Leaderboard

OPEN TO EVERYBODY Registration In order to inspire even more people for this topic and to strengthen the objectives of the ECSC in the long term, the openECSC is planned in 2022 alongside the ECSC. Only young talents up to the age of 25 and only 10 finalists per country per year can take part in the ECSC. In order to promote even more talents, everybody (also non-Europeans), regardless of whether they are a security enthusiast or an expert, can demonstrate their skills at the openECSC without restriction and become part of the ECSC community. This is a welcome opportunity, especially for the security experts of many companies in Europe, to demonstrate their skills. VALUATION openECSC: The participants not only represent their country in a national ranking, but also have the chance to compete against the best in Europe in an individual ranking. In the Nations Cup, it is decided how many participants per country can solve the most tasks. In order to ensure equal opportunities between smaller and larger countries, the number of participants per country – divided by the total number of its inhabitants – who can solve most of the tasks is evaluated. The individual evaluation decides who was able to solve the most tasks during the day. In the case of a tie, it is decided who was able to solve the tasks faster. The winners of the individual ranking will be awarded. The respective ECSC team of the top 3 countries will receive the prizes for the Nations Cup at the award ceremony of the ECSC. The openECSC is conducted as an “online” competition. Participants can register on the online HackingLab platform from February 20th. After registration, each participant will be provided with exercises for training and preparation. The competition day is September 15, 2022 Start is at 08:00 to 17:00 (CET) Registration openECSC 2022 Communication Phase Round 1 12 Challenges 19/03 - 29/04/2022 Shadow Event 1 Finale openECSC 15 Challenges 15/09/2022 Round 2 12 Challenges 30/04 - 17/06/2022 Shadow Event 2 Round 3 12 Challenges 18/06 - 26/08/2022 Small trophys for each round winners! Sursa: https://www.ecsc2022.eu/about-ecsc/open-ecsc-2022/

Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment. A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement. "We will provide updates as more information becomes available," he added. The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was "ONLY on Okta customers." Security experts told Reuters the screenshots appeared to be authentic. "I definitely do believe it is credible," said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta's internal tickets and its in-house chat on the Slack messaging app. Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be "very vigilant right now." In an email, Tentler added, "There are timestamps and dates visible in the screenshots indicating January 21st of this year, which suggests they may have had access for two months." Sursa: https://edition.cnn.com/2022/03/22/tech/okta-report-of-breach/index.html Screenshot-uri: https://twitter.com/billdemirkapi/status/1506107157124722690

Garantie

Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols NTLM “Relaying” is a well known replay attack for Windows systems in which the attacker

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus When code with millions of downloads nukes user files, bad things can happen. DAN GOODIN - 3/18/2022, 8:31 PM Enlarge Getty Images A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads. A deliberate and dangerous act Two weeks ago, the node-ipc author pushed a new version of the library that sabotaged computers in Russia and Belarus, the countries invading Ukraine and providing support for the invasion, respectively. The new release added a function that checked the IP address of developers who used the node-ipc in their own projects. When an IP address geolocated to either Russia or Belarus, the new version wiped files from the machine and replaced them with a heart emoji. To conceal the malice, node-ipc author Brandon Nozaki Miller base-64-encoded the changes to make things harder for users who wanted to visually inspect them to check for problems. This is what those developers saw: + const n2 = Buffer.from("Li8=", "base64"); + const o2 = Buffer.from("Li4v", "base64"); + const r = Buffer.from("Li4vLi4v", "base64"); + const f = Buffer.from("Lw==", "base64"); + const c = Buffer.from("Y291bnRyeV9uYW1l", "base64"); + const e = Buffer.from("cnVzc2lh", "base64"); + const i = Buffer.from("YmVsYXJ1cw==", "base64"); These lines were then passed to the timer function, such as: + h(n2.toString("utf8")); The values for the Base64 strings were: n2 is set to: ./ o2 is set to: ../ r is set to: ../../ f is set to: / When passed to the timer function, the lines were then used as inputs to wipe files and replace them with the heart emoji. + try { + import_fs3.default.writeFile(i, c.toString("utf8"), function() { + }); “At this point, a very clear abuse and a critical supply chain security incident will occur for any system on which this npm package will be called upon, if that matches a geolocation of either Russia or Belarus,” wrote Liran Tal, a researcher at Snyk, a security company that tracked the changes and published its findings on Wednesday. Tal found that the node-ipc author maintains 40 other libraries, with some or all of them also being dependencies for other open source packages. Referring to the node-ipc author’s handle, Tal questioned the wisdom of the protest and its likely fallout for the open source ecosystem as a whole. “Even if the deliberate and dangerous act of maintainer RIAEvangelist will be perceived by some as a legitimate act of protest, how does that reflect on the maintainer’s future reputation and stake in the developer community?" Tal wrote. "Would this maintainer ever be trusted again to not follow up on future acts in such or even more aggressive actions for any projects they participate in?” RIAEvangelist also came under fire on Twitter and in open source forums. "This is like Tesla intentionally putting in code to detect certain drivers and if they vaguely match the description then to auto drive them into the nearest phone pole and hoping it only punishes particular drivers," one person wrote. A different person added: "What if the deleted files are actually mission critical that can kill others? ARS VIDEO Blade Runner Game Director Louis Castle: Extended Interview Protestware comes of age The node-ipc update is just one example of what some researchers are calling protestware. Experts have begun tracking other open source projects that are also releasing updates calling out the brutality of Russia’s war. This spreadsheet lists 21 separate packages that are affected. One such package is es5-ext, which provides code for the ECMAScript 6 scripting language specification. A new dependency named postinstall.js, which the developer added on March 7, checks to see if the user’s computer has a Russian IP address, in which case the code broadcasts a “call for peace.” “The people of Ukraine are fully mobilized and ready to defend their country from the enemy invasion,” the message translated into English read in part. “91% of Ukrainians fully support their President Volodymyr Zelensky and his response to the Russian attack.” Here’s a snippet of the code: Enlarge The protestware event exposes some of the risks posed when armies of volunteer developers produce the code that’s crucial for hundreds or thousands of other applications to run. Some open source software automatically downloads and incorporates new dependency versions, and even for those that don't, the vast amount of code often makes manual reviews infeasible. That means an update from a single individual has the potential to throw a wrench in an untold number of downstream applications. FURTHER READING Developer sabotages his own apps, then claims Aaron Swartz was murdered This risk was on full display in January, when the developer of two JavaScript libraries with more than 22 million downloads pushed an update that caused more than 21,000 dependent apps to spew gibberish, prefaced by the words “Liberty Liberty Liberty.” An infinite loop produced by the update sent developers scrambling as they attempted to fix their malfunctioning apps. The disk-wiping function was added to node-ipc versions 10.1.1 and 10.1.2. Following the outcry over the wiper, the developer released updates that removed the malicious function. Snyk recommends that developers stop using the package altogether. If that’s not possible, the company advises the use of an npm package manager to override the sabotaged versions and pin a known good version. “Snyk stands with Ukraine, and we’ve proactively acted to support the Ukrainian people during the ongoing crisis with donations and free service to developers worldwide, as well as taking action to cease business in Russia and Belarus,” Tal wrote. “That said, intentional abuse such as this undermines the global open source community and requires us to flag impacted versions of node-ipc as security vulnerabilities.” Post updated to remove comments making unverified claims and to correct a statement about default open source behavior towards dependency updates. Sursa: https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/