Tag Amazon

InfoSec Week 18, 2018

Multiple tech giants like Apple, Microsoft, Google and others formed an industry coalition and have joined security experts in criticizing encryption backdoors, after Ray Ozzie's CLEAR key escrow idea was widely derided. He basically proposed a scheme where the users have no control over their own devices, but the devices can be securely forensically analyzed by the government agencies.
https://www.zdnet.com/article/coalition-of-tech-giants-hit-by-nsa-spying-slams-encryption-backdoors/
https://github.com/rayozzie/clear/blob/master/clear-rozzie.pdf

There is an information leaking vulnerability via crafted user-supplied CDROM image.
"An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu device model process."
QubesOS operationg system is not affected due to the properly compartmentalized architecture.
http://seclists.org/oss-sec/2018/q2/71

Great in-depth blog about the reconstruction of the exploit created by the CIA's "Engineering Development Group" targeting MikroTik's RouterOS embedded operating system. This exploit was made public by the WikiLeaks last year.
http://blog.seekintoo.com/chimay-red.html

Bypassing authentication and impersonating arbitrary users in Oracle Access Manager with padding oracle. The guy basically broke Oracles home grown cryptographic implementation.
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/

There is a critical privilege escalation vulnerability affecting Apache Hadoop versions from 2.2.0 to 2.7.3.
http://seclists.org/oss-sec/2018/q2/82

According to the Arbor Networks' security researchers have claimed that the anti-theft software Absolute LoJack is serving as an espionage software modified by the Russia-based Fancy Bear group.
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/

Wired wrote an article about the famous Nigerian 419 scammers, their culture and why they are still flourishing.
https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

Matrix and Riot instant messenger applications are confirmed as the basis for the France’s government initiative to implement federated secure messenger.
https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app/

Amazon threatens to suspend Signal's secure messenger AWS account over censorship circumvention. They are using different TLS Server Name Indication - "domain fronting" - when establishing connection to circumvent network censorship, but Amazon says it is against their terms of services.
https://signal.org/blog/looking-back-on-the-front/

Respected German CT-Magazine says that there are 8 new Spectre vulnerabilities found in the Intel processors.
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

InfoSec Week 17, 2018

A loud sound emitted by a gas-based fire suppression system deployed in the data center has destroyed the hard drives of a Swedish data center, downing NASDAQ operations across Northern Europe.
https://www.bleepingcomputer.com/news/technology/loud-sound-from-fire-alarm-system-shuts-down-nasdaqs-scandinavian-data-center/

Signal for iOS, version 2.23.1.1 and prior, is vulnerable to the screen lock bypass (CVE-2018-9840).
The blog explains how the vulnerability can be exploited in practice.
http://nint.en.do/Signal-Bypass-Screen-locker.php

Good summary about the integrated circuits Counterfeiting, detection and avoidance methods by hardware engineer Yahya Tawil.
https://atadiat.com/en/e-introduction-counterfeit-ics-counterfeiting-detection-avoidance-methods/

A new python-based cryptocurrency mining malware PyRoMine (FortiGuard Labs) is using the ETERNALROMANCE exploit attributed to the NSA, to propagate Monero cryptocurrency miner.
https://securityboulevard.com/2018/04/python-based-malware-uses-nsa-exploit-to-propagate-monero-xmr-miner/

The Australian Bureau of Statistics tracked people by their mobile device data to enrich their collection of data.
https://medium.com/@Asher_Wolf/the-australian-bureau-of-statistics-tracked-people-by-their-mobile-device-data-and-didnt-tell-them-16df094de31

BGP hijack affected Amazon DNS and rerouted web traffic for more than two hours. Attackers used the hijack to serve fake MyEtherWallet.com cryptocurrency website.
https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f

Embedi researchers analyzed the security of a Huawei Secospace USG6330 firewall firmware. Good insight on how to analyze devices in general.
https://embedi.com/blog/first-glance-on-os-vrp-by-huawei/

The ISO has rejected SIMON and SPECK symmetric encryption algorithms designed and proposed by the NSA. They are optimized for small and low-cost processors like IoT devices.
https://www.schneier.com/blog/archives/2018/04/two_nsa_algorit.html

The Center for Information Technology Policy at Princeton Announced IoT Inspector - an ongoing initiative to study consumer IoT security and privacy.
https://freedom-to-tinker.com/2018/04/23/announcing-iot-inspector-a-tool-to-study-smart-home-iot-device-behavior/

There is a Proof of Concept for Fusée Gelée - a coldboot vulnerability that allows full, unauthenticated arbitrary code execution on NVIDIA's Tegra line of embedded processors. This vulnerability compromises the entire root-of-trust for each processor, leading to full compromise of on-device secrets where USB access is possible.
https://github.com/reswitched/fusee-launcher/blob/master/report/fusee_gelee.md

