Tag malware

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
https://www.thelocal.de/20190108/suspect-20-arrested-over-massive-german-politician-data-hack

Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
https://lwn.net/Articles/776404/

Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook
https://news.ycombinator.com/item?id=18864354

Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
https://cyber.gov.au/individual/news/whatsapp-gold-hoax/

After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
https://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-hunters

Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
https://www.nytimes.com/2019/01/08/nyregion/el-chapo-trial.html
https://twitter.com/alanfeuer/status/1083033189956964353

Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
https://www.mci.gov.sg/~/media/mcicorp/doc/report%20of%20the%20coi%20into%20the%20cyber%20attack%20on%20singhealth%2010%20jan%202019.pdf?la=en

Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620

If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
https://twitter.com/marcan42/status/1080869868889501696

Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
https://twitter.com/Zerodium/status/1082259805224333312

Security engineer Chris Palmer published blog about the state of software security in 2019.
https://noncombatant.org/2019/01/06/state-of-security-2019/

The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
https://github.com/nationalsecurityagency

Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
https://arxiv.org/abs/1901.01161

Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
https://arxiv.org/abs/1810.11888

InfoSec Week 1, 2019

Let's Encrypt recapitulated the last year in the operation of their ACME based certification authority, and summarized the challenges that they will work on in 2019.
They intend to deploy multi-perspective validation, checking multiple distinct Autonomous Systems for domain validation, preventing potential BGP hijacks. They also plan to run own Certificate Transparency (CT) log.
https://letsencrypt.org/2018/12/31/looking-forward-to-2019.html

According to the consultant Nathan Ziehnert, "CenturyLink 50 hour outage at 15 datacenters across the US — impacting cloud, DSL, and 911 services was caused by a single network card sending bad packets."
https://twitter.com/GossiTheDog/status/1079144491238469638

Great blog by Artem Dinaburg, where he is resurrecting 30 years old fuzzing techniques from the famous research papers to run them on on the current Linux distro. Successfully.
https://blog.trailofbits.com/2018/12/31/fuzzing-like-its-1989/

An article by Wired about the fake murder for hire services on dark web and a freelance security researcher that took them down. As it turned out, some clients killed their targets themselves.
https://www.wired.co.uk/article/kill-list-dark-web-hitmen

Multiple newspaper publishers in the US were hit by a ransomware attack, delaying their operations.
https://www.latimes.com/business/technology/la-fi-tn-ryuk-hack-20190101-story.html

The European Union starts running bug bounties on Free and Open Source Software.
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

Foxit Readers' proof of concept exploit for the Use-After-Free vulnerability (CVE-2018-14442) was published on Github.
https://github.com/payatu/CVE-2018-14442

Attacker launched multiple servers that return an error message to the connected Electrum clients, which then turn them into a fake update prompt linking to a malware.
https://github.com/spesmilo/electrum/issues/4968

Adam Langley published blog about the zero-knowledge attestation when using FIDO based authentication. It could prevent a single-vendor policy some sites started to require.
https://www.imperialviolet.org/2019/01/01/zkattestation.html

Interesting blog post by Wouter Castryck on "CSIDH: post-quantum key exchange using isogeny-based group actions".
https://www.esat.kuleuven.be/cosic/csidh-post-quantum-key-exchange-using-isogeny-based-group-actions/

The security researcher Bruno Keith published a a proof of concept for a remote code execution vulnerability in Microsoft Edge browser (CVE-2018-8629).
https://securityaffairs.co/wordpress/79264/hacking/microsoft-edge-poc-exploit.html

If you are interested in older car hacking/tuning, check this article about overcoming the speed limitation on an old Japanese Subaru Impreza STi.
https://p1kachu.pluggi.fr/project/automotive/2018/12/28/subaru-ssm1/

Jonathan “smuggler” Logan published study on the future of black markets and cryptoanarchy named "Dropgangs, or the future of darknet markets".
https://opaque.link/post/dropgang/

InfoSec Week 52, 2018

The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.
https://beta.scmp.com/news/world/united-states-canada/article/2179192/chinese-battery-expert-hongjin-tan-charged-stealing

The New York Times published an article about the insecurity of the mobile networks' Signaling System 7 (SS7) and the unwillingness to address mobile network vulnerabilities in general.
https://www.nytimes.com/2018/12/26/opinion/cellphones-security-spying.html

