Tag Airbnb

InfoSec Week 7, 2019

Ubiquiti network devices are being remotely exploited, via port 10001 discovery service. Results in loss of device management, also being used as a weak UDP DDoS amplification attack: 56 bytes in, 206 bytes out.
https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/

Researchers demonstrated that Intel SGX trusted enclave poses a security thread, when they implemented proof malware that bypasses antivirus protection by leveraging SGX properties. Find more information in the research paper named "Practical Enclave Malware with Intel SGX".
https://arxiv.org/abs/1902.03256

Looks like the diffusion layer of Russian symmetric ciphers Kuznyechik and hash function Streebog, have mathematical properties required for the backdoor. There is no theoretical attack yet, and I am not convinced that it is on purpose, but the construction is suspicious.
https://mailarchive.ietf.org/arch/msg/cfrg/4PmssKzCBsxTmLCieDgqD7Nynwg

Google engineers have designed a new encryption mode for ChaCha stream cipher called Adiantum. The new encryption mode should be used on cheap ARM processors that does not have hardware support for AES, and it is almost 5x faster than AES-256-XTS.
https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html

Current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API.
https://www.exploit-db.com/exploits/46362

Phones running Android OS can be compromised remotely by viewing malicious PNG image.
https://source.android.com/security/bulletin/2019-02-01.html

A new vulnerability in the runc, container runtime used by Docker, Kubernetes and others. allows container escape just by running a malicious image.
https://www.openwall.com/lists/oss-security/2019/02/11/2

NCC Group published an interesting blog about a downgrade attack on TLS 1.3 and multiple other vulnerabilities in major TLS Libraries which they found last year.
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/

Researcher Scott Gayou published a step by step guide on how to jailbreak Subaru Crosstrek 2018 head unit leveraging USB port and update mechanism.
https://github.com/sgayou/subaru-starlink-research/tree/master/doc

According to the Airbnb presentation, 38 percent of bugs at Airbnb could have been prevented by using types.
https://www.reddit.com/r/typescript/comments/aofcik/38_of_bugs_at_airbnb_could_have_been_prevented_by/

You can try to find bugs in the Swiss eVoting System, as they opened a bug bounty program. There is also a source code available for registered bug hunters.
https://onlinevote-pit.ch/details/

Google open sourced ClusterFuzz, an infrastructure used for fuzzing Chrome and OSS-Fuzz, continuous fuzzing pipeline of open source software.
https://opensource.googleblog.com/2019/02/open-sourcing-clusterfuzz.html

InfoSec Week 31, 2017

A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
https://b0n1.blogspot.sk/2017/08/android-banking-trojan-misuses.html https://www.bleepingcomputer.com/news/security/new-version-of-dangerous-android-malware-sold-on-russian-hacking-forum/

Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
https://securelist.com/steganography-in-contemporary-cyberattacks/79276/

Software researcher from Trail of Bits put Windows Defender to the sandbox.
https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/

Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor

How to completely take over the ones online identity? This guy demonstrated that practically.
https://defaultnamehere.tumblr.com/post/163734466355/operation-luigi-how-i-hacked-my-friend-without

Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
https://medium.com/airbnb-engineering/binaryalert-real-time-serverless-malware-detection-ca44370c1b90

TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/

Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
https://www.cs.uic.edu/~s/papers/juniper2016/juniper2016.pdf

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
https://github.com/gophish/gophish

Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
https://github.com/ciscocsirt/GOSINT

A generic unpacker for packed Android applications released by the Check Point researchers.
https://github.com/CheckPointSW/android_unpacker