Tag iOS

InfoSec Week 6, 2018

A buffer overflow vulnerability in older Starcraft version enabled modders to create new maps, so Blizzard tasked reverse engineer to safely emulate the bug in the newer, fixed version.
The author says it all: "This is a tale about what dedication to backward compatibility implies."
https://plus.google.com/+MartinSeeger/posts/HYmY8gPCYJT

A bug in the Grammarly chrome extension (approx ~22M users) exposes user authentication token to all websites, so everybody collecting user data can access their cloud data at grammarly.com.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527&desc=2

With the release of Google Chrome 68, Chrome will mark all HTTP sites as a “not secure” in the status bar.
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Article about the Australian startup Azimuth Security which sells hacking software to the "Five Eyes" police and intelligence agencies.
Rumors are that they are able to remotely hack Android devices and iPhones.
https://motherboard.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security

SEC Consult researchers found multiple vulnerabilities in their smart sex toys security review. Customer database, clear passwords, vulnerable remote controllers...
http://seclists.org/fulldisclosure/2018/Feb/0

Metasploit integrated EternalRomance, EternalSynergy, and EternalChampion Windows (MS17-010) vulnerabilities leaked from the NSA by Shadow Brokers.
https://blog.rapid7.com/2018/02/02/metasploit-wrapup-26/

Someone leaked the source code of Apples' iBoot iOS trusted boot program on GitHub. It is a critical part of iOS system. Meanwhile, Apple filed a copyright takedown request with GitHub.
https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Hackers infected water utility SCADA systems in Europe with the cryptocurrency mining software.
http://www.eweek.com/security/water-utility-in-europe-hit-by-cryptocurrency-malware-mining-attack

Security researchers discovered vulnerabilities in an automated gas management system that allowed them to hijack credit card payments, steal card numbers and more.
https://www.scmagazine.com/gas-pump-vulnerabilities-in-widespread-software-grant-low-prices-and-credit-card-data/article/741764/

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was the victim of an APT attack.
https://github.com/NextronSystems/APTSimulator

InfoSec Week 48, 2017

The German Interior Minister is preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations.
https://www.bleepingcomputer.com/news/government/germany-preparing-law-for-backdoors-in-any-type-of-modern-device/

According to the Citizen Lab, Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware sold by Israeli firm Cyberbit.
https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/

Elcomsoft wrote an insight about the drastically degraded security of the Apples iOS 11 operating system.
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/

Chinese drone maker D.J.I. is potentially sharing collected data with the Chinese government.
https://mobile.nytimes.com/2017/11/29/technology/dji-china-data-drones.html

Crooks are installing cryptocurrency miners by using typosquatting npm package names. They are searching for the unregistered package names with the difference of one bit from a well known packages.
https://medium.com/avahowell/bitsquatting-npm-packages-533c988d568f

Swiftype written a good blog about their infrastructure risk assessment and threat modeling.
https://swiftype.engineering/threat-modelling-and-infrastructure-risk-assessment-at-swiftype-6c1b337c7df1

Nvidia published a paper about the clustering of a benign and malicious Windows executables using neural networks.
https://devblogs.nvidia.com/parallelforall/malware-detection-neural-networks/

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.
https://github.com/eth0izzle/bucket-stream

Sysdig Inspect – a powerful interface for container troubleshooting and security investigation
https://github.com/draios/sysdig-inspect/

InfoSec Week 44, 2017

There are at least 14 newly discovered vulnerabilities in the Linux kernel USB subsystem. The vulnerabilities were found by the Google syzkaller kernel fuzzer. According to the researchers, all of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.
http://www.openwall.com/lists/oss-security/2017/11/06/8

Mozilla will remove root certificate of the Staat der Nederlanden (State of the Netherlands) Certificate Authority from Firefox browser if the Dutch government vote a new law that grants local authorities the power to intercept Internet communication using "false keys".
https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrust-dutch-https-provider-because-of-local-dystopian-law/

Bug hunter Scott Bauer has published an in depth analysis of the Android remotely exploitable bug in the blog post named "Please Stop Naming Vulnerabilities: Exploring 6 Previously Unknown Remote Kernel Bugs Affecting Android Phones".
https://pleasestopnamingvulnerabilities.com/

Some web pages use textfield with the CSS "asterix" trick instead of the password field so they can bypass browser security warning when password field is on an unencrypted web page. Nonsense.
https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/

More than 54 thousand have the same pair of 512-bit RSA keys as their DNS Zone Signing Keys.
https://lists.dns-oarc.net/pipermail/dns-operations/2017-October/016878.html

Good blog from the ElcomSoft about the history and current possibilities in the iOS and iCloud forensics.
https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

The Norwegian National Communications Authority reported GPS signal jamming activity in the Finnmark region near the Russian border.
https://twitter.com/aallan/status/926553232591159296/photo/1
https://rntfnd.org/wp-content/uploads/Norway-Comms-Auth-Report-GPS-Jamming-Sept-2017.pdf

Mac and Linux versions of the Tor anonymity software contained a flaw that can leak users real IP addresses.
https://blog.torproject.org/tor-browser-709-released

Software and HDL code for the PCILeech FPGA based devices that can be used for the Direct Memory Access (DMA) attack and forensics is now available on a GitHub. The FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system.
https://github.com/ufrisk/pcileech-fpga

InfoSec Week 33, 2017

Danish conglomerate Maersk expects to lose between $200-300m due to Petya ransomware infection, according to their latest quarterly results.
http://files.shareholder.com/downloads/ABEA-3GG91Y/3491525620x0x954059/3E9E6E5C-7732-4401-8AFE-F37F7104E2F7/Maersk_Interim_Report_Q2_2017.pdf

A Windows Object Linking Embedding (OLE) interface vulnerability in Microsoft PowerPoint in being exploited in order to install malware.
https://www.neowin.net/news/microsoft-powerpoint-used-as-attack-vector-to-download-malware

Interesting blog about the exploitation of a Foxit Reader.
"A tale about Foxit Reader - Safe Reading mode and other vulnerabilities"
https://insert-script.blogspot.sk/2017/08/a-tale-about-foxit-reader-safe-reading.html

Engineer decrypts Apple's Secure Enclave Processor (SEP) firmware.
http://www.iclarified.com/62025/hacker-decrypts-apples-secure-enclave-processor-sep-firmware

Facebook awards $100,000 to 2017 Internet Defense Prize winning paper "Detecting Credential Spearphishing Attacks in Enterprise Settings". Very useful research for urgent topic.
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ho https://research.fb.com/facebook-awards-100000-to-2017-internet-defense-prize-winners/

Cryptographic library Libsodium has been audited by Matthew Green of Cryptography Engineering.
https://www.privateinternetaccess.com/blog/2017/08/libsodium-audit-results/

New research on integer factorization suggests that "build a massive decryption tool of IPsec traffic protected by the Oakley group~1 (a 768-bit discrete logarithm problem), was feasible in a reasonable time using technologies available before the year 2000." https://eprint.iacr.org/2017/758

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python.
https://github.com/neoneggplant/EggShell