Tag incident response

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
https://www.thelocal.de/20190108/suspect-20-arrested-over-massive-german-politician-data-hack

Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
https://lwn.net/Articles/776404/

Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook
https://news.ycombinator.com/item?id=18864354

Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
https://cyber.gov.au/individual/news/whatsapp-gold-hoax/

After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
https://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-hunters

Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
https://www.nytimes.com/2019/01/08/nyregion/el-chapo-trial.html
https://twitter.com/alanfeuer/status/1083033189956964353

Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
https://www.mci.gov.sg/~/media/mcicorp/doc/report%20of%20the%20coi%20into%20the%20cyber%20attack%20on%20singhealth%2010%20jan%202019.pdf?la=en

Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620

If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
https://twitter.com/marcan42/status/1080869868889501696

Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
https://twitter.com/Zerodium/status/1082259805224333312

Security engineer Chris Palmer published blog about the state of software security in 2019.
https://noncombatant.org/2019/01/06/state-of-security-2019/

The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
https://github.com/nationalsecurityagency

Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
https://arxiv.org/abs/1901.01161

Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
https://arxiv.org/abs/1810.11888

InfoSec Week 20, 2018

Major (probably not only) US cell carriers are selling access to the real-time phone location data.
Because, you know the Electronic Communications Privacy Act only restricts telecommunication companies from disclosing data to the government, it doesn't restrict disclosure to other companies. Which can resell back to the gov. Hacker News discussion on a topic is quite informative.
https://www.zdnet.com/article/us-cell-carriers-selling-access-to-real-time-location-data/
https://news.ycombinator.com/item?id=17081684

Guardian wrote that according to the Oracle findings, Android devices send detailed information on searches, what is being viewed and also precise locations to the Google. Even if location services are turned off and the smartphone does not have a Sim card or application installed.
https://www.theguardian.com/technology/2018/may/14/australian-regulator-investigates-google-data-harvesting-from-android-phones

A new report details a widespread campaign targeting several Turkish activists and protesters by their government, using the government malware made by FinFisher.
https://motherboard.vice.com/en_us/article/wjb8g5/finfisher-turkey-twitter-spyware

A new set of vulnerabilities affecting users of PGP and S/MIME were published. The main problem lies in how email clients handle the output of the encryption tool, the protocol itself is not vulnerable, GnuPG should be fine.
https://efail.de/
https://www.benthamsgaze.org/2018/05/15/tampering-with-openpgp-digitally-signed-messages-by-exploiting-multi-part-messages/
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html

Cryptocurrency mining malware was found in the Ubuntu Snap Store.
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store

Essential reading on how spies are able to shape narrative of a journalistic pieces by document leaking.
https://www.nytimes.com/2018/05/12/sunday-review/when-spies-hack-journalism.html

The US media has learned the identity of the prime suspect in the Vault7 WikiLeaks CIA breach. Should be a 29-year-old former C.I.A. software engineer, government malware writer.
https://www.nytimes.com/2018/05/15/us/cia-hacking-tools-leak.html

Great blog post about math behind and existing implementations of the homomorphic encryption.
https://blog.n1analytics.com/homomorphic-encryption-illustrated-primer/

There is an article about the common encryption workarounds in the criminal investigations written by Orin S. Kerr and Bruce Schneier.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033

Sunder is a new desktop application for dividing access to secret information between multiple participants using Shamir's secret sharing method.
https://freedom.press/news/meet-sunder-new-way-share-secrets/

DARKSURGEON is a Windows packer project to empower incident response, malware analysis, and network defense.
https://medium.com/@cryps1s/darksurgeon-a-windows-10-packer-project-for-defenders-1a57759856b6

InfoSec Week 1, 2017

Koolova ransomware or better "awarenessware" decrypts files if victims read 2 articles about ransomware. No money involved.
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/

An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a Bitcoin ransom to return the data.
https://www.bleepingcomputer.com/news/security/mongodb-databases-held-for-ransom-by-mysterious-attacker/
http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/

Company PagerDuty open sourced their Incident Response Documentation. "The PagerDuty Incident Response Documentation is a collection of best practices detailing how to efficiently deal with any major incidents that might arise, along with information on how to go on-call effectively." Very useful material. I have included link to the hacker news, because interesting discussion appeared there.
https://www.pagerduty.com/blog/incident-response-documentation/ https://github.com/PagerDuty/incident-response-docs https://news.ycombinator.com/item?id=13309761

ThreatConnect researcher Robert Simmons published paper "Open Source Malware Lab". It examines usage of the open source tools like Cuckoo Sandbox, Thug, Bro Network Security Monitor and Volatility Framework when analyzing malware samples.
https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab

New malware visual analysis platform KAMAS is published as a research paper on the Arxiv.org. "KAMAS, a knowledge-assisted visualization system for behavior-based malware analysis. KAMAS supports malware analysts with visual analytics and knowledge externalization methods for the analysis process."
https://arxiv.org/pdf/1612.06232.pdf