Posts

Cybersecurity Updates For Week 6 of 2022

Argo CD High Severity Vulnerabilit – CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Read more:
https://www.armosec.io/blog/cve-2022-24348-argo-kubernetes/

Windows DNS Server Remote Code Execution Vulnerability – CVE-2022-21984

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account over the network.

Read more:
https://dirteam.com/sander/2022/02/08/windows-server-2022-suffers-a-windows-dns-server-remote-code-execution-vulnerability-cve-2022-21984/

SAP Critical Vulnerabilities in business applications

SAP released three patches for all impacted systems of a possible security attack while Onapsis helped provide a free open-source vulnerability scanner tool to assist all SAP customers affected to immediately address these issues.

Read More:
https://blogs.sap.com/2022/02/08/sap-partners-with-onapsis-to-identify-and-patch-cybersecurity-vulnerabilities/

Other news worth mentioning:

PrivateLoader: The first step in many malware schemes
Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
France Rules That Using Google Analytics Violates GDPR Data Protection Law

Building Dreamhack, part one

Dreamhack is the world’s largest digital festival and holds the official world record as the world’s largest LAN party in the Guinness Book of World Records. Last event (november 2011) the network had 13 292 uniqe devices connected.

The Dreamhack network team is responsible for planning, building, development, operations and teardown of the network. The team consists of 30 people with a great passion for technology from different companies and universities. The team is divided into four subgroups: core, services, access and logistics. I’m a member of the services group which is responsible for the services required in the network.

Part one: building anycast DNS system supporting IPV4 and IPV6
Anycast is a technology where an (anycast) IP is announced on more than one location using a routing protocol. By doing this the routing protocol thinks that it has multiple routes to the (anycast) IP when in fact there are two different endpoints with the same (anycast) IP. The routing protocol will send the client packages to the endpoint with the shortest path from the client. To achieve high availability you need to be able to remove an endpoint service when errors occur. You can do this by removing the specific route to the broken endpoint from the routing table.

 

In the example image above, the client computer’s request to the anycast IP 9.9.9.9 will be routed to the adns server with the IP 2.2.2.2 because that is the shortest path to the anycast IP 9.9.9.9. If the route saying 9.9.9.9 is reachable via 2.2.2.2 is removed the client’s request will be routed to the server adns with IP 1.1.1.1 instead.

To build our anycast DNS infrastructure at Dreamhack we use Debian GNU/Linux, Bind, iptables, ip6tables and quagga with the routing protocol BGP. We have two anycast DNS servers connected to two different Cisco ASR 9000 routers. On the servers we have loopback interfaces that have the anycast IPV4 and IPV6 address configured. We are then using iptables to forward DNS requests from the interface connected to the routers to the loopback interface. On the servers, bind is handling the DNS requests. To achieve high availability we have built a service which checks if a DNS server is unable to answer 5 different DNS request in a row. If it is, the route to that specific DNS server will be removed from the routing table making all the clients’ DNS request go to the other working DNS server.

Dreamhack anycast DNS design.

During Dreamhack winter 2011, me and my colleague Karl Andersson held a lecture where i discuss the Dreamhack anycast DNS implementation. You can find this presentation on Youtube: Dreamarena Orange – Dreamhack Behind the Scenes.