Le Comptoir Sécu: [SECHebdo] 25 mars 2021 - TikTok Android RCE, Supply Chain PiPy, OSINT et éthique, 5G Slicingz, PCAP to APT, Tracking publicitaire, etc.
L'équipe du Comptoir Sécu 3/25/21 - Episode Page
<![CDATA[https://www.comptoirsecu.fr/images/covers/2021-03-25-sechebdo-vignette.jpg" />
]]>
<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>
<p>
<strong>Au sommaire de cette émission :</strong>
<ul><li>Todo <strong><a href="#t=00:01:30" onclick="location.reload()">(00:01:30)</a></strong></li></ul>
</p>
<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2021-03-25.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2021-03-25.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2021-03-25-sechebdo-vignette.jpg",
"title": "[SECHebdo] 25 mars 2021",
"subtitle": "TikTok Android RCE, Supply Chain PiPy, OSINT et éthique, 5G Slicingz, PCAP to APT, Tracking publicitaire, etc.",
"description": "Épisode du 25 03 2021 - SECHebdo est une revue de l'actualité cybersécurité réalisée en live sur Youtube, généralement le mercredi soir."
,"chaptermarks": [
{ "start": "00:01:30", "title": "Todo"}
]
}
}
</script>
<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K+kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>
<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>
<p>A bientôt pour d’autres émissions/podcasts!</p>
<h3 id="liste-des-sources">Liste des sources :</h3>
<ul>
<li>TikTok for Android 1-Click RCE, wormable ?
<ul>
<li><a href="https://medium.com/@dPhoeniixx/tiktok-for-android-1-click-rce-240266e78105">tiktok-for-android-1-click-rce</a></li>
</ul></li>
<li>Active supply chain on PyPi
<ul>
<li><a href="https://twitter.com/podalirius_/status/1366419587798102025">podalirius_ Twitter</a></li>
<li><a href="https://connect.ed-diamond.com/MISC/MISCHS-023/GNU-Guix-vers-une-gestion-de-paquets-plus-securisee">GNU Guix, vers une gestion de paquets plus sécurisée | Connect - Editions Diamond</a></li>
<li><a href="https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/">Secure Publication of Datadog Agent Integrations With TUF and In-Toto | Datadog</a></li>
</ul></li>
<li>F5 BIG-IP iControl Unauthenticated Remote Command Execution (CVE-2021-22986)
<ul>
<li><a href="https://twitter.com/1ZRR4H/status/1373206181955653632">https</a></li>
<li><a href="https://github.com/Al1ex/CVE-2021-22986">GitHub - Al1ex/CVE-2021-22986: CVE-2021-22986 & F5 BIG-IP RCE</a></li>
</ul></li>
<li>Vrai algos derrière chaque crypto
<ul>
<li><a href="http://ethanfast.com/top-crypto.html">Cryptography behind the top 100 cryptocurrencies</a></li>
</ul></li>
<li>De l’OSINT et de l’éthique
<ul>
<li><a href="https://hatless1der.com/ethically-controversial-practices-in-osint/">Ethically Controversial Practices in OSINT – @hatless1der | Blog</a></li>
<li><a href="http://gdt.oqlf.gouv.qc.ca/ficheOqlf.aspx?Id_Fiche=26543807">Dictionnaire Québecois</a></li>
</ul></li>
<li>GDPR et tracking publicitaire
<ul>
<li><a href="https://www.iccl.ie/digital-data/4-big-questions-about-googles-new-privacy-position/">4 Big Questions about Google’s new privacy position - Irish Council for Civil Liberties</a></li>
</ul></li>
<li>Vulns et défauts de configuration répandus
<ul>
<li><a href="https://s3cur3th1ssh1t.github.io/The-most-common-on-premise-vulnerabilities-and-misconfigurations/">The most common on premises vulnerabilities & misconfigurations | S3cur3Th1sSh1t</a></li>
</ul></li>
<li>Indictment
<ul>
<li><a href="https://www.bleepingcomputer.com/news/security/swiss-hacker-charged-for-leaking-proprietary-source-code/">Swiss hacker charged for leaking proprietary source code</a></li>
<li><a href="https://www.justice.gov/usao-wdwa/pr/swiss-hacker-indicted-conspiracy-wire-fraud-and-aggravated-identity-theft">Swiss Hacker indicted for conspiracy, wire fraud, and aggravated identity theft | USAO-WDWA | Department of Justice</a></li>
</ul></li>
<li>5G / Networks Slicing security vulnerabilities
<ul>
<li><a href="https://info.adaptivemobile.com/5g-network-slicing-security">White Paper: A Slice in Time: Slicing Security in 5G Core Networks</a></li>
</ul></li>
<li>Writeup network dump to APT
<ul>
<li><a href="https://igor-blue.github.io/2021/03/24/apt1.html">APT Encounters of the Third Kind - Igor’s Blog</a></li>
</ul></li>
<li>Google
<ul>
<li><a href="https://youtu.be/g-JgA1hvJzA">Hacking into Google’s Network for $133,337 - YouTube</a></li>
</ul></li>
</ul>