InfoSec Week 8, 2018

Fraudsters are impersonating authors and publishing computer generated books so they can launder money via Amazon.
https://krebsonsecurity.com/2018/02/money-laundering-via-author-impersonation-on-amazon/

Crooks made over $3 million by installing cryptocurrency miners on Jenkins Servers by exploiting Java deserialization RCE vulnerability (CVE-2017-1000353) in the Jenkins.
https://securityaffairs.co/wordpress/69232/malware/jenkinsminer-targets-jenkins-servers.html

Tesla's Kubernetes installed in the Amazon AWS infrastructure was compromised by hackers.They have set up private cryptocurrency mining pool there.
https://www.bleepingcomputer.com/news/security/tesla-internal-servers-infected-with-cryptocurrency-miner/

The co-founder of WhatsApp, Brian Acton, has given $50 millions to support Signal messenger and create a self-sustaining foundation. Very good news for this donation funded privacy technology.
https://signal.org/blog/signal-foundation/

Hackers are exploiting the CISCO ASA vulnerability (CVE-2018-0101) in attacks in the wild.
https://securityaffairs.co/wordpress/68959/hacking/cve-2018-0101-cisco-asa-flaw.html

Security Researcher Troy Hunt published half a billion passwords collected and processed from various breaches. There is also API for this dataset, and some statistics about the password usage.
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

There is a critical vulnerability in Mi-Cam baby monitors that let attackers spy on infants. At least 52k users are affected.
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

Public key cryptography explained in the form of Ikea instructions. Check other images as well!
https://idea-instructions.com/public-key/

InfoSec Week 48, 2017

The German Interior Minister is preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations.
https://www.bleepingcomputer.com/news/government/germany-preparing-law-for-backdoors-in-any-type-of-modern-device/

According to the Citizen Lab, Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware sold by Israeli firm Cyberbit.
https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/

Elcomsoft wrote an insight about the drastically degraded security of the Apples iOS 11 operating system.
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/

Chinese drone maker D.J.I. is potentially sharing collected data with the Chinese government.
https://mobile.nytimes.com/2017/11/29/technology/dji-china-data-drones.html

Crooks are installing cryptocurrency miners by using typosquatting npm package names. They are searching for the unregistered package names with the difference of one bit from a well known packages.
https://medium.com/avahowell/bitsquatting-npm-packages-533c988d568f

Swiftype written a good blog about their infrastructure risk assessment and threat modeling.
https://swiftype.engineering/threat-modelling-and-infrastructure-risk-assessment-at-swiftype-6c1b337c7df1

Nvidia published a paper about the clustering of a benign and malicious Windows executables using neural networks.
https://devblogs.nvidia.com/parallelforall/malware-detection-neural-networks/

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.
https://github.com/eth0izzle/bucket-stream

Sysdig Inspect – a powerful interface for container troubleshooting and security investigation
https://github.com/draios/sysdig-inspect/

InfoSec Week 29, 2017

Microsoft has analyzed EnglishmansDentist exploit used against the Exchange 2003 mail servers on the out-dated Windows Server 2003 OS. Exploit was released by ShadowBrokers back in April 2017.
https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/

ESET researchers have analyzed a Stantinko botnet consisting of almost half a million machines used for ad-related fraud. It uses malicious Chrome extensions, but also creating and managing Facebook profiles and brute-forcing Joomla and WordPress websites.
https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/

A buffer overflow in the Source SDK in Valve's Source SDK allows an attacker to remotely execute code on a user's computer machine.
https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/
https://motherboard.vice.com/en_us/article/nevmwd/counter-strike-bug-allowed-hackers-to-completely-own-your-computer-with-a-frag

Secure messaging application Wire is now supporting end-to-end encrypted chats, file sharing and calls to businesses. But it's paid feature.
https://medium.com/@wireapp/wire-at-work-introducing-teams-beta-e50dacf6e9f1

Briar, a secure messaging app for Android, was released for a public beta testing. It's using Tor, or P2P direct messaging over Wifi, Bluetooth. Very interesting project.
https://briarproject.org/news/2017-beta-released-security-audit.html

D. J. Bernstein has published blog about the secure key material erasure: "2017.07.23: Fast-key-erasure random-number generators"
https://blog.cr.yp.to/20170723-random.html

Google Project Zero analyzed the security properties of the two major Trusted Execution Environment present on Android devices - Qualcomm’s QSEE and Trustonic’s Kinibi.
https://googleprojectzero.blogspot.sk/2017/07/trust-issues-exploiting-trustzone-tees.html

Prowler is a tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark.
https://github.com/alfresco/prowler

Hardentools is a utility that disables a number of risky Windows "features" exposed by Windows operating system.
https://github.com/securitywithoutborders/hardentools