Random in Security is a summary of the cybersecurity news.
Vulnerabilities#
CVE-2024-38063 - Windows TCP/IP Remote Code Execution Vulnerability#
The security community was jumping onto this CVE-2024-38063 hype train. @clearbluejar published a patchdiff analysis. Paul Seekamp (@nullenc0de) published PoC code that triggers the integer underflow.
Interesting Reads#
CrowdStrike Bluescreen#
The headlines following the fiasco would make a good tv series.
- Crowdstrike incident takes down internet. They released a faulty update that rendered around 8.5 million Windows devices unusable (see Official Microsoft Blog).
- CrowdStrike offers a $10 apology gift card to say sorry for outage (see TechCrunch).
- Delta to Seek Damages from CrowdStrike (see cnbc)
- CrowdStrike representatives issue trademark infringement notice to ClownStrike (see ClownStrike)
- CrowdStrike Official RCA is now out (see CrowdStrike).
- Microsoft says Delta’s ancient IT explains long outage after CrowdStrike snafu (see arstechnica)
- CrowdStrike accepting the PwnieAwards for “most epic fail” at defcon (see YouTube).
Some noteworthy additions to add some important historical facts:
- CrowdStrike agent cause kernel panics in April 2024 (see RedHat, Rocky Linux).
- Defective McAfee update caused worldwide meltdown of XP PCs in 2010 (see ZDNET). CrowdStrike’s CEO Kurtz was CTO of McAfee in 2010.
Obviously, other companies have had incidents too. For example, Google shared results of postmortem analysis in The Site Reliability Workbook.
One pending question is liability for software companies.
Chinese backdoor in MIFARE Classic#
The paper MIFARE Classic: exposing the static encrypted nonce varian was quite an interesing paper. A chinese variant (FM11RF08S) of MIFARE Classic cards are found to be backdoored by the manufacturer. Special auth commands leak (static) encrypted nonces which can then be used to recover sector keys and dump the card.
By 2024, we all know MIFARE Classic is badly broken
Move on to DESFire or some other newer safer chips
Talk - Initial Access Craft in 2024#
Emeric Nasi provided his talk Advanced Initial Access Craft in 2024 on recent trends and a few tricks for Initial Access. The slides are available on GitHub.
Tools#
- Ransomware-Tool-Matrix - A resource containing all the tools each ransomware gangs uses
- CVE Markdown Charts - A simple tool to create mermaid js markdown charts from CVE IDs and CVE keyword searches. I stumbled over the blog of @clearbluejar. He wrote a cool article Introducing CVE Markdown Charts, that provides some visual analysis for related CVEs with two examples being the Microsoft Patch Tuesday and Chrome bug classes.
- MIFARE Classic Tool (MCT) - An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.