Tag Australia

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
https://www.thelocal.de/20190108/suspect-20-arrested-over-massive-german-politician-data-hack

Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
https://lwn.net/Articles/776404/

Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook
https://news.ycombinator.com/item?id=18864354

Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
https://cyber.gov.au/individual/news/whatsapp-gold-hoax/

After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
https://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-hunters

Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
https://www.nytimes.com/2019/01/08/nyregion/el-chapo-trial.html
https://twitter.com/alanfeuer/status/1083033189956964353

Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
https://www.mci.gov.sg/~/media/mcicorp/doc/report%20of%20the%20coi%20into%20the%20cyber%20attack%20on%20singhealth%2010%20jan%202019.pdf?la=en

Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620

If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
https://twitter.com/marcan42/status/1080869868889501696

Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
https://twitter.com/Zerodium/status/1082259805224333312

Security engineer Chris Palmer published blog about the state of software security in 2019.
https://noncombatant.org/2019/01/06/state-of-security-2019/

The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
https://github.com/nationalsecurityagency

Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
https://arxiv.org/abs/1901.01161

Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
https://arxiv.org/abs/1810.11888

InfoSec Week 49, 2018

Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview). The new WebAuthentication as implemented supports USB-based CTAP2 devices.
https://webkit.org/blog/8517/release-notes-for-safari-technology-preview-71/

Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
https://gravitational.com/blog/kubernetes-websocket-upgrade-security-vulnerability/
https://github.com/evict/poc_CVE-2018-1002105

British Telecom will not use Huawei's 5G kit within the core of the network due to security concerns.
https://www.bbc.com/news/technology-46453425

Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
https://mobile.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944

US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
https://nsarchive.gwu.edu/briefing-book/cyber-vault/2018-12-04/cyber-brief-cryptolog

Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger's attack.
The research with a name "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations" also includes a TLS 1.3 downgrade attack.
http://cat.eyalro.net/

Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an "encryption". Author was probably identified because he registered domain to his own name.
https://movaxbx.ru/2018/12/05/ransomware-infects-100k-pcs-in-china-demands-wechat-payment/

It looks like 13 years old Virut botnet is resurrected in the wild.
https://chrisdietri.ch/post/virut-resurrects/

Great blog on how guy scammed the scammer to send him photo of his ID.
https://medium.com/@hackerfantastic/scamming-the-scammers-2fb934099ccc

Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
https://motherboard.vice.com/en_us/article/59vwez/nearly-250-pages-of-devastating-internal-facebook-documents-posted-online-by-uk-parliament

A User Data of the question-and-answer website Quora were compromised.
https://help.quora.com/hc/en-us/articles/360020212652

The records of 500 million customers of the Marriott International hotel group were compromised.
https://www.bbc.com/news/technology-46401890

Interesting revisited paper: "From Keys to Databases -- Real-World Applications of Secure Multi-Party Computation."
https://eprint.iacr.org/2018/450

GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.
https://github.com/mthbernardes/GTRS

InfoSec Week 39, 2018

Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders.
Some of the Linux developers are now threatening to withdraw the license to all of their code.
https://lulz.com/linux-devs-threaten-killswitch-coc-controversy-1252/

Bug in Twitter sent users' private direct messages to third-party developers who were not authorized to receive them. Some brand accounts should be affected.
https://blog.twitter.com/developer/en_us/topics/tools/2018/details-for-developers-on-Account-Activity-API-bug.html

Qualcomm accuses Apple of stealing chip secrets for the purpose of helping Intel overcome engineering flaws in its chips.
https://www.cnbc.com/2018/09/25/qualcomm-accuses-apple-of-giving-its-chip-secrets-to-intel.html

Australian government pushes for the smartphone spyware implanted by Telco vendors, manufacturers.
https://www.brisbanetimes.com.au/business/companies/spyware-on-phone-fears-as-dutton-pushes-new-security-laws-20180924-p505oc.html

At least the sixth backdoor account was removed from Cisco devices this year.
This time it's "hardcoded credentials" in the Cisco Video Surveillance Manager (VSM) Software.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

ESET researchers discovered, that the Kodi Media Player add-ons are misused for the cryptocurrency mining malware distribution.
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/

According to a stackexchange post, "the Chinese police is forcing whole cities to install an Android spyware app Jingwang Weishi.
They are stopping people in the street and detaining those who refuse to install it."
https://security.stackexchange.com/questions/194353/police-forcing-me-to-install-jingwang-spyware-app-how-to-minimize-impact

Researchers proved that the security of PKCS #1 Digital Signatures is as secure as any of its successors like RSA-PSS and RSA Full-Domain.
https://www.schneier.com/blog/archives/2018/09/evidence_for_th.html

