Researchers from the Palo Alto Networks analyzed new Mirai and Gafgyt IoT/Linux botnet campaigns. The samples used more than 11 exploits for spreading, exploiting D-Link, Dasan GPON routers.
Brian Krebs published a blog post about the current status of the Universal 2nd Factor (U2F) support. Google practically eliminated employee phishing by introducing mandatory usage of the physical security keys.
There is a new module for the CHIPSEC Security Assessment Framework to check CPU USB debug features and host Direct Connection Interface (DCI), which can be used to modify system firmware with physical access and introduce "Evil Maid" firmware attacks.
Chinese police arrested malware developers for hacking millions of computers to steal $2 million in cryptocurrencies.
Paper on a new Spectre variant called SpectreRSB was published with the name "Spectre Returns! Speculation Attacks using the Return Stack Buffer".
According to a paper „none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks.“
The source code of an Exobot Android Banking Trojan has been leaked online back in May has rapidly spread in the malware community.
Because of insufficient validation of parameters in many Bluetooth implementations, attackers can inject invalid elliptic curve parameters which aren’t checked by many implementations in an invalid public key making session keys vulnerable.
The Cisco Talos security team found multiple vulnerabilities, including remote code execution vulnerability in the Sony IPELA E series network camera. https://blog.talosintelligence.com/2018/07/sony-ipela-vulnerability-spotlight-multiple.html
NSA declassified papers from John Tiltman, one of Britain’s top cryptanalysts during the Second World War, which reveal how pre-world war 2 Brits analyzed and decrypted Russian cryptography.
500,000 routers in more than 50 countries are infected with the malware targeting routers. Primarily home devices like Linksys, MikroTik, NETGEAR and TP-Link.
Cisco's Talos Security attributed malware to the future Russian cyber operations against the Ukraine. The US FBI agents seize control of the botnet.
The Internet Archive's Wayback Machine is deleting evidence on the malware sellers. They have removed from their archive a webpage of a Thailand-based firm FlexiSpy, which offers desktop and mobile malware.
According to the McAfee team, North Korean threat actor Sun Team is targeting defectors using the malicious Android applications on Google Play.
Don't use sha256crypt & sha512crypt primitives as shipped with GNU/Linux, they're leaking information about the password via time duration of a hashing operation.
Not critical vulnerability, but good to know.
The Intercept published an interesting article about the Japanese signals intelligence agency, based on Snowden's leaks.
The US FBI repeatedly overstated encryption threat figures to Congress and the public.
The US internet provider Comcast was leaking the usernames and passwords of customers’ wireless routers to anyone with the valid subscriber’s account number and street address number.
Amazon is pitching their facial recognition technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos.
Great blog about the SMS binary payloads and how SMS is weakening mobile security for years.
Researchers from the Eclypsium found a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. They have even published Proof-of-concept.
The city of Atlanta government has become the victim of a ransomware attack. The ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees were told to turn off their computers.
The academic researchers have discovered a new side-channel attack method called BranchScope that can be launched against devices with Intel processors and demonstrated it against an SGX enclave. The patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
Good insight into the ransomware business and how it operates, how it transfers Bitcoin funds, with data gathered over a period of two years.
The paper is named "Tracking Ransomware End-to-end"
Mozilla has created a Facebook Container extension for Firefox, which should enable users to protect their online habits by sandboxing Facebook webpage.
Interesting article about the North Korean army of hackers operating abroad with the mission to earn money by any means necessary.
Unified logs in the MacOS High Sierra (up to 10.13.3) show the plain text password for APFS encrypted external volumes via disk utility application.
SophosLabs researchers analyzed a new Android malware which is pretending to he a legitimate QR reader application, but actually is monetizing users by showing them a flood of full-screen advertisements. More than 500k apps were installed.
CloudFlare published a Merkle Town dashboard, Certificate Transparency logs visualization tool.
Facebook is tracking users' phone call information via their Android Messenger application.
There are multiple critical vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software.
New version (4.0) of the most secure operating system on the planet - Qubes OS was released.
Wandera security researchers spotted a new sophisticated Android RedDrop malware hidden in at least 53 Android applications. It can intercept SMS, record audio and exfiltrate data to the remote server.
There is an experimental support for forward secure post-quantum Extended Hash-Based Signatures (XMSS) in the OpenSSH protocol.
Blog by Matthew Green on the probable encryption key handling by Apple in the China mandated cloud. Not really satisfied explanation, only guesses, as Apple is silent about the exact key handling methodology.
Cloudflare detected new Memcached based amplification DDoS attack vector. The attacker just implants a large payload on an exposed memcached server, then, the attacker spoofs the "get" request message with target Source IP address. The memcached server could be really huge - around 1MB.
A group of computer scientists from the US and China published a paper proposing the first-ever trojan for a neural network. It's called PoTrojan and is triggered by special network input. After that, the network start to work differently.
