There is a remotely exploitable vulnerability in the Vitek CCTV firmware. Reverse netcat shell included.
Matthew Green thinks that the recently discovered "Extended Random" extension of the RSA’s BSAFE TLS library found in the older Canon printers could be NSA backdoor.
Filippo Valsorda presented the key recovery attack against the carry bug in x86-64 P-256 elliptic curve implementation in the Go library. JSON Web Encryption affected.
Explanation how web trackers exploit browser login managers to track users on the Internet.
According to the hacker Konstantin Kozlovsky, the creation of WannaCry and Lurk malware was supervised by the Russian FSB agency.
Short blog about the cracking encrypted (40-bit encryption) PDFs using hashcat.
Crooks behind the VenusLocker ransomware to Monero mining. They are executing Monero CPU miner XMRig as a remote thread under the legitimate Windows component wuapp.exe.
Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme.
Proofpoint researchers published paper on largely undocumented LazarusGroup campaigns targeting cryptocurrency individuals and organizations. The research covers implants and tactics not currently covered in the media.
The AWS team published blog about the recent improvements to the secure random number generation in Linux 4.14, OpenSSL and libc.
Really good introduction to the anonymous communication network design and mix nets in general, published by Least Authority.
Those guys reverse-engineered the Furby Connect DLC file format and are able to remotely upload their own logos, songs to the device over Bluetooth.
There is a critical vulnerability in the MacOS High Sierra, anyone can login as root with empty password after clicking on login button several times. For now, it could be mitigated by just changing the root password.
Very good investigative journalism about the mysterious NSA contractor which could provided top secret documents to the Shadow Brokers.
Uber paid hackers $100k to delete stolen data on 57 million people and shut up. They have even tried to fake it as an bug bounty payment.
Someone published remote code execution exploit for the Exim Mail server (CVE-2017-16944) on GitHub. Shodan.io shows more than 400k servers with the vulnerable CHUNKING feature.
Multiple critical vulnerabilities were found in the Intel Management Engine, Trusted Execution Engine and Server Platform Services by Intel audit after 3rd party researchers reported the privilege escalation vulnerability.
If you have a vulnerable F5, basically attackers can sign anything with your RSA private key. An F5 BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages.
MalwareHunterTeam discovered a new variant of the CryptoMix ransomware. It uses hardcoded RSA keys and can work offline.
Attackers are using Microsoft’s Office documents Dynamic Data Exchange protocol to download and install malware. Microsoft does not consider it a vulnerability.
Nice step by step guide on how to put shellcode into a legitimate PE file, and make it undetectable.
Extensive review of U2F hardware devices.
al-khaser is a PoC malware with good intentions that aims to stress your anti-malware system. It performs a bunch of nowadays malware tricks and the goal is to see if you stay under the radar.
Puffs is a domain-specific language and library for parsing untrusted file formats safely. Examples of such file formats include images, audio, video, fonts and compressed archives.
Researchers exploited antivirus software quarantine mechanism to gain privileges by manipulating the restore process from the virus quarantine. By abusing NTFS directory junctions, the AV quarantine restore process can be manipulated, so that previously quarantined files can be written to arbitrary file system locations.
Wikileaks released source code of leaked CIA hacking tools and it indicates that the CIA used fake certificates attributed to Kaspersky Labs for signing their malware.
A security researcher has discovered factory application in OnePlus devices. It can be used to gain root privileges, dump photos, collect WiFi & GPS information.
Researchers from the Princeton university have been studying third-party trackers that record sensitive personal data that users type into websites, and the results are not good.
iPhone X's Face ID facial recognition security mechanism system was circumvented by Vietnam experts using a 3D mask.
Security researcher Maxim Goryachy reports being able to execute unsigned code on computers running the Intel Management Engine through USB.
Deep dive into the Facebook sextorcism scheme using fake young girls profiles by the guys from Marseille.
Long read about how the security breaches by the Shadow Brokers damaged the US National Security Agency.