Iraq government took down unlicensed towers used for illegal internet bandwidth smuggling operation in the disputed province of Kirkuk.
http://www.kurdistan24.net/en/news/09d4b5aa-6638-42fe-bbb1-b2ef48b4401b

Indias' Ministry of Home Affairs has issued a notification authorizing 10 agencies to tap, intercept and decrypt all personal data on computers and networks.
https://twitter.com/i/web/status/1075954903279943681

Yet another article from NY Times, this time on how Facebook uses 7500 moderators around the world to keep content "normal".
https://www.nytimes.com/2018/12/27/world/facebook-moderators.html

Hackers are infecting Linux servers with JungleSec ransomware using IPMI remote console, manually running encryption program, then asking for ransom.
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/

The beta version of the WireGuard next gen VPN for iOS was released into the App Store.
https://lists.zx2c4.com/pipermail/wireguard/2018-December/003694.html

Someone from the France uploaded a new sample of Shamoon wiper malware to VirusTotal. The sample is signed with Baidu digital certificate expired back in 2016.
https://securityaffairs.co/wordpress/79248/malware/shamoon-3-france.html

The Wired magazine published a list of articles they have published on a security topic in 2018. Some of them are really good.
https://www.wired.com/gallery/the-most-read-security-stories-of-2018/

Amazon sends 1700 Alexa voice recordings to a random person.
https://threatpost.com/amazon-1700-alexa-voice-recordings/140201/

InfoSec Week 51, 2018

Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly.
They are using it to detect code statically-linked vulnerable library functions in executables.
https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html

London's police is testing facial recognition technology in central London this week. Feel free to get your face scanned and processed for the bright future.
https://arstechnica.com/tech-policy/2018/12/londons-police-will-be-testing-facial-recognition-in-public-for-2-days/

Facebook gave Spotify and Netflix access to a users' private messages. Also shared user information with Microsoft, Amazon, Yahoo without explicit consent.
https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html

Researchers published results of an investigation into Russian election interference on behalf of the US Senate Intelligence Committee. They have analyzed data sets from Facebook, Twitter, Google.
https://www.newknowledge.com/disinforeport

Adam Langley wrote about their further Google Chrome TLS experiments with the post-quantum lattice based cryptography.
https://www.imperialviolet.org/2018/12/12/cecpq2.html

Matthew Green wrote his thoughts on GCHQ’s latest proposal for surveilling encrypted messaging and phone calls.
https://blog.cryptographyengineering.com/2018/12/17/on-ghost-users-and-messaging-backdoors/

Tencent Blade Team discovered a remote code execution vulnerability in SQLite. It was already fixed in Chromium.
https://blade.tencent.com/magellan/index_en.html

Good story about the investigation of the Chinese industrial espionage.
https://www.bbc.co.uk/news/resources/idt-sh/Looking_for_Chinas_spies

University of California, Berkeley researchers are building open-source secure enclave using RISC-V.
https://hackaday.com/2018/12/13/risc-v-will-stop-hackers-dead-from-getting-into-your-computer/

Well-known cypherpunk movement founder Timothy May passed away.
https://reason.com/blog/2018/12/16/tim-may-influential-writer-on-crypto-ana

Microsoft introduced Windows Sandbox for applications.
https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849

Interesting paper on systematic parsing of X.509 certificates with strong termination guarantees: "Systematic Parsing of X.509: Eradicating Security Issues with a Parse Tree".
https://arxiv.org/abs/1812.04959

A Dive into Cypherlock, a tool that could prevent forced decryption.
https://medium.com/chainrift-research/farewell-forced-decryption-a-dive-into-cypherlock-e515223a7123

Instant, re-usable, generic MD5 collisions over different file formats. https://github.com/corkami/pocs/blob/master/collisions/README.md

InfoSec Week 50, 2018

According to the New York Times sources, Marriott customers' data were breached by Chinese hackers.
Attribution is hard, especially when investigating government related hacks. We have to wait for more information.
https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html

A Google+ API software update introduced in November had caused the Google+ API to broadcast user profiles to third-party developers, exposing the personal information of more than 52 million users.
https://www.blog.google/technology/safety-security/expediting-changes-google-plus/

Excellent journalistic piece about the location data industry. It's impossible to anonymize this kind of datasets. Really recommended!
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

