Tag bug

InfoSec Week 4, 2019

Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.
https://www.engadget.com/2019/01/23/microsoft-edge-mobile-fake-news

A vulnerability in the apt package allows a network man-in-the-middle or malicious mirror to execute arbitrary code as root on a machine installing any packages.
https://justi.cz/security/2019/01/22/apt-rce.html

Encryption mode in the well-known compression software 7-Zip uses poor randomness when generating AES initialization vectors.
https://sourceforge.net/p/sevenzip/bugs/2176/

Turns out that the MySQL server has access to all client local files. Patched server can upload clients' files like SSH keys.
https://gwillem.gitlab.io/2019/01/20/sites-hacked-via-mysql-protocal-flaw/

Daniel Miessler published a short blog about the reasons why software remains insecure.
TLDR: "Basically, software remains vulnerable because the benefits created by insecure products far outweigh the downsides. Once that changes, software security will improve—but not a moment before."
https://danielmiessler.com/blog/the-reason-software-remains-insecure/

Trend Micro engineers found applications in the Google Play store that drop Anubis banking malware after the device motion sensors are activated to evade initial detection.
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/

Interesting Twitter bug was filled via HackerOne platform - changing email address on Twitter for Android unsets “Protect your Tweets” flag and make protected tweets public.
https://hackerone.com/reports/472013

Great in-depth blog about the finding and exploiting bugs in Marvell Avastar Wi-Fi.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

WPintel - Chrome extension designed For WordPress vulnerability scanning and information gathering.
https://github.com/Tuhinshubhra/WPintel

InfoSec Week 32, 2018

A Comcast security flaws exposed more than 26 millions of customers’ personal information. Basically, an attacker could spoof IP address using "X-forwarded-for" header on a Comcast login page and reveal the customer’s location.
https://www.buzzfeednews.com/article/nicolenguyen/a-comcast-security-flaw-exposed-millions-of-customers

According to the Check Point Research, more than 150k computers are infected with the new variant of Ramnit botnet named Black. Botnet install second stage malware with the proxy functionality.
https://research.checkpoint.com/ramnits-network-proxy-servers/

Malware infected Apple chip maker Taiwan Semiconductor Manufacturing. All of their factories were shut down last week, but they had already recovered from the attack.
https://www.bloomberg.com/news/articles/2018-08-04/tsmc-takes-emergency-steps-as-operations-hit-by-computer-virus

A flaw in the Linux kernel may cause a remote denial of service [CVE-2018-5390]. Attack require less than 2 Kbps of traffic.
https://access.redhat.com/articles/3553061

GDPR and other cookie consent scripts are used to distribute malware.
https://blog.sucuri.net/2018/08/cookie-consent-script-used-to-distribute-malware.html

Interesting blog on how criminals in Iran make money by creating Android malware apps.
https://blog.certfa.com/posts/pushiran-dl-malware-family/

Let's Encrypt root CA certificate is now trusted by all major root programs. They were dependent on a cross-signing on some systems, so this is great news!
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html

There is a really effective new attack on WPA PSK (Pre-Shared Key) passwords. Attackers can ask Access Point for the data required for offline cracking, no client traffic sniffing is needed anymore.
https://hashcat.net/forum/thread-7717.html

Innovative new research on a software implementation hardening was published with the name "Chaff Bugs: Deterring Attackers by Making Software Buggier".
The idea is simple, introduce a large number of non-exploitable bugs in the program which makes the bug discovery and exploit creation significantly harder.
https://arxiv.org/abs/1808.00659

Researchers from the University of Milan published padding oracle attack against Telegram Passport.
Don't roll your own cryptography schemes if other people depend on it...
https://pequalsnp-team.github.io/writeups/analisys_telegram_passport

A Handshake is a new experimental peer-to-peer root DNS. They have published resolver source code and have test network up and running. Looks like really promising project.
https://handshake.org/

InfoSec Week 24, 2018

Yet another high severity attack against the Intel CPUs. Unpatched systems can leak SIMD, FP register state between privilege levels. These registers are used for private keys nowadays.
The cost of a patch is more expensive context switches because the fix has to unload and reload all SIMD, FP state.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

The team behind the CopperheadOS, hardened Google-free Android fork, has imploded. Guys, CEO and CTO (main and probably the only developer) are blaming each other.
https://twitter.com/DanielMicay/status/1006299769214562305

Chromium devs are planning to enforce TLS protocol invariants by rolling new TLS 1.3 versions every six weeks.
According to the developers: "Every six weeks, we would randomly pick a new code point. These versions will otherwise be identical to TLS 1.3, save maybe minor details to separate keys and exercise allowed syntax changes. The goal is to pave the way for future versions of TLS by simulating them (“draft negative one”)."
https://www.ietf.org/mail-archive/web/tls/current/msg26385.html

The Kromtech Security Center found 17 malicious docker images stored on Docker Hub for an entire year. With more than 5 million pulls, containers were primarily used to mine cryptocurrency.
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers

At least 74 persons, mostly Nigerians, were arrested due to crimes related to the business e-mail compromise schemes.
https://garwarner.blogspot.com/2018/06/74-mostly-nigerians-arrested-in.html

Good summary of the existing inter-service authentication schemes. Bearer, hmac based tokens etc.
https://latacora.singles/2018/06/12/a-childs-garden.html

There is an Ancient "su - hostile" vulnerability in Debian 8 & 9. Doing "su - hostile" may lead to the root privilege escalation. Default sudo -u probably is affected too.
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/

There is a critical command injection vulnerability in the macaddress NPM package.
https://nodesecurity.io/advisories/654

Blog about the crafting remote code execution via server-side spreadsheet injection.
https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/

An implementation flaw in multiple cryptographic libraries allows a side-channel based attacker to recover ECDSA or DSA private keys. Lots of libraries affected, like LibreSSL, Mozilla NSS, OpenSSL, etc.
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/