Week 7

How Coinbase Phishers Steal One-Time Passwords

October 21, 2021 by Shubham Patil Leave a Comment

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Link: https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/#more-57245

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

October 11, 2021 by Ryan Trapp 1 Comment

This week there was a zero day discovered in Apache HTTP Server 2.4.49. This vulnerability can allow attackers to map URLs to files outside of the expected document root on the server. However, it has subsequently been discovered that the zero-day flaw is worse than originally thought due to a new proof of concept that demonstrates the vulnerability can lead to remote code execution. This vulnerability only affects the 2.4.49 version of Apache but it is extremely severe in nature and something that you would want to patch immediately if one of your servers was running this.

https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

October 9, 2021 by Matthew Bryan 2 Comments

I thought this was interesting and relevant to our recent discussions about social engineering. Apple Air Tags are used to locate frequently lost devices. Finders of a tag can scan the device on their iPhone to reveal information about the tag’s owner if it’s in “lost mode.” During the scan, the finder’s iPhone displays a custom web page with the owner’s phone number.

The Air Tag “Good Samaritan Attack” exploits a flaw in this process which does not sanitize the input to the phone number field. This allows the bad actor to input anything they’d like into the field, e.g. a redirect to an iCloud phishing page. The deployment is similar to USB baiting attacks where USB devices are dropped outside the target location. The Good Samaritan picks up the device, scans the tag, and is redirected to the attack page. This is concerning as users are not as diligent with checking sites on mobile devices and it may not be clear that they are being redirected to a malicious site.

The researcher who found the bug, Bobby Rauch, reported that Apple was not responsive to his attempts to disclose the issue. This has been a trend among security researchers that report issues to Apple. Rauch stated that they never answered his questions about the bug bounty program and did not follow-up with their remediation plan. Apple did ask that Rauch avoid publicizing his findings; however, he did not comply with this request, due to their lack of communication.

Article: Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Author: Brian Krebs

Published: September 28, 2021

Link