Estonia sues Gemalto for €152M over ID card flaws. According to an article, some keys were NOT generated on a smartcard due to a scaling issue.
Well, looks like they are not affected by ROCA vulnerability, just compromised by Gemalto:)
Apple laptops on Intel chipsets were running in the Intel Management Engine Manufacturing Mode. The vulnerability (CVE-2018-4251) was patched in macOS High Sierra update 10.13.5.
By exploiting the vulnerability, an attacker could write old versions of Intel ME without physical access to the computer, with the possibility of running arbitrary code in ME.
The FBI took down Phantom Secure, a Canadian (not only) encrypted communication service.
The company turned smartphones to a single use encrypted communication devices, mostly to be used by drug kingpins.
The service was sold only to a customers recommended by the existing one.
The US-CERT has released a technical alert warning about a new "FASTCash" ATM scheme being used by the North Korean APT hacking group.
The malware installed on the issuers' compromised switch application servers intercepts the transaction request and responds the fake responses, fooling ATMs to spit out a large amount of cash.
Brian Krebs wrote about the really clever phishing scam schemes executed over the phone. They are pretending to be a bank, and have lots of information about the victim before the scam occurs.
Some Reddit guy found tiny Linux PC hooked to to a router in his apartment. Investigation showed, that it is some kind of information stealing device and the info collectors are paying a "rent" to a roommate which implanted it on his own network. https://www.reddit.com/r/whatisthisthing/comments/9ixdh9/found_hooked_up_to_my_router/e6nh61r/
Facebook published some technical details about the recent profile leaking vulnerability.
The attackers connected three bugs and basically automated the whole process of obtaining user access tokens.
ESET researchers documented the first UEFI rootkit found in the wild. Called LoJax, the rootkit is targeting central, eastern Europe and Balkan government organizations.
Conor Patrick recently launched Kickstarter campaign for Solo, the first open source FIDO2 USB, NFC security key. Support it!
A step-by-step Linux kernel exploitation for CVE-2017-11176 with the exploit code included.
Samsung Galaxy S9 and S9+ devices, maybe others, are texting camera photos to random contacts through the Samsung Messages app without user permission.
Gentoo Linux distribution GitHub repository was compromised. Attacker removed out all the maintainers, who realized the intrusion only 10 minutes after he gained access. He add
rm -rf /* to build scripts, changed README and some minor things.
Since January 2017, Stylish browser extension has been augmented with spyware that records every single website that its 2 million other users visit, then sends complete browsing activity back to its servers, together with a unique identifier.
Digicert Withdraws from the CA Security Council (CASC), because they "feel that CASC is not sufficiently transparent and does not represent the diversity of the modern Certificate Authority (CA) industry. Improving the ecosystem requires broad participation from all interested stakeholders, and many are being excluded unnecessarily."
Great step Digicert!
CryptoCurrency Clipboard Hijacker malware discovered by Bleeping Computer monitors for more than 2.3 million Bitcoin addresses, then replace them in memory, with the attacker address.
Local root jailbreak, authorization bypass & privilege escalation vulnerabilities in all ADB broadband routers, gateways and modems. The patch is already available.
A Microsoft Security division published an analysis of the malware sample which exploited the Adobe Reader software and the Windows operating system using two zero-day exploits in a single PDF file.
Blog about why it is not helpful to use the Canvas Defender extension, a browser canvas fingerprinting countermeasure.
Blog about the cryptographic primitives used by the North Korean Red Star operating system. The OS is mostly uses AES-256 Rijndael with dynamic S-Box modifications, but the design is evolving and the latest version of the algorithm has more differences.
Interesting technique how to bypass web-application firewalls by abusing SSL/TLS. An attacker can use an unsupported SSL cipher to initialize the connection to the webserver which supports that cipher, but the WAF would not be able to identify the attack because it can't view the data.
Good introduction to the Linux ELF file format with some practical examples how sections look like, how to shrink the size during compilation and more.
The city of Atlanta government has become the victim of a ransomware attack. The ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees were told to turn off their computers.
The academic researchers have discovered a new side-channel attack method called BranchScope that can be launched against devices with Intel processors and demonstrated it against an SGX enclave. The patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
Good insight into the ransomware business and how it operates, how it transfers Bitcoin funds, with data gathered over a period of two years.
The paper is named "Tracking Ransomware End-to-end"
Mozilla has created a Facebook Container extension for Firefox, which should enable users to protect their online habits by sandboxing Facebook webpage.
Interesting article about the North Korean army of hackers operating abroad with the mission to earn money by any means necessary.
Unified logs in the MacOS High Sierra (up to 10.13.3) show the plain text password for APFS encrypted external volumes via disk utility application.
SophosLabs researchers analyzed a new Android malware which is pretending to he a legitimate QR reader application, but actually is monetizing users by showing them a flood of full-screen advertisements. More than 500k apps were installed.
CloudFlare published a Merkle Town dashboard, Certificate Transparency logs visualization tool.
Facebook is tracking users' phone call information via their Android Messenger application.
There are multiple critical vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software.
New version (4.0) of the most secure operating system on the planet - Qubes OS was released.
A.P. Moller–Maersk Group, the world's largest container shipping company, reinstalled 45000 PCs and 4000 Servers to recover from the NotPetya ransomware attack.
The U.S. Secret Service is warning financial institutions that ATM jackpotting attacks are targeting cash machines in the United States. Attackers are able to empty Diebold Nixdorf and possibly other ATM machines with malware, endoscope and social engineering skills.
Microsoft disables Spectre software mitigation released earlier this month due to system instability.
Data from the fitness tracking app Strava gives away the location of sensitive locations like army bases.
China built African union building for free, but the building is riddled with microphones and computers are transmitting all voice data back to servers in Shanghai.
Journalist Marc Miller has interviewed one of the hackers of the ICEMAN group behind "Emmental" phishing campaign targeting bank clients.
Errata Security blog about the political nature of the cyber attack attribution. Mostly about the WannaCry and North Korea connection, but it is a good overview on attribution bias in general.
Great article about the largest malvertising campaign of a last year. So called Zirconium group operated up to 30 different ad agencies which enabled them to redirect users to the exploit kits, malware downloads and click fraud websites.
AutoSploit is an automated exploitation tool written in python. It is able to search for targets using Shodan.io API and exploiting them with Metasploit.