Check Point researchers found 53 critical bugs in Adobe Reader and Adobe Pro by using WinAFL fuzzer.
https://research.checkpoint.com/50-adobe-cves-in-50-days/

The Cisco Talos team wrote about the various practical side-channel attack scenarios against the encrypted messaging apps like WhatsApp, Telegram, and Signal.
https://blog.talosintelligence.com/2018/12/secureim.html

Study finds 5 out of 17 tested certification authorities are vulnerable to spoofing domain validation by using the IP fragmentation attack.
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

A team behind the open source automation tool Jenkins published a patch for a critical vulnerability that could allow permission checks to be bypassed through the use of specially-crafted URLs.
https://jenkins.io/security/advisory/2018-12-05/

Microsoft took the first step in advocacy for the regulation of a facial recognition technology.
https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/

A recent variant of a Shamoon malware wiped around ten percent PCs of the Italian oil and gas company Saipem.
https://www.zdnet.com/article/shamoon-malware-destroys-data-at-italian-oil-and-gas-company/

Russian State Duma is going to prohibit Russian servicemen from publishing personal information online.
https://informnapalm.org/en/seared-by-napalm-russian-state-duma-advances-legislation-banning-russian-servicemen-from-publishing-personal-information-online/

Researcher Natalie Silvanovich from the Google Project Zero fuzzed WhatsApp application and (surprisingly) didn't find exploitable bugs, just a heap corruption.
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html

Australian guys, there is a GitHub repository where you can ask legal questions about the terrible Assistance and Access Bill. The questions are answered by lawyers.
https://github.com/alfiedotwtf/AABillFAQ

InfoSec Week 49, 2018

Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview). The new WebAuthentication as implemented supports USB-based CTAP2 devices.
https://webkit.org/blog/8517/release-notes-for-safari-technology-preview-71/

Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
https://gravitational.com/blog/kubernetes-websocket-upgrade-security-vulnerability/
https://github.com/evict/poc_CVE-2018-1002105

British Telecom will not use Huawei's 5G kit within the core of the network due to security concerns.
https://www.bbc.com/news/technology-46453425

Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
https://mobile.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944

US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
https://nsarchive.gwu.edu/briefing-book/cyber-vault/2018-12-04/cyber-brief-cryptolog

Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger's attack.
The research with a name "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations" also includes a TLS 1.3 downgrade attack.
http://cat.eyalro.net/

Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an "encryption". Author was probably identified because he registered domain to his own name.
https://movaxbx.ru/2018/12/05/ransomware-infects-100k-pcs-in-china-demands-wechat-payment/

It looks like 13 years old Virut botnet is resurrected in the wild.
https://chrisdietri.ch/post/virut-resurrects/

Great blog on how guy scammed the scammer to send him photo of his ID.
https://medium.com/@hackerfantastic/scamming-the-scammers-2fb934099ccc

Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
https://motherboard.vice.com/en_us/article/59vwez/nearly-250-pages-of-devastating-internal-facebook-documents-posted-online-by-uk-parliament

A User Data of the question-and-answer website Quora were compromised.
https://help.quora.com/hc/en-us/articles/360020212652

The records of 500 million customers of the Marriott International hotel group were compromised.
https://www.bbc.com/news/technology-46401890

Interesting revisited paper: "From Keys to Databases -- Real-World Applications of Secure Multi-Party Computation."
https://eprint.iacr.org/2018/450

GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.
https://github.com/mthbernardes/GTRS

InfoSec Week 48, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store.
They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication.
https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/

German chat platform Knuddels.de (Cuddles) has been fined 20k€ for storing user passwords in plain text.
What is interesting is that the regional GDPR data watchdog wanted to avoid bankrupting the company. "The overall financial burden on the company was taken into account in addition to other circumstances".
https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/

Crooks are using new attack vector to spread malware, they are requesting maintainer access to a widely-used open source projects on github, then pushing compromised version to millions of people.
https://github.com/dominictarr/event-stream/issues/116

Two international cybercriminal Rings dismantled and eight defendants indicted for causing tens of millions of dollars in losses in the digital advertising fraud.
They have produced Boaxxe/Miuref & Kovter malware.
https://www.us-cert.gov/ncas/alerts/TA18-331A

Cisco Talos has discovered DNSpionage malware targeting governments and companies in the Middle East using phishing attack.
https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html

The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin ransomware scheme SamSam.
They have basically put Bitcoin addresses on the Office of Foreign Assets Control’s (OFAC) sanctions list.
https://home.treasury.gov/news/press-releases/sm556

