Tag Oracle

InfoSec Week 45, 2018

A default VirtualBox virtual network device has a vulnerability allowing an attacker with root privilege to escape guest OS, execute commands in ring3 on a host.
All operating systems affected.
https://github.com/MorteNoir1/virtualbox_e1000_0day

Researchers at Radboud University in the Netherlands have revealed encryption vulnerabilities in the solid-state drives (SSD).
Samsung nor Crucial manufacturers are producing buggy firmware where anybody who steals your drive is able to decrypt it on their own.
https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf

Police in the Netherlands were able to decrypt more than 258,000 messages sent using proprietary IronChat end-to-end (probably not) encrypted messaging application.
Lessons learned: do not use custom, proprietary, "exclusive" application nobody else except your gang members have...
https://www.politie.nl/en/news/2018/november/02-apeldoorn-police-have-achieved-a-breakthrough-in-the-interception-and-decryption-of-crypto-communication.html

The first release of 5G (3GPP Release 15) includes protection against an active IMSI catching.
"But in a typical case where 5G UE also supports LTE, it is still vulnerable to LTE IMSI catchers."
https://arxiv.org/abs/1811.02293

New "PortSmash" CPU side channel vulnerability impacts all CPUs that use a Simultaneous Multithreading (SMT).
The vulnerability has been discovered by researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba.
https://github.com/bbbrumley/portsmash

Troy Hunt published blog on how passwords are superior to many alternative methods, primarily because "everyone understands how to use it".
https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/

US Cyber Command (USCYBERCOM) starts uploading unclassified foreign APT malware samples to VirusTotal.
https://www.cybercom.mil/Media/News/News-Display/Article/1681533/new-cnmf-initiative-shares-malware-samples-with-cybersecurity-industry/

Iran found CIA spies by Googling their online communication channels after double agent told them modus operandi.
https://www.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html

Some explanation by Doug Madory of Oracle on how and when China Telecom hijacked BGP routing to send US-to-US traffic via mainland China.
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection

Early version of an open source, free WireGuard for iOS VPN tunneling implementation is in public testing.
https://lists.zx2c4.com/pipermail/wireguard/2018-November/003526.html

Microsoft releases a Linux version of their ProcDump Sysinternals Tool.
https://github.com/Microsoft/ProcDump-for-Linux

InfoSec Week 18, 2018

Multiple tech giants like Apple, Microsoft, Google and others formed an industry coalition and have joined security experts in criticizing encryption backdoors, after Ray Ozzie's CLEAR key escrow idea was widely derided. He basically proposed a scheme where the users have no control over their own devices, but the devices can be securely forensically analyzed by the government agencies.
https://www.zdnet.com/article/coalition-of-tech-giants-hit-by-nsa-spying-slams-encryption-backdoors/
https://github.com/rayozzie/clear/blob/master/clear-rozzie.pdf

There is an information leaking vulnerability via crafted user-supplied CDROM image.
"An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu device model process."
QubesOS operationg system is not affected due to the properly compartmentalized architecture.
http://seclists.org/oss-sec/2018/q2/71

Great in-depth blog about the reconstruction of the exploit created by the CIA's "Engineering Development Group" targeting MikroTik's RouterOS embedded operating system. This exploit was made public by the WikiLeaks last year.
http://blog.seekintoo.com/chimay-red.html

Bypassing authentication and impersonating arbitrary users in Oracle Access Manager with padding oracle. The guy basically broke Oracles home grown cryptographic implementation.
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/

There is a critical privilege escalation vulnerability affecting Apache Hadoop versions from 2.2.0 to 2.7.3.
http://seclists.org/oss-sec/2018/q2/82

According to the Arbor Networks' security researchers have claimed that the anti-theft software Absolute LoJack is serving as an espionage software modified by the Russia-based Fancy Bear group.
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/

Wired wrote an article about the famous Nigerian 419 scammers, their culture and why they are still flourishing.
https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

Matrix and Riot instant messenger applications are confirmed as the basis for the France’s government initiative to implement federated secure messenger.
https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-the-basis-for-frances-secure-instant-messenger-app/

Amazon threatens to suspend Signal's secure messenger AWS account over censorship circumvention. They are using different TLS Server Name Indication - "domain fronting" - when establishing connection to circumvent network censorship, but Amazon says it is against their terms of services.
https://signal.org/blog/looking-back-on-the-front/

Respected German CT-Magazine says that there are 8 new Spectre vulnerabilities found in the Intel processors.
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html