Tag Fox-IT

InfoSec Week 5, 2019

According to a Reuters investigation, United Arab Emirates used former U.S. intelligence operatives to hack into the iPhones of activists, diplomats and foreign politicians using so-called Karma spyware.
https://www.reuters.com/investigates/special-report/usa-spying-karma/

The Russia also has it's own Wikileaks. Called Distributed Denial of Secrets, the website aims to "bring into one place dozens of different archives of hacked material that, at best, have been difficult to locate, and in some cases appear to have disappeared entirely from the web."
https://www.thedailybeast.com/this-time-its-russias-emails-getting-leaked

The Japanese government will run penetration tests against all the IoT devices in the country in preparation for the Tokyo 2020 Summer Olympics. They want to map vulnerable devices and find out how to harden infrastructure.
https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices/

Researchers analyzed 6000 router firmware images and the result is quite depressing. The home router software safety hygiene deteriorated over the past 15 years.
https://the-parallax.com/2019/01/24/wi-fi-router-security-worse-citl-shmoocon/

A Samsung Galaxy Apps Store bug allowed an attacker to inject arbitrary code through the interception of periodic update requests made by the Apps Store.
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/

Vulnerable Cisco RV320/RV325 routers are being exploited in the wild. Thousands of routers are exposed on the internet with the web-based management interface vulnerability that could allow an unauthenticated, remote attacker to retrieve sensitive configuration information.
https://securityaffairs.co/wordpress/80363/hacking/cisco-rv320-rv325-hack.html

US National Institute of Standards and Technology (NIST) announced the second-round candidates for quantum resistant public-key encryption and key-establishment algorithms.
https://groups.google.com/a/list.nist.gov/forum/#!topic/pqc-forum/bBxcfFFUsxE

The vulnerability in the Apples' FaceTime application enables caller to hear called person without accepting a call. Apple decided to turn off FaceTime conference servers before the fix is released.
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Luke Berner found out interesting method how to maintain persistence after a password change using the two-factor authentication (2FA) no mayor websites.
https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1

InfoSec Week 50, 2017

Crooks hacked Fox-IT by capturing fox-it.com DNS record, then obtained a certificated and executed a man-in-the-middle attack on connection.
https://www.fox-it.com/en/insights/blogs/blog/fox-hit-cyber-attack/

The Mandiant - FireEye company analyzed an incident at a critical infrastructure organization where an attacker deployed so called TRITON malware designed to manipulate industrial safety system. According to the analysis, "the malware was delivered as a Py2EXE compiled python script [...] containing standard Python libraries, open source libraries, as well as the attacker-developed Triconex attack framework for interacting with the Triconex controllers."
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

The anonymous researcher behind the massive internet scans of the IoT devices known for the BrickerBot case published some insights on his operation. Looks like he is a gray hat after all.
https://ghostbin.com/paste/q2vq2

Google published Android security roadmap for the next year. There will be lots of improvements, and new requirements for App developers.
https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html

Multiple vulnerabilities were identified in Telegram messenger for Android, like arbitrary file overwrite on receiving and directory traversal. There are definitely better alternatives to this software...
https://bugs.chromium.org/p/project-zero/issues/detail?id=1470

Guy uploaded his self-signed malformed certificate to the websites which process them and found out lots of them is vulnerable to the XSS injection.
https://binaryfigments.com/2017/12/11/dont-trust-all-ssl-tls-certificates/

Mavinject is a legitimate Windows component digitally signed by Microsoft, that can be abused to inject any DLL inside a running process.
https://reaqta.com/2017/12/mavinject-microsoft-injector/

Microsoft pushed comprehensive audit reports on Windows Events to GitHub.
https://github.com/MicrosoftDocs/windows-itpro-docs/tree/master/windows/device-security/auditing