Scammers are changing the contact details for banks on Google Maps.
http://blog.abhijittomar.com/2018/10/19/google-business-claim-scam/

Almost all VPN browser extensions are in fact just a proxy and are vulnerable to a different level of IP leaks and DNS leaks.
https://blog.innerht.ml/vpn-extensions-are-not-for-privacy/

Google, Mozilla are working on letting web apps edit local user files despite warning it could be really dangerous.
https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/

The German Federal Office for Information Security, BSI, publishes Microsoft Windows 10 telemetry analysis.
https://www.ghacks.net/2018/11/23/german-federal-office-bsi-publishes-telemetry-analysis/

BlackBerry purchased Cylance, the machine-learning based anti-malware company for $1.4 billion dollars.
They plans to integrate Cylance's anti-malware solution into the BlackBerry Spark platform.
https://www.csoonline.com/article/3321746/security/blackberrys-acquisition-of-cylance-raises-eyebrows-in-the-security-community.html

The Sequoia team introduced the first release of a new Rust implementation of the OpenPGP licensed under GPL 3.0.
https://sequoia-pgp.org/blog/2018/11/26/initial-release/

InfoSec Week 47, 2018

The German government-issued identity card (nPA) SDK had a critical security vulnerability allowing an attacker to impersonate arbitrary users against affected web applications.
https://seclists.org/fulldisclosure/2018/Nov/56

One of the largest dark Web hosting service providers was hacked using the PHP vulnerability we wrote a week ago and taken offline by deleting the whole database.
More than 6500 Dark Web services were hosted there which means that literally one third of the publicly facing dark web is gone.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

For 30 months, internet traffic going to Australian Defense websites flowed through the China Telecom's data centers due to BGP hijacking.
"How the strange routing occurred is known. But the reasons why it persisted for so long aren't, and many involved in the situation aren't eager to directly comment."
https://www.databreachtoday.com/did-china-spy-on-australian-defense-websites-a-11714

The Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine detected a new malware Pterodo Windows backdoor that was targeting computers at Ukrainian government agencies.
https://hackercombat.com/new-pterodo-backdoor-malware-detected-by-ukraine/

The US government is persuading wireless and internet providers in allied countries to avoid telecommunications equipment from Chinese company Huawei.
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12165136

Mozilla published a blog post about their concern regarding the EU Terrorist Content Regulation.
https://blog.mozilla.org/netpolicy/2018/11/21/the-eu-terrorist-content-regulation-a-threat-to-the-ecosystem-and-our-users-rights/

TinkerSec security researchers published on a Twitter a great story about his insider penetration testing assignment. Really good read, he got busted.
https://threader.app/thread/1063423110513418240

The VUSec security group published ECCploit paper and an article demonstrating Rowhammer bitflip exploits on the Error-correcting Code (ECC) enabled systems.
https://www.vusec.net/projects/eccploit/

The Crypto.cat author, security researcher Nadim Kobeissi published ProtonMail encryption paper, "An Analysis of the ProtonMail Cryptographic Architecture".
https://eprint.iacr.org/2018/1121

MiSafes' Kids Watcher child-tracking smartwatches can be compromised, children can be tracked.
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/

Zydis is the ultimate, open-source X86 & X86-64 decoder/disassembler library.
https://github.com/zyantific/zydis

InfoSec Week 46, 2018

Researchers at the University of California have found that GPUs are vulnerable to side-channel attacks and demonstrated multiple types of attacks. After reverse engineering Nvidia GPU, researchers were able to steal rendered password box from a browser, sniffed other browser related data and also settings from the neural network computations on a GPU in the data center.
https://www.networkworld.com/article/3321036/data-center/gpus-are-vulnerable-to-side-channel-attacks.html

Cybersecurity firm Trend Micro has analyzed a new cryptocurrency mining malware that targets Linux OS and is able to hide its processes by implementing a rootkit component.
The rootkit will replace and hooks the readdir and readdir64 application programming interfaces (APIs) of the libc library so the system is unable to monitor miner workers anymore.
https://www.trendmicro.com/vinfo/ph/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth

