The Lighthouse IT Podcast - October 7th, 2022
This week, Matt & Griff discuss hackers attempts to subvert MFA, Google's struggles and efforts against TikTok, Microsoft and Cisco fighting vulnerabilities, sliding and expanding computer, hacking tractors, and more.
- An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account's owner's mobile device.
- In many cases, the threat actors will push out repeated MFA notifications and then contact the target through email, messaging platforms, or over the phone, pretending to be IT support to convince the user to accept the MFA prompt.
- We recommended enabling number matching. Microsoft's MFA number matching, known as Verified Push in Duo, is a feature that displays a number that must then be entered into the authenticator app to verify they are logging into the account.
Framework's new upgradable Chromebook
- This is an upgradable, customizable Chromebook, confirmed by both Framework and Google.
- The Chromebook Edition even includes the same expansion card system as the Windows edition.
- Framework said in a tweet that Google will support the Framework Chromebook Edition for "a minimum of 8 years."
- Preorders begin today in the US and Canada with a starting price of $999.
- Products are slated to ship in early December.
Google describes TikTok as an 'existential threat'
- As TikTok grows, Google, in particular, has begun to describe the app as a whole new way of creating and consuming the internet and maybe an existential threat to its own search engine.
- Prabhakar Raghavan, the SVP of search at Google, said in July that "something like almost 40 percent of young people, when they are looking for a place for lunch, they don't go to Google Maps or Search, they go to TikTok or Instagram."
- More recently, The New York Times and others have talked to young internet users and found that, in fact, they're turning to TikTok for more and more of what you might call Google-able things.
- On one hand, there's nothing particularly surprising about this: the internet is just becoming a more visual place. YouTube has long been the internet's second most popular search engine, and for a lot of things, a video is actually the best possible answer.
- Ultimately, Google probably doesn't need to be nervous about TikTok's growing search prowess. But YouTube probably should be.
Google is trying to reinvent search by including visual elements
- Google now exists on a more visual, more interactive internet.
- You can now ask Google a question using Multisearch (with which you can search with a picture and then modify it with text) or rambling into your phone's microphone rather than trying to type the perfect set of keywords into the search bar.
- What would Google's equivalent of TikTok's For You page look like? Google's search team doesn't know exactly, but it's working on it. And at least so far, it looks like the answer will start to appear on the homepage of Google's iOS app.
- Google's also expanding its Immersive View in Maps, which gives you a fly-through visual view of a place before you actually go there.
- The featured snippets that prepopulate before your search is even complete will become much more aggressive, and hopefully, accurate/helpful.
Double-Zero day discovered for MS Exchange
- Microsoft is having fun once again after not one, but two zero-days were discovered in its Microsoft Exchange Server software. If you remember a year ago, we covered an issue called ProxyShell whereas commands could be sent via IIS and proxied out to PowerShell commands.
- The two bugs can be worked together to provide access enough to trigger the second bug, which could allow Remote Code Execution.
- It's detection can be confirmed using the same methods as ProxyShell, but we haven't seen anything that confirms that lack of presence does not indicate no compromise.
- Still, it takes a lot to make use of these bugs. It does require authentication from a client, so a client computer would need to be compromised, as the first bug cannot be exploited without authentication.
- Blocking PowerShell Remoting can strongly limit attackers (possibly even prevent) from chaining the two vulnerabilities.
- If you're running Exchange, check out the link in the show notes or contact us right away for mitigation advice.
Cisco patches dozen vulnerabilities in IOS XE
- Seems like only last pod we were talking about how the IOS name was licensed to Apple for use by their iDevices - so it would seem relevant to discuss Cisco's IOS is getting a major squashing of vulnerabilities. To specific, 12 vulnerabilities with 10 classified as High Severity have been patched, and 6 that could lead to denial-of-service.
- If you're running Catalyst APs, wireless controllers, or switches, you should probably look into these updates right away.
If you can hack a phone, you can hack a tractor
- Have we ever talked about our favorite devices that have been randomly modified to play Doom?
- What about an agricultural tractor?
- Australian hacker Sick Codes put on display at DefCon back in August that he made it run on two of John Deere's tractor.
- Of course it does bring up the security of these legacy devices turned modern, as Sick Codes indicates it didn't take much work at all - as security often plays a backseat to functionality.
- This also brings to light the advanced technologies of vehicles and the need for security standards moving forward.
Gain 4" easily just by stretching
- Intel & Samsung debuted slidable PCs. Not to be confused with sledable PCs, the screen actually stretches to garner more viewable real estate. In the demo, they took a 13" tablet and slid it open to 17" display.
- Game. Changer.
Magically malicious MagicWeb
- It's been a while since we've heard NOBELIUM's name, but they're still out there. Famously known for their SolarWinds hack, and being Microsoft's "objet d'attention" for taking down, they've released their latest threat designed to compromise Active Directory.
- Active Directory is the authentication mechanism and database for most Windows networks out there, so it makes sense why they'd want this under their control. With SSO integrations and the ability to move laterally through a network, this is a big fish.
- MagicWeb does it magic by infiltrating administrative access to ADFS - not a common feature in many networks, but for sure a lot of enterprises may be using it.