Tag HIBP

InfoSec Week 3, 2019

35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, "Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output."
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Multiple U.S. government websites SSL certificates have expired and some sites are inaccessible due to properly used HTTP Strict Transport Security.
There's nobody there to renew them due to a government shutdown.
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html

Researchers found a new kind of Windows malware using encrypted messaging app Telegram to receive "encrypted" instructions. Nothing innovative with the malware sample, but what is really interesting is, that telegram messages are coupled with unique IDs and malware analysts from the Forcepoint Labs were able to retroactively scrape all the messages issued by the malware operator.
Not sure what kind of channel was used by the bot, but it looks really suspicious to be able to scrape old messages.
https://techcrunch.com/2019/01/17/decrypted-telegram-bot-windows-malware

The researchers at the CanSecWest Vancouver conference will be able to participate in the annual Pwn2Own challenge. This year also in car hacking as Tesla Model 3 will be available.
https://www.zerodayinitiative.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more

One of last surviving Navajo code talkers, Alfred Newman, has passed away at 94. Newman, with many others, developed during World War II an unbreakable code for military transmissions using the unwritten Navajo language.
https://eu.azcentral.com/story/news/local/arizona/2019/01/14/alfred-k-newman-among-last-navajo-code-talkers-has-died/2570535002/

Security researcher Troy Hunt updated his service Have I Been Pwn with 772,904,991 new email addresses and lots of passwords after finding 87GB of leaked passwords and email addresses by the MEGA cloud storage provider.
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

There was a massive data breach at the Oklahoma Securities Commission with millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials leaked.
https://www.newsweek.com/oklahoma-data-breach-may-expose-years-fbi-investigations-report-1293862

Hackers broke into an SEC database and made millions from inside info.
https://www.cnbc.com/2019/01/15/international-stock-trading-scheme-hacked-into-sec-database-justice-dept-says.html

Malicious former employee installed Raspberry Pi in the company network closet, but the Reddit crowd helped with the investigation.
https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html

Great blog post about the factors in authentication. The more factors to be used, the bigger headache from the enrollment procedures.
https://apenwarr.ca/log/20190114

Noise Protocol Framework Explorer created by Nadim Kobeissi now supports generating secure implementations in Go for any arbitrary Noise Handshake Pattern.
https://twitter.com/i/web/status/1085629955202011136

CERT Poland (CERT Polska) opens access to its malware database (MWDB).
https://www.cert.pl/en/news/single/mwdb-our-way-to-share-information-about-malicious-software/

InfoSec Week 26, 2018

A reverse shell connection is possible from an OpenVPN configuration file. So be cautious and treat ovpn files like shell scripts.
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Mozilla integrates Troy Hunts' Have I Been Pwned (HIBP) database of breached passwords into Firefox. They will make breach data searchable via a new tool called Firefox Monitor.
https://www.troyhunt.com/were-baking-have-i-been-pwned-into-firefox-and-1password/

The suspected ringleader behind the well known Carbanak malware is under arrest, but of course, his malware attacks live on.
https://www.bloomberg.com/news/features/2018-06-25/the-biggest-digital-heist-in-history-isn-t-over-yet

It is possible to attack resources in the private network from the Internet with DNS rebinding attack.
"Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more."
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

Wi-Fi Alliance Introduces Wi-Fi Certified WPA3 Security. Again with a questionable cryptography, but we will see. That's how industrial alliances with expensive membership works.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security

IETF published draft of Issues and requirements for Server Name Indication (SNI) encryption in TLS.
The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.
https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-03

The unpatched WordPress vulnerability allows code execution for authors. Exploiting the vulnerability grants an attacker the capability to delete any file of the WordPress installation or any other file the PHP process user has the proper permissions to delete.
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Researchers identified three attack vectors against LTE (Long-Term Evolution, basically 4G) on layer 2 - an active attack to redirect network packets, a passive identity mapping attack, and website fingerprinting based on resource allocation.
https://alter-attack.net/

Cisco Talos team releases ThanatosDecryptor, the program that attempts to decrypt certain files encrypted by the Thanatos malware.
https://github.com/Cisco-Talos/ThanatosDecryptor

DEDA is a tool that gives the possibility to read out and decode color tracking dots which encode information about the printer. It also allows anonymisation to prevent arbitrary tracking.
https://github.com/dfd-tud/deda