Network Security News Summary for Wednesday October 16th, 2024

Internet Storm Center Stormcast

15 Oct 202406:45

Summary

TLDRIn this episode of the Sandstormers Stormcast, Johannes discusses recent cybersecurity insights, including a vulnerability in the Angular B64 upload extension allowing arbitrary file uploads. He emphasizes the importance of removing demo folders from installations. Johannes also critiques a Chinese paper claiming breakthroughs in quantum computing's ability to break RSA encryption, noting it only succeeded with a 22-bit RSA key. Additionally, he highlights a new open-source tool, EDR Silencer, for red teamers to test EDR detection capabilities and mentions a proposed standard for cross-platform passkey exchanges by the FIDO Alliance, aimed at improving key synchronization.

Takeaways

🔍 A vulnerability has been identified in the Angular b64 upload extension, which allows arbitrary file uploads without authorization.
🗑️ It is crucial to delete demo folders and scripts from projects before deploying them in a production environment to mitigate security risks.
📈 There has been a notable increase in requests for demo-related URLs, indicating that attackers are exploiting leftover demo scripts.
💻 A recent Chinese research paper claims a breakthrough in quantum computing regarding breaking RSA encryption, but it focuses on 22-bit RSA, not commonly used longer keys.
🔒 RSA encryption remains secure if implemented correctly, even with advancements in quantum computing.
⚙️ Cryptographic agility is important for new software; developers should design systems to easily swap out cryptographic algorithms as better options become available.
🚨 EDR Silencer is a new open-source tool for red teamers that targets various EDR implementations, enhancing the bypassing of endpoint detection.
🔎 Default configurations of EDR systems often fail to detect artifacts left behind by tools like EDR Silencer, highlighting the need for improved detection rules.
🔗 The FIDO Alliance proposes a standard format for exchanging passkeys, making it easier to synchronize keys across different platforms.
🔑 While standardizing passkey exchange could reduce some security measures, synchronizing keys across ecosystems is already a practice in password management.

Q & A

What was the main vulnerability discussed regarding the Angular B64 upload extension?
-The vulnerability allows arbitrary file uploads due to a demo script left behind when installing the extension, which is not part of the main Angular project.
Why is it important to delete demo folders when deploying software?
-Demo folders often contain vulnerable scripts that can be exploited by attackers, so removing them enhances the security of the production environment.
What trend was observed in requests for demo scripts in honeypots?
-There has been a significant increase in requests for demo-related URLs since June-July 2024, indicating that attackers are targeting leftover demo scripts.
What claims did the recent Chinese research make about breaking RSA encryption?
-The research claimed to have broken a 22-bit RSA encryption using a D-Wave quantum computer, but this does not threaten widely used RSA encryption like 2048-bit.
What is 'cryptographic agility' and why is it important?
-'Cryptographic agility' refers to the ability to easily swap cryptographic algorithms in software to ensure security as new algorithms are developed and threats evolve.
What is EDR Silencer and who should use it?
-EDR Silencer is an open-source tool that can target various EDR implementations to bypass endpoint detection. Red teamers should use it for testing, while blue teamers should develop detection rules against it.
How does EDR Silencer bypass endpoint detection?
-EDR Silencer bypasses detection by leaving no detectable artifacts in the default configurations of existing EDR solutions.
What recent development was proposed by the FIDO Alliance?
-The FIDO Alliance proposed a standard format for exchanging passkeys across platforms, enhancing interoperability among different ecosystems.
What are the potential security implications of the proposed passkey standard?
-While the standard may streamline key synchronization, there is a small chance it could introduce vulnerabilities; however, synchronization has been possible prior to this standard.
What should developers consider when using cryptographic algorithms in new software?
-Developers should ensure their software is designed for cryptographic agility, allowing for easy updates to stronger algorithms as necessary.