Tag Norway

InfoSec Week 6, 2019

Insurance Company says to the Mondelez customer that the NotPetya ransomware attack was an act of cyber war and therefore not covered by the policy.
https://ridethelightning.senseient.com/2019/01/insurance-company-says-notpetya-is-an-act-of-war-refuses-to-pay.html

Hackers breached Norway's Visma IT company to steal client secrets. Many large Norwegian companies are using Visma for accounting.
Attackers are attributed by Reuters sources as backed by the Chinese government.
https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141

Researchers demonstrated a new privacy attack against all variants of the Authentication and Key Agreement (AKA) protocol that impacts 5G, 4G, and 3G telephony protocols. The attack compromises users' privacy more than current known location privacy attacks do.
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/

Looks like Go language had vulnerabilities in the Elliptic Curve Cryptography implementation which could allow attackers to cause a denial of service or possible private key recovery attacks.
https://www.debian.org/security/2019/dsa-4380

It is possible to trick Evolution email application users into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself.
https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html

Good long-form story about the young cyber criminals and young girlfriend that followed their lies to her death. It does not have a happy ending.
https://www.buzzfeednews.com/article/josephbernstein/tomi-masters-down-the-rabbit-hole-i-go

Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them.
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Article 13, the new European Union copyright law is back and it got worse, not better. https://juliareda.eu/2019/02/article-13-worse/

Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.
https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html

There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software.
https://thehackernews.com/2019/02/hacking-libreoffice-openoffice.html

Nadim Kobeissi is discontinuing his secure online chat Cryptocat. Thanks for service, it had nice user interface.
https://twitter.com/i/web/status/1092712064634753024

Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare.
https://www.byline.com/column/67/article/2412

InfoSec Week 44, 2017

There are at least 14 newly discovered vulnerabilities in the Linux kernel USB subsystem. The vulnerabilities were found by the Google syzkaller kernel fuzzer. According to the researchers, all of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.
http://www.openwall.com/lists/oss-security/2017/11/06/8

Mozilla will remove root certificate of the Staat der Nederlanden (State of the Netherlands) Certificate Authority from Firefox browser if the Dutch government vote a new law that grants local authorities the power to intercept Internet communication using "false keys".
https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrust-dutch-https-provider-because-of-local-dystopian-law/

Bug hunter Scott Bauer has published an in depth analysis of the Android remotely exploitable bug in the blog post named "Please Stop Naming Vulnerabilities: Exploring 6 Previously Unknown Remote Kernel Bugs Affecting Android Phones".
https://pleasestopnamingvulnerabilities.com/

Some web pages use textfield with the CSS "asterix" trick instead of the password field so they can bypass browser security warning when password field is on an unencrypted web page. Nonsense.
https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/

More than 54 thousand have the same pair of 512-bit RSA keys as their DNS Zone Signing Keys.
https://lists.dns-oarc.net/pipermail/dns-operations/2017-October/016878.html

Good blog from the ElcomSoft about the history and current possibilities in the iOS and iCloud forensics.
https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

The Norwegian National Communications Authority reported GPS signal jamming activity in the Finnmark region near the Russian border.
https://twitter.com/aallan/status/926553232591159296/photo/1
https://rntfnd.org/wp-content/uploads/Norway-Comms-Auth-Report-GPS-Jamming-Sept-2017.pdf

Mac and Linux versions of the Tor anonymity software contained a flaw that can leak users real IP addresses.
https://blog.torproject.org/tor-browser-709-released

Software and HDL code for the PCILeech FPGA based devices that can be used for the Direct Memory Access (DMA) attack and forensics is now available on a GitHub. The FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system.
https://github.com/ufrisk/pcileech-fpga