch was released they decided to publish their write-up.
Initially, there was a bit of confusion whether this was again the ProxyShell vulnerability from 2021. Kevin Beaumont did an initial analysis and later create a logo.
Later, the Microoft Security Response Center also published guidance on the vulnerability.
In the blog post mr.d0x show how Chromium’s application mode allows us to easily create realistic desktop phishing applications. The Chromium Application Mode launches a single webpage like a desktop application in a new window and the address bar is hidden. Based on these options it’s possible to impersonate Microsoft Teams or Microsoft sign-in.
Wired had an intersting article about a new class of apps called Shameware. Some churches seem to be asking congregation members to install those on their phone. The alleged concept behind them is to help overcome unhealthy or immoral behaviours. The article lists a few services, such as, Covenant Eyes, Accountable2You.
Technically speaking, these apps are just surveillance software or plain spyware. The apps take screenshots, monitor web traffic, etc. Quite similar to the market for child surveilance apps, which include apps like Bark or NetNanny. For the first type, church leader is monitoring the behaviour and shaming the curch member, thus the name Shameware.
The Iscariot Suite is a collection of tools to enhance and augment trusted open-source and commercial Blue Team/Sysadmin products, turning them into traitorware to achieve offensive security goals.