An Australian hacker has spent thousands of hours hacking the DRM that medical device manufacturers put on a continuous positive airway pressure (CPAP) machines to create a free tool that lets patients modify their treatment.
https://motherboard.vice.com/en_us/article/xwjd4w/im-possibly-alive-because-it-exists-why-sleep-apnea-patients-rely-on-a-cpap-machine-hacker

In 2016, Russia's Internet Research Agency used browser plugin malware called FaceMusic which "liked" Russian content and made their content popular on a social networks.
Now a Russian national living in Bulgaria has been detained on an US arrest warrant and is accused of online fraud & maintaining a computer network with servers in Dallas between Sep 2014 - Dec 2016.
https://edition.cnn.com/2018/11/10/world/russian-hacker-wanted-by-the-united-states-arrested-in-bulgaria/index.html

The European Commission has just announced trials in Hungary, Greece and Latvia of iBorderCtrl project that includes the use of an AI-based lie detection system to spot when visitors to the EU give false information about themselves and their reasons for entering the area.
https://www.privateinternetaccess.com/blog/2018/11/ai-based-lie-detection-system-at-eu-borders-will-screen-travellers-for-biomarkers-of-deceit

Troy Hunt analyzed 2FA, U2F authentication mechanisms and commented on the Google Advanced Protection enrollment procedure.
https://www.troyhunt.com/beyond-passwords-2fa-u2f-and-google-advanced-protection/

Bitwarden open source password manager has completed a thorough security audit and cryptographic analysis from the security experts at Cure53.
https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33

According to a Censys online platform, over a million AT&T devices, probably cable modems share the same TLS private key.
https://twitter.com/nikitab/status/1062161234173288449

Researchers from Mozilla published blog on how they have designed privacy-aware Firefox Sync.
https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

Two weeks ago we wrote about an attack against the OCB2 authenticated encryption scheme. It breaks integrity of OCB2.
Now there are two more papers, one breaks confidentiality and the other recovers plain text.
https://ia.cr/2018/1087
https://ia.cr/2018/1090

There is a zero day exploit "PHP_imap_open_exploit" in PHP that allows bypassing disabled exec functions by using call to imap_open.
https://github.com/Bo0oM/PHP_imap_open_exploit

InfoSec Week 45, 2018

A default VirtualBox virtual network device has a vulnerability allowing an attacker with root privilege to escape guest OS, execute commands in ring3 on a host.
All operating systems affected.
https://github.com/MorteNoir1/virtualbox_e1000_0day

Researchers at Radboud University in the Netherlands have revealed encryption vulnerabilities in the solid-state drives (SSD).
Samsung nor Crucial manufacturers are producing buggy firmware where anybody who steals your drive is able to decrypt it on their own.
https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf

Police in the Netherlands were able to decrypt more than 258,000 messages sent using proprietary IronChat end-to-end (probably not) encrypted messaging application.
Lessons learned: do not use custom, proprietary, "exclusive" application nobody else except your gang members have...
https://www.politie.nl/en/news/2018/november/02-apeldoorn-police-have-achieved-a-breakthrough-in-the-interception-and-decryption-of-crypto-communication.html

The first release of 5G (3GPP Release 15) includes protection against an active IMSI catching.
"But in a typical case where 5G UE also supports LTE, it is still vulnerable to LTE IMSI catchers."
https://arxiv.org/abs/1811.02293

New "PortSmash" CPU side channel vulnerability impacts all CPUs that use a Simultaneous Multithreading (SMT).
The vulnerability has been discovered by researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba.
https://github.com/bbbrumley/portsmash

Troy Hunt published blog on how passwords are superior to many alternative methods, primarily because "everyone understands how to use it".
https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/

US Cyber Command (USCYBERCOM) starts uploading unclassified foreign APT malware samples to VirusTotal.
https://www.cybercom.mil/Media/News/News-Display/Article/1681533/new-cnmf-initiative-shares-malware-samples-with-cybersecurity-industry/

Iran found CIA spies by Googling their online communication channels after double agent told them modus operandi.
https://www.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html

Some explanation by Doug Madory of Oracle on how and when China Telecom hijacked BGP routing to send US-to-US traffic via mainland China.
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection

Early version of an open source, free WireGuard for iOS VPN tunneling implementation is in public testing.
https://lists.zx2c4.com/pipermail/wireguard/2018-November/003526.html

Microsoft releases a Linux version of their ProcDump Sysinternals Tool.
https://github.com/Microsoft/ProcDump-for-Linux


Page 1 / 10