The Cisco Talos team analyzed attribution claims around Olympic Destroyer malware. The result is to not imply blindly to Russia. Attribution is hard.
New KeePassXC version 2.3.0 was released. There are lots of new features, like new Argon2 key derivation function, SSH agent integration, browser plugin.
Trustico SSL certificate reseller revoked 23000 customer certificates by sending private keys(?!) over email to the Digicert certification authority.
There are rumors that major U.S. government contractor Cellebrite is able to unlock all current iPhone models.
An advertising network has been using a well-known malware trick, a Domain Generation Algorithm (DGA), to bypass ad blockers and deploy in-browser cryptocurrency miners since December 2017.
A novel technique is using hardware branch predictor side channel attack to bypass ASLR protection:
"Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR"
Fraudsters are impersonating authors and publishing computer generated books so they can launder money via Amazon.
Crooks made over $3 million by installing cryptocurrency miners on Jenkins Servers by exploiting Java deserialization RCE vulnerability (CVE-2017-1000353) in the Jenkins.
Tesla's Kubernetes installed in the Amazon AWS infrastructure was compromised by hackers.They have set up private cryptocurrency mining pool there.
The co-founder of WhatsApp, Brian Acton, has given $50 millions to support Signal messenger and create a self-sustaining foundation. Very good news for this donation funded privacy technology.
Hackers are exploiting the CISCO ASA vulnerability (CVE-2018-0101) in attacks in the wild.
Security Researcher Troy Hunt published half a billion passwords collected and processed from various breaches. There is also API for this dataset, and some statistics about the password usage.
There is a critical vulnerability in Mi-Cam baby monitors that let attackers spy on infants. At least 52k users are affected.
Public key cryptography explained in the form of Ikea instructions. Check other images as well!
The "Janus" Android vulnerability (CVE-2017-13156) allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. The vulnerability allows attackers to inject malware into legitimate application and avoiding detection.
According to the research by Hanno Böck, Juraj Somorovsky and Craig Young, the Bleichenbacher’s attack on RSA PKCS#1v1.5 encryption still works on almost 3% of the Alexa top million most visited websites. The researchers were even able to sign a message using Facebook’s private TLS key. Vendors like Citrix, F5, Cisco, and multiple SSL implementations are affected.
HP had a keylogger in the Touchpad driver, which was disabled by default, but could be enabled by setting a registry value.
There is a remote root code execution flaw (CVE-2017-15944) in the Palo Alto Networks firewalls.
Researchers from the Group-IB spotted the operations of a Russian-speaking MoneyTaker group that stole as much as $10 million from US and Russian banks.
Recorded Future analyzed costs of various cybercriminal services sold on the dark market.
Internet traffic for organizations such as Google, Apple, Facebook, Microsoft, Twitch were briefly rerouted to Russia.
Microsoft started rolling out an update for Malware Protection Engine to fix a remotely exploitable bug discovered by the British intelligence agency.
Avast open-sources RetDec machine-code decompiler for platform-independent analysis of executable files. It's based on LLVM.
Wireless network sniffer Kismet now supports the DJI DroneID UAV telemetry extensions.
Wazuh - Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
It supports log management and analysis, integrity monitoring, anomaly detection and compliance monitoring.
Wifiphisher is an automated victim-customized phishing attacks against Wi-Fi clients.
Interesting research on the possibility of a cheap online surveillance.
"In this work we examine the capability of [..] an individual with a modest budget -- to access the data collected by the advertising ecosystem. Specifically, we find that an individual can use the targeted advertising system to conduct physical and digital surveillance on targets that use smartphone apps with ads."
Mnemonic company together with the Norwegian Consumer Council tested several smartwatches for children and found numerous security vulnerabilities that allows child tracking, etc.
The Cisco Talos team discovered an e-mail campaign spreading malicious Visual Basic inserted in a Cyber Conflict U.S. conference flyer, targeting cyber warfare conference participants.
SfyLabs security researchers have spotted a new Android banking trojan named LokiBot. It has banking trojan functionality, but turns into ransomware and locks users out of their phones if they try to remove its admin privileges.
There is a newly published cryptographic attack on some legacy systems like Fortinet FortiGate VPN, which uses ANSI X9.31 random number generator with a hardcoded seed key.
Nice explanation of a remote code execution vulnerability (CVE-2017-13772) on a TP-Link WR940N home WiFi router.
Purism’s Librem Laptops running open-source coreboot firmware are now available with completely disabled Intel Management Engine.
Wire, open source end-to-end encrypted messenger is now open for corporate clients. It offers secure chats, calls and file sharing while following strict European data protection laws.
A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
Software researcher from Trail of Bits put Windows Defender to the sandbox.
Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
How to completely take over the ones online identity? This guy demonstrated that practically.
Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
A generic unpacker for packed Android applications released by the Check Point researchers.