Analysis of a low cost Chinese GSM listening and location device hidden inside the plug of a standard USB data/charging cable.
Privacy Pass is a browser extension for Chrome and Firefox, which uses privacy-preserving cryptography to allow users to authenticate to the services without compromising their anonymity. It uses blind signature schemes.
Researchers from the Masaryk University finally published full paper of the practical cryptographic attack against the implementation of RSA in the widely used trusted platform modules / crypto tokens.
"The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli" https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf
Those guys published an interesting paper about the secure cryptographic computation with the threat model without attackers based on Earth. They are proposing SpaceHSM hardware secure devices on the orbit.
"SpaceTEE: Secure and Tamper-Proof Computing in Space using CubeSats"
There is a small chance that the documents encrypted by Bad Rabbit ransomware could be recovered without paying ransom, if the shadow copies had been enabled in the Windows prior to infection. Victims can restore the original versions of the encrypted files using standard Windows backup mechanism.
For technical analysis of the Bad Rabbit ransomware, see the second link.
Google is going to deprecate the use of pinned public key certificates, public key pinning (PKP), from the Google Chrome browser.
The British government has publicly attributed North Korean government hackers as a source behind the "WannaCry" malware epidemy.
Multiple remote execution vulnerabilities (CVE-2017-13089, CVE-2017-13090) were patched in the popular software Wget. Update!
The source code of an AhMyth Android remote administration tool is available on GitHub. It can steal contact information, turn on camera, microphone, read SMS, and more.
Malscan is a robust and fully featured scanning platform for Linux servers built upon the ClamAV platform, providing all of the features of Clamscan with a host of new features and detection modes.
There is an update for the world's fastest and most advanced password recovery utility Hashcat.
Interesting research on the possibility of a cheap online surveillance.
"In this work we examine the capability of [..] an individual with a modest budget -- to access the data collected by the advertising ecosystem. Specifically, we find that an individual can use the targeted advertising system to conduct physical and digital surveillance on targets that use smartphone apps with ads."
Mnemonic company together with the Norwegian Consumer Council tested several smartwatches for children and found numerous security vulnerabilities that allows child tracking, etc.
The Cisco Talos team discovered an e-mail campaign spreading malicious Visual Basic inserted in a Cyber Conflict U.S. conference flyer, targeting cyber warfare conference participants.
SfyLabs security researchers have spotted a new Android banking trojan named LokiBot. It has banking trojan functionality, but turns into ransomware and locks users out of their phones if they try to remove its admin privileges.
There is a newly published cryptographic attack on some legacy systems like Fortinet FortiGate VPN, which uses ANSI X9.31 random number generator with a hardcoded seed key.
Nice explanation of a remote code execution vulnerability (CVE-2017-13772) on a TP-Link WR940N home WiFi router.
Purism’s Librem Laptops running open-source coreboot firmware are now available with completely disabled Intel Management Engine.
Wire, open source end-to-end encrypted messenger is now open for corporate clients. It offers secure chats, calls and file sharing while following strict European data protection laws.
Danish conglomerate Maersk expects to lose between $200-300m due to Petya ransomware infection, according to their latest quarterly results.
A Windows Object Linking Embedding (OLE) interface vulnerability in Microsoft PowerPoint in being exploited in order to install malware.
Interesting blog about the exploitation of a Foxit Reader.
"A tale about Foxit Reader - Safe Reading mode and other vulnerabilities"
Engineer decrypts Apple's Secure Enclave Processor (SEP) firmware.
Facebook awards $100,000 to 2017 Internet Defense Prize winning paper "Detecting Credential Spearphishing Attacks in Enterprise Settings". Very useful research for urgent topic.
Cryptographic library Libsodium has been audited by Matthew Green of Cryptography Engineering.
New research on integer factorization suggests that "build a massive decryption tool of IPsec traffic protected by the Oakley group~1 (a 768-bit discrete logarithm problem), was feasible in a reasonable time using technologies available before the year 2000." https://eprint.iacr.org/2017/758
EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python.
