Tag Check Point

InfoSec Week 8, 2019

Dutch security researcher Victor Gevers found misconfigured MongoDB database containing facial recognition and other sensitive information about the Uyghur Muslim minority in China. Looks like the company behind the database is Chinese surveillance company SenseNets.
https://www.zdnet.com/article/chinese-company-leaves-muslim-tracking-facial-recognition-database-exposed-online/

The UK's GCHQ intelligence agency subsidiary, the National Cyber Security Centre, evaluated Huawei devices with the vendor and unofficially decided that the risk using Huawei devices in the infrastructure can be managed.
This is a quite interesting turning point as other US allies are banning Huawei devices from their networks.
https://www.bbc.com/news/business-47274643

If you want to know the alternatives for the PGP functionality, George Tankersley wrote a nice list for that.
https://blog.gtank.cc/modern-alternatives-to-pgp/

Open Privacy Research Society released an alpha version of Cwtch, decentralized, privacy-preserving, asynchronous multi-party messaging protocol that can be used to build other applications.
https://openprivacy.ca/blog/2019/02/14/cwtch-alpha/

Linux kernel through 4.20.10 version contain use after free arbitrary code execution vulnerability.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912

Check Point researchers have discovered 19 years old critical vulnerability in the WinRAR software that can be exploited just by extracting an archive.
https://research.checkpoint.com/extracting-code-execution-from-winrar/

Tavis Ormandy discovered old stack buffer overflow vulnerability in the MatrixSSL implementation used primarily by the embedded devices.
https://www.openwall.com/lists/oss-security/2019/02/15/1

Really in-depth article about the discovery and exploitation of the local privilege elevation vulnerability in the LG kernel driver (CVE-2019-8372).
http://www.jackson-t.ca/lg-driver-lpe.html

Microsoft is finally deprecating weak SHA-1 hash family in their Windows update mechanism.
https://arstechnica.com/gadgets/2019/02/mandatory-update-coming-to-windows-7-2008-to-kill-off-weak-update-hashes/

Brian Krebs wrote an article about the recent widespread DNS hijacking attacks attributed to the Iranian hackers.
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

Independent Security Evaluators published a security comparison of the top five password managers which are working on Windows 10.
https://www.securityevaluators.com/casestudies/password-manager-hacking/

InfoSec Week 50, 2018

According to the New York Times sources, Marriott customers' data were breached by Chinese hackers.
Attribution is hard, especially when investigating government related hacks. We have to wait for more information.
https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html

A Google+ API software update introduced in November had caused the Google+ API to broadcast user profiles to third-party developers, exposing the personal information of more than 52 million users.
https://www.blog.google/technology/safety-security/expediting-changes-google-plus/

Excellent journalistic piece about the location data industry. It's impossible to anonymize this kind of datasets. Really recommended!
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

Check Point researchers found 53 critical bugs in Adobe Reader and Adobe Pro by using WinAFL fuzzer.
https://research.checkpoint.com/50-adobe-cves-in-50-days/

The Cisco Talos team wrote about the various practical side-channel attack scenarios against the encrypted messaging apps like WhatsApp, Telegram, and Signal.
https://blog.talosintelligence.com/2018/12/secureim.html

Study finds 5 out of 17 tested certification authorities are vulnerable to spoofing domain validation by using the IP fragmentation attack.
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

A team behind the open source automation tool Jenkins published a patch for a critical vulnerability that could allow permission checks to be bypassed through the use of specially-crafted URLs.
https://jenkins.io/security/advisory/2018-12-05/

Microsoft took the first step in advocacy for the regulation of a facial recognition technology.
https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/

A recent variant of a Shamoon malware wiped around ten percent PCs of the Italian oil and gas company Saipem.
https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/

Russian State Duma is going to prohibit Russian servicemen from publishing personal information online.
https://informnapalm.org/en/seared-by-napalm-russian-state-duma-advances-legislation-banning-russian-servicemen-from-publishing-personal-information-online/

Researcher Natalie Silvanovich from the Google Project Zero fuzzed WhatsApp application and (surprisingly) didn't find exploitable bugs, just a heap corruption.
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html

Australian guys, there is a GitHub repository where you can ask legal questions about the terrible Assistance and Access Bill. The questions are answered by lawyers.
https://github.com/alfiedotwtf/AABillFAQ

InfoSec Week 31, 2017

A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
https://b0n1.blogspot.sk/2017/08/android-banking-trojan-misuses.html https://www.bleepingcomputer.com/news/security/new-version-of-dangerous-android-malware-sold-on-russian-hacking-forum/

Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
https://securelist.com/steganography-in-contemporary-cyberattacks/79276/

Software researcher from Trail of Bits put Windows Defender to the sandbox.
https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/

Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor

How to completely take over the ones online identity? This guy demonstrated that practically.
https://defaultnamehere.tumblr.com/post/163734466355/operation-luigi-how-i-hacked-my-friend-without

Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
https://medium.com/airbnb-engineering/binaryalert-real-time-serverless-malware-detection-ca44370c1b90

TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/

Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
https://www.cs.uic.edu/~s/papers/juniper2016/juniper2016.pdf

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
https://github.com/gophish/gophish

Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
https://github.com/ciscocsirt/GOSINT

A generic unpacker for packed Android applications released by the Check Point researchers.
https://github.com/CheckPointSW/android_unpacker