Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
Security engineer Chris Palmer published blog about the state of software security in 2019.
The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.
The New York Times published an article about the insecurity of the mobile networks' Signaling System 7 (SS7) and the unwillingness to address mobile network vulnerabilities in general.
Iraq government took down unlicensed towers used for illegal internet bandwidth smuggling operation in the disputed province of Kirkuk.
Indias' Ministry of Home Affairs has issued a notification authorizing 10 agencies to tap, intercept and decrypt all personal data on computers and networks.
Yet another article from NY Times, this time on how Facebook uses 7500 moderators around the world to keep content "normal".
Hackers are infecting Linux servers with JungleSec ransomware using IPMI remote console, manually running encryption program, then asking for ransom.
The beta version of the WireGuard next gen VPN for iOS was released into the App Store.
Someone from the France uploaded a new sample of Shamoon wiper malware to VirusTotal. The sample is signed with Baidu digital certificate expired back in 2016.
The Wired magazine published a list of articles they have published on a security topic in 2018. Some of them are really good.
Amazon sends 1700 Alexa voice recordings to a random person.
Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly.
They are using it to detect code statically-linked vulnerable library functions in executables.
London's police is testing facial recognition technology in central London this week. Feel free to get your face scanned and processed for the bright future.
Facebook gave Spotify and Netflix access to a users' private messages. Also shared user information with Microsoft, Amazon, Yahoo without explicit consent.
Researchers published results of an investigation into Russian election interference on behalf of the US Senate Intelligence Committee. They have analyzed data sets from Facebook, Twitter, Google.
Adam Langley wrote about their further Google Chrome TLS experiments with the post-quantum lattice based cryptography.
Matthew Green wrote his thoughts on GCHQ’s latest proposal for surveilling encrypted messaging and phone calls.
Tencent Blade Team discovered a remote code execution vulnerability in SQLite. It was already fixed in Chromium.
Good story about the investigation of the Chinese industrial espionage.
University of California, Berkeley researchers are building open-source secure enclave using RISC-V.
Well-known cypherpunk movement founder Timothy May passed away.
Microsoft introduced Windows Sandbox for applications.
Interesting paper on systematic parsing of X.509 certificates with strong termination guarantees: "Systematic Parsing of X.509: Eradicating Security Issues with a Parse Tree".
A Dive into Cypherlock, a tool that could prevent forced decryption.
Instant, re-usable, generic MD5 collisions over different file formats. https://github.com/corkami/pocs/blob/master/collisions/README.md
Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview).
The new WebAuthentication as implemented supports USB-based CTAP2 devices.
Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
British Telecom will not use Huawei's 5G kit within the core of the network due to security concerns.
Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger's attack.
The research with a name "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations" also includes a TLS 1.3 downgrade attack.
Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an "encryption". Author was probably identified because he registered domain to his own name.
It looks like 13 years old Virut botnet is resurrected in the wild.
Great blog on how guy scammed the scammer to send him photo of his ID.
Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
A User Data of the question-and-answer website Quora were compromised.
The records of 500 million customers of the Marriott International hotel group were compromised.
Interesting revisited paper: "From Keys to Databases -- Real-World Applications of Secure Multi-Party Computation."
GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.
Google disables domain fronting capability in their App Engine, which was used to evade censorship. What a fortunate timing.
Bloomberg published article on how Palantir is using the War on Terror tools to track American citizens.
The U.S. and the UK blame Russia for a campaign of hacks into routers, switches and other connected infrastructure.
One of the people charged for the Reveton ransomware trojan was actually working as a Microsoft network engineer.
Intel processors now allow antivirus (mostly Microsoft right now) to Use built-in GPUs for in-memory malware scanning.
Avast shared CCleaner breach timeline. They were infiltrated via TeamViewer. More than 2.3 million users, 40 companies infected.
Nice blog post about the quantum resistant hash-based signature schemes. No public key cryptography.
New Android P enables users to change default DNS server, it will also support DNS over TLS.
There is a new web standard for authentication, designed to replace password login method with the public key cryptography and biometrics.
OpenSSL is vulnerable to a cache timing vulnerability in RSA Key Generation (CVE-2018-0737).
Could be theoretically exploited by some hypervisor, but they have decided not to release emergency fix.
The Endgame has released Ember (Endgame Malware BEnchmark for Research), an open source collection of 1.1 million portable executable file metadata & derived features from the PE files, hashes and a benchmark model trained on those features.
Facebook, Google, Cisco, WhatsApp and other industry partners get together to create Message Layer Security as an open standard for end-to-end encryption with formal verification. Messaging Layer Security is now an IETF working group as well.
Long read about the takedown of Gooligan, Android botnet that was stealing OAuth credentials back in 2016.
The Israeli security company CTS Labs published information about a series of exploits against AMD chips just one day after they have notified the AMD.
Russia orders company behind the Telegram messaging application to hand over users’ encryption keys.
Hacker behind Guccifer 2.0 pseudonym, known for providing WikiLeaks with stolen emails from the US Democratic National Committee, was an officer of Russia’s military intelligence directorate.
Fascinating in depth blog about the breaking security of the Ledger cryptocurrency hardware wallet.
There was a Facebook bug which made persistent XSS in Facebook wall possible by embedding an external video using the Open Graph protocol.
Documents leaked by Edward Snowden reveal that the NSA worked to “track down” Bitcoin users.