There is a novel cache poisoning attack on WiFi by a remote off-path mitm attack vector.
Takes only 30 seconds and is using interesting multi-packet injection for timing side channel inference for injection. Works on Windows, OSX and Linux.
https://www.usenix.org/conference/usenixsecurity18/presentation/chen-weiteng

InfoSec Week 33, 2018

There is an OpenSSH user enumeration attack against all software versions on all operating systems.
It's a timing attack with proof of concept already published.
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://bugfuzz.com/stuff/ssh-check-username.py

The so-called RedAlpha malware campaign targeting the Tibetan community is deploying a novel “ext4” Linux backdoor. The group is using infrastructure registered with Tsinghua1 University, China and is believed to be conducted by Chinese state-sponsored actors in support of China’s economic development goals.
https://www.recordedfuture.com/chinese-cyberespionage-operations/

The Australia’s Assistance and Access Bill, introduced this week, want to jail people for up to 10 years if they refuse to unlock their phones.
https://nakedsecurity.sophos.com/2018/08/16/australians-who-wont-unlock-their-phones-could-face-10-years-in-jail/

A new research paper named "Piping Botnet - Turning Green Technology into a Water Disaster" demonstrate that the researchers were able to manipulate commercial smart IoT systems used for regulating water and electricity resources.
https://arxiv.org/abs/1808.02131

The guy with his BMW car encountered the theft attempt, where something that looked like a vandalism was actually a really smart attack against the modern alarm system.
https://mrooding.me/a-dutch-first-ingenious-bmw-theft-attempt-5f7f49a96ec8

Cloudflare analyzed the changes and improvements of a new TLS 1.3 (RFC 8446) standard that was finally published last week.
https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

New Foreshadow attack demonstrates how speculative execution can be exploited for reading the contents of Intels' SGX-protected memory as well as extracting the machine’s private attestation key.
https://foreshadowattack.eu/

Practical dictionary attacks are possible against the main mode of IPsec IKEv1/v2 standard. Successful exploitation of a weak password requires only a single active man-in-the-middle attack.
https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html

If you are interested how cryptographic key management is practically done, I have written a blog Commercial Cryptographic Key Management in 2018, where I am explaining a little bit about the hardware, people and processes behind it.
https://www.malgregator.com/key-management.html

Google published BrokenType, the font fuzzing toolset that helped find lots of vulnerabilities in the Windows kernel. It includes a font mutator, generator and loader.
https://github.com/google/BrokenType

InfoSec Week 23, 2018

Australian government drafts new laws, that will force technology giants like Facebook, Google to give government agencies access to encrypted data.
https://www.theguardian.com/technology/2018/jun/06/planned-laws-to-force-tech-firms-to-reveal-encrypted-data

A security researcher at Telspace Systems, Dmitri Kaslov, discovered a vulnerability in the Microsoft Windows JScript component, that can be exploited by an attacker to execute malicious code on a target computer.
https://www.zerodayinitiative.com/advisories/ZDI-18-534/

IBM X-Force Research has uncovered a new Brazilian, Delphi-based MnuBot malware active in the wild. It downloads it's functionality during the execution dynamically from the remote C&C server, so its functionality can be upgraded on the fly.
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/

The US Department of Homeland Security and FBI issues alert over two new malware, Joanap remote access tool and Brambul SMB worm, linked to the Hidden Cobra hacker group.
https://www.us-cert.gov/ncas/alerts/TA18-149A

A Toronto-based investment firm alleges that a rival company hired the Israeli companies tied to state intelligence agencies, to help sway a business dispute over a 2014 bid for a telecommunications company.
https://www.calcalistech.com/ctech/articles/0,7340,L-3739390,00.html

Google announced a project Capillary: End-to-end encryption for push messaging in Android. It should be available backward to API level 19 - KitKat.
https://android-developers.googleblog.com/2018/06/project-capillary-end-to-end-encryption.html

Engineers from the University of Toronto have built a filter that slightly alters photos of people’s faces to keep facial recognition software from realizing what it's looking at. https://joeybose.github.io/assets/adversarial-attacks-face.pdf

Research paper about the business model of a botnet operation, even with a business model canvas!
https://arxiv.org/abs/1804.10848

New research takes on the problem of habituation to security warnings. They have used eye tracking and fMRI data to find out how people react to the security warnings in the software.
https://neurosecurity.byu.edu/misq-longitudinal-2018/

A new paper by Bonnetain and Schrottenloher giving improved quantum attack on a newly proposed Commutative Supersingular Isogeny Diffie–Hellman (CSIDH) key exchange. According to the paper, they show, that the 128-bit classical, 64-bit quantum security parameters proposed actually offer at most 37 bits of quantum security.
https://eprint.iacr.org/2018/537