Tag Check Point

InfoSec Week 50, 2018

According to the New York Times sources, Marriott customers' data were breached by Chinese hackers.
Attribution is hard, especially when investigating government related hacks. We have to wait for more information.
https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html

A Google+ API software update introduced in November had caused the Google+ API to broadcast user profiles to third-party developers, exposing the personal information of more than 52 million users.
https://www.blog.google/technology/safety-security/expediting-changes-google-plus/

Excellent journalistic piece about the location data industry. It's impossible to anonymize this kind of datasets. Really recommended!
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

Check Point researchers found 53 critical bugs in Adobe Reader and Adobe Pro by using WinAFL fuzzer.
https://research.checkpoint.com/50-adobe-cves-in-50-days/

The Cisco Talos team wrote about the various practical side-channel attack scenarios against the encrypted messaging apps like WhatsApp, Telegram, and Signal.
https://blog.talosintelligence.com/2018/12/secureim.html

Study finds 5 out of 17 tested certification authorities are vulnerable to spoofing domain validation by using the IP fragmentation attack.
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

A team behind the open source automation tool Jenkins published a patch for a critical vulnerability that could allow permission checks to be bypassed through the use of specially-crafted URLs.
https://jenkins.io/security/advisory/2018-12-05/

Microsoft took the first step in advocacy for the regulation of a facial recognition technology.
https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/

A recent variant of a Shamoon malware wiped around ten percent PCs of the Italian oil and gas company Saipem.
https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/

Russian State Duma is going to prohibit Russian servicemen from publishing personal information online.
https://informnapalm.org/en/seared-by-napalm-russian-state-duma-advances-legislation-banning-russian-servicemen-from-publishing-personal-information-online/

Researcher Natalie Silvanovich from the Google Project Zero fuzzed WhatsApp application and (surprisingly) didn't find exploitable bugs, just a heap corruption.
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html

Australian guys, there is a GitHub repository where you can ask legal questions about the terrible Assistance and Access Bill. The questions are answered by lawyers.
https://github.com/alfiedotwtf/AABillFAQ

InfoSec Week 31, 2017

A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
https://b0n1.blogspot.sk/2017/08/android-banking-trojan-misuses.html https://www.bleepingcomputer.com/news/security/new-version-of-dangerous-android-malware-sold-on-russian-hacking-forum/

Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
https://securelist.com/steganography-in-contemporary-cyberattacks/79276/

Software researcher from Trail of Bits put Windows Defender to the sandbox.
https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/

Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor

How to completely take over the ones online identity? This guy demonstrated that practically.
https://defaultnamehere.tumblr.com/post/163734466355/operation-luigi-how-i-hacked-my-friend-without

Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
https://medium.com/airbnb-engineering/binaryalert-real-time-serverless-malware-detection-ca44370c1b90

TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/

Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
https://www.cs.uic.edu/~s/papers/juniper2016/juniper2016.pdf

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
https://github.com/gophish/gophish

Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
https://github.com/ciscocsirt/GOSINT

A generic unpacker for packed Android applications released by the Check Point researchers.
https://github.com/CheckPointSW/android_unpacker