A new version of the Svpeng Android banking trojan is able to record everything users type on their devices. Crazy stuff.
Great blog by Kaspersky Lab about the steganography techniques used by malware for data exfiltration, covert communication.
Software researcher from Trail of Bits put Windows Defender to the sandbox.
Proofpoint researchers found a spear phishing campaign delivering Carbanak malware to the U.S. restaurant chains.
How to completely take over the ones online identity? This guy demonstrated that practically.
Airbnb released the open-source serverless framework for detecting malicious files called BinaryAlert. It uses YARA rules, and takes advantage of AWS Lambda functions for analysis instead of a traditional server architecture. Also uses Terraform to manage underlying infrastructure. Interesting project.
TrickBot malware added worm-like SMB spreading module popularized by WannaCry, Petya samples.
Analysis of the Juniper ScreenOS randomness subsystem backdoor Dual EC backdoor. Complex, Fascinating stuff.
From the research paper: "The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator"
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
Cisco CSIRT has released GOSINT, open source threat intelligence gathering and processing framework.
A generic unpacker for packed Android applications released by the Check Point researchers.
Microsoft has analyzed EnglishmansDentist exploit used against the Exchange 2003 mail servers on the out-dated Windows Server 2003 OS. Exploit was released by ShadowBrokers back in April 2017.
ESET researchers have analyzed a Stantinko botnet consisting of almost half a million machines used for ad-related fraud. It uses malicious Chrome extensions, but also creating and managing Facebook profiles and brute-forcing Joomla and WordPress websites.
A buffer overflow in the Source SDK in Valve's Source SDK allows an attacker to remotely execute code on a user's computer machine.
Secure messaging application Wire is now supporting end-to-end encrypted chats, file sharing and calls to businesses. But it's paid feature.
Briar, a secure messaging app for Android, was released for a public beta testing. It's using Tor, or P2P direct messaging over Wifi, Bluetooth. Very interesting project.
D. J. Bernstein has published blog about the secure key material erasure: "2017.07.23: Fast-key-erasure random-number generators"
Google Project Zero analyzed the security properties of the two major Trusted Execution Environment present on Android devices - Qualcomm’s QSEE and Trustonic’s Kinibi.
Prowler is a tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark.
Hardentools is a utility that disables a number of risky Windows "features" exposed by Windows operating system.
Some good souls are selling Ransomware as a service. It has own logo, support, bug tracker, and a clean website.
The webpage of the open-source video transcoder application Handbrake was compromised and served malware for the Mac users.
Comparison of the "http81 IoT botnet" against the Mirai source code. The C&C code is different, but they took some parts of the published source code.
IBM shipped malware infected USB flash drives to the customers.
Shodan can now find malware C&C servers.
Deep insight into use-after-free vulnerability and many possibilities how to exploit it. https://scarybeastsecurity.blogspot.ch/2017/05/ode-to-use-after-free-one-vulnerable.html
Critical remotely exploitable vulnerability found in the Microsofts' Malware Protection service.
The criminals are stealing 2FA tokens by abusing widespread telecommunications network equipment.
Guido Vranken found a vulnerability (CVE-2017-8779) that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote RPCBIND host, and the memory is never freed unless the process crashes or the administrator halts or restarts the RPCBIND service.
Good summary of an iCloud Keychain Secrets vulnerability (CVE-2017–2448). From the blog:
"This allows an adversary to craft an OTR message which can negotiate a key successfully while bypassing the actual signature verification...Considering that OTR uses ephemeral keys for encryption, this flaw implies that a syncing identity key is no longer required for an adversary with Man In The Middle capabilities to negotiate an OTR session to receive secrets."
Researchers developed the cheapest way so far to hack a passive keyless entry system, as found on some cars. No cryptography broken.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Linux Malware Detect (LMD) is a malware scanner for Linux designed around the threats faced in shared hosted environments.