Tag Raspberry Pi

InfoSec Week 3, 2019

35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, "Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output."
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Multiple U.S. government websites SSL certificates have expired and some sites are inaccessible due to properly used HTTP Strict Transport Security.
There's nobody there to renew them due to a government shutdown.
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html

Researchers found a new kind of Windows malware using encrypted messaging app Telegram to receive "encrypted" instructions. Nothing innovative with the malware sample, but what is really interesting is, that telegram messages are coupled with unique IDs and malware analysts from the Forcepoint Labs were able to retroactively scrape all the messages issued by the malware operator.
Not sure what kind of channel was used by the bot, but it looks really suspicious to be able to scrape old messages.
https://techcrunch.com/2019/01/17/decrypted-telegram-bot-windows-malware

The researchers at the CanSecWest Vancouver conference will be able to participate in the annual Pwn2Own challenge. This year also in car hacking as Tesla Model 3 will be available.
https://www.zerodayinitiative.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more

One of last surviving Navajo code talkers, Alfred Newman, has passed away at 94. Newman, with many others, developed during World War II an unbreakable code for military transmissions using the unwritten Navajo language.
https://eu.azcentral.com/story/news/local/arizona/2019/01/14/alfred-k-newman-among-last-navajo-code-talkers-has-died/2570535002/

Security researcher Troy Hunt updated his service Have I Been Pwn