Tag iOS

InfoSec Week 48, 2017

The German Interior Minister is preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations.

According to the Citizen Lab, Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware sold by Israeli firm Cyberbit.

Elcomsoft wrote an insight about the drastically degraded security of the Apples iOS 11 operating system.

Chinese drone maker D.J.I. is potentially sharing collected data with the Chinese government.

Crooks are installing cryptocurrency miners by using typosquatting npm package names. They are searching for the unregistered package names with the difference of one bit from a well known packages.

Swiftype written a good blog about their infrastructure risk assessment and threat modeling.

Nvidia published a paper about the clustering of a benign and malicious Windows executables using neural networks.

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Sysdig Inspect – a powerful interface for container troubleshooting and security investigation

InfoSec Week 44, 2017

There are at least 14 newly discovered vulnerabilities in the Linux kernel USB subsystem. The vulnerabilities were found by the Google syzkaller kernel fuzzer. According to the researchers, all of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.

Mozilla will remove root certificate of the Staat der Nederlanden (State of the Netherlands) Certificate Authority from Firefox browser if the Dutch government vote a new law that grants local authorities the power to intercept Internet communication using "false keys".

Bug hunter Scott Bauer has published an in depth analysis of the Android remotely exploitable bug in the blog post named "Please Stop Naming Vulnerabilities: Exploring 6 Previously Unknown Remote Kernel Bugs Affecting Android Phones".

Some web pages use textfield with the CSS "asterix" trick instead of the password field so they can bypass browser security warning when password field is on an unencrypted web page. Nonsense.

More than 54 thousand have the same pair of 512-bit RSA keys as their DNS Zone Signing Keys.

Good blog from the ElcomSoft about the history and current possibilities in the iOS and iCloud forensics.

The Norwegian National Communications Authority reported GPS signal jamming activity in the Finnmark region near the Russian border.

Mac and Linux versions of the Tor anonymity software contained a flaw that can leak users real IP addresses.

Software and HDL code for the PCILeech FPGA based devices that can be used for the Direct Memory Access (DMA) attack and forensics is now available on a GitHub. The FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system.

InfoSec Week 33, 2017

Danish conglomerate Maersk expects to lose between $200-300m due to Petya ransomware infection, according to their latest quarterly results.

A Windows Object Linking Embedding (OLE) interface vulnerability in Microsoft PowerPoint in being exploited in order to install malware.

Interesting blog about the exploitation of a Foxit Reader.
"A tale about Foxit Reader - Safe Reading mode and other vulnerabilities"

Engineer decrypts Apple's Secure Enclave Processor (SEP) firmware.

Facebook awards $100,000 to 2017 Internet Defense Prize winning paper "Detecting Credential Spearphishing Attacks in Enterprise Settings". Very useful research for urgent topic.
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ho https://research.fb.com/facebook-awards-100000-to-2017-internet-defense-prize-winners/

Cryptographic library Libsodium has been audited by Matthew Green of Cryptography Engineering.

New research on integer factorization suggests that "build a massive decryption tool of IPsec traffic protected by the Oakley group~1 (a 768-bit discrete logarithm problem), was feasible in a reasonable time using technologies available before the year 2000." https://eprint.iacr.org/2017/758

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python.