Tag Five Eyes

InfoSec Week 36, 2018

USB media shipped with the Schneider Electric Conext ComBox and Conext Battery Monitor solar products were infected with malware.
https://www.schneider-electric.com/en/download/document/SESN-2018-236-01/

Two days after the proof-of-concept exploit for the Windows Task Scheduler vulnerability appeared online, malware developers have started using it.
https://www.bleepingcomputer.com/news/security/windows-task-scheduler-zero-day-exploited-by-malware/

Five Eyes, an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States, officially warns the tech world that they should build interception capabilities voluntarily or governments will legislate.
https://www.computerworld.com.au/article/646059/five-eyes-tech-industry-make-access-online-communications-possible-else/

Security researchers from the Kaitiaki Labs presented exploitation techniques against the automation in the LTE mobile networks.
https://gsec.hitb.org/materials/sg2018/D1%20-%20Exploiting%20Automation%20in%20LTE%20Mobile%20Networks%20-%20Altaf%20Shaik%20&%20Ravishankar%20Borgaonkar.pdf

.NET Framework remote code injection vulnerability (CVE-2018-8284) enables low privileged SharePoint users to execute commands on the server.
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint/

A good blog post by a bug hunter Steven Seeley - Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows (CVE-2018-15514).
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

Thousands of MikroTik routers are forwarding owners’ traffic to unknown attackers.
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/

A great insight into the world of WW2 women code breakers who unmasked the Soviet spies.
https://www.smithsonianmag.com/history/women-code-breakers-unmasked-soviet-spies-180970034/

ProtonMail released a major new version (4.0) of OpenPGPjs which introduces streaming cryptography.
https://protonmail.com/blog/openpgpjs-4-streaming-encryption/

Bruce Schneier announced the publication of the latest book with the name "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World".
https://www.schneier.com/blog/archives/2018/09/new_book_announ.html

There is a new collection of botnet source codes on GitHub.
https://github.com/maestron/botnets

InfoSec Week 6, 2018

A buffer overflow vulnerability in older Starcraft version enabled modders to create new maps, so Blizzard tasked reverse engineer to safely emulate the bug in the newer, fixed version.
The author says it all: "This is a tale about what dedication to backward compatibility implies."
https://plus.google.com/+MartinSeeger/posts/HYmY8gPCYJT

A bug in the Grammarly chrome extension (approx ~22M users) exposes user authentication token to all websites, so everybody collecting user data can access their cloud data at grammarly.com.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527&desc=2

With the release of Google Chrome 68, Chrome will mark all HTTP sites as a “not secure” in the status bar.
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Article about the Australian startup Azimuth Security which sells hacking software to the "Five Eyes" police and intelligence agencies.
Rumors are that they are able to remotely hack Android devices and iPhones.
https://motherboard.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security

SEC Consult researchers found multiple vulnerabilities in their smart sex toys security review. Customer database, clear passwords, vulnerable remote controllers...
http://seclists.org/fulldisclosure/2018/Feb/0

Metasploit integrated EternalRomance, EternalSynergy, and EternalChampion Windows (MS17-010) vulnerabilities leaked from the NSA by Shadow Brokers.
https://blog.rapid7.com/2018/02/02/metasploit-wrapup-26/

Someone leaked the source code of Apples' iBoot iOS trusted boot program on GitHub. It is a critical part of iOS system. Meanwhile, Apple filed a copyright takedown request with GitHub.
https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Hackers infected water utility SCADA systems in Europe with the cryptocurrency mining software.
http://www.eweek.com/security/water-utility-in-europe-hit-by-cryptocurrency-malware-mining-attack

Security researchers discovered vulnerabilities in an automated gas management system that allowed them to hijack credit card payments, steal card numbers and more.
https://www.scmagazine.com/gas-pump-vulnerabilities-in-widespread-software-grant-low-prices-and-credit-card-data/article/741764/

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was the victim of an APT attack.
https://github.com/NextronSystems/APTSimulator