Dark Web Map - a visualization of the structure of 6.6k Tor's onion services, a.k.a. hidden services, a.k.a. the dark web.
The Fidelis Cybersecurity researcher Jason Reaves demonstrated how covertly exchange data using X.509 digital certificates. The proof of concept code is using SubjectKeyIdentifier and generating certificates on the fly.
The "UDPoS" Point of Sale malware is using DNS traffic to exfiltrate stolen credit card data.
Talos analyzed malware threat targeting Olympic computer systems during the opening ceremony. The main purpose was information gathering and destroying the system.
Zero-day vulnerability in the Bitmessage messaging client was exploited to steal Electrum cryptocurrency wallet keys.
Trustwave analyzed multi-stage Microsoft Word attack which is NOT using macros. Really creative technique.
Microsoft can't fix Skype privilege escalation bug without the massive code rewrite, so they postponed it for a while.
Facebook is advertising their Onavo VPN application, but there are a few reasons why it is really not a good idea to use it.
Facebook is spamming users via SMS registered for two factor authentication (2FA). Then posts their responses on a wall.
(Not only) Performance analysis of a Retpoline mitigation for Spectre vulnerability.
A guide on how to brutefoce Linux Full Disk Encryption (LUKS) volumes using Hashcat software.
Proof of concept of LibreOffice remote arbitrary file disclosure vulnerability. It is possible to silently send any files. All operating systems affected before 5.4.5/6.0.1 versions.
The "Janus" Android vulnerability (CVE-2017-13156) allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. The vulnerability allows attackers to inject malware into legitimate application and avoiding detection.
According to the research by Hanno Böck, Juraj Somorovsky and Craig Young, the Bleichenbacher’s attack on RSA PKCS#1v1.5 encryption still works on almost 3% of the Alexa top million most visited websites. The researchers were even able to sign a message using Facebook’s private TLS key. Vendors like Citrix, F5, Cisco, and multiple SSL implementations are affected.
HP had a keylogger in the Touchpad driver, which was disabled by default, but could be enabled by setting a registry value.
There is a remote root code execution flaw (CVE-2017-15944) in the Palo Alto Networks firewalls.
Researchers from the Group-IB spotted the operations of a Russian-speaking MoneyTaker group that stole as much as $10 million from US and Russian banks.
Recorded Future analyzed costs of various cybercriminal services sold on the dark market.
Internet traffic for organizations such as Google, Apple, Facebook, Microsoft, Twitch were briefly rerouted to Russia.
Microsoft started rolling out an update for Malware Protection Engine to fix a remotely exploitable bug discovered by the British intelligence agency.
Avast open-sources RetDec machine-code decompiler for platform-independent analysis of executable files. It's based on LLVM.
Wireless network sniffer Kismet now supports the DJI DroneID UAV telemetry extensions.
Wazuh - Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
It supports log management and analysis, integrity monitoring, anomaly detection and compliance monitoring.
Wifiphisher is an automated victim-customized phishing attacks against Wi-Fi clients.
Researchers exploited antivirus software quarantine mechanism to gain privileges by manipulating the restore process from the virus quarantine. By abusing NTFS directory junctions, the AV quarantine restore process can be manipulated, so that previously quarantined files can be written to arbitrary file system locations.
Wikileaks released source code of leaked CIA hacking tools and it indicates that the CIA used fake certificates attributed to Kaspersky Labs for signing their malware.
A security researcher has discovered factory application in OnePlus devices. It can be used to gain root privileges, dump photos, collect WiFi & GPS information.
Researchers from the Princeton university have been studying third-party trackers that record sensitive personal data that users type into websites, and the results are not good.
iPhone X's Face ID facial recognition security mechanism system was circumvented by Vietnam experts using a 3D mask.
Security researcher Maxim Goryachy reports being able to execute unsigned code on computers running the Intel Management Engine through USB.
Deep dive into the Facebook sextorcism scheme using fake young girls profiles by the guys from Marseille.
Long read about how the security breaches by the Shadow Brokers damaged the US National Security Agency.
Analysis of a low cost Chinese GSM listening and location device hidden inside the plug of a standard USB data/charging cable.
Privacy Pass is a browser extension for Chrome and Firefox, which uses privacy-preserving cryptography to allow users to authenticate to the services without compromising their anonymity. It uses blind signature schemes.
Danish conglomerate Maersk expects to lose between $200-300m due to Petya ransomware infection, according to their latest quarterly results.
A Windows Object Linking Embedding (OLE) interface vulnerability in Microsoft PowerPoint in being exploited in order to install malware.
Interesting blog about the exploitation of a Foxit Reader.
"A tale about Foxit Reader - Safe Reading mode and other vulnerabilities"
Engineer decrypts Apple's Secure Enclave Processor (SEP) firmware.
Facebook awards $100,000 to 2017 Internet Defense Prize winning paper "Detecting Credential Spearphishing Attacks in Enterprise Settings". Very useful research for urgent topic.
Cryptographic library Libsodium has been audited by Matthew Green of Cryptography Engineering.
New research on integer factorization suggests that "build a massive decryption tool of IPsec traffic protected by the Oakley group~1 (a 768-bit discrete logarithm problem), was feasible in a reasonable time using technologies available before the year 2000." https://eprint.iacr.org/2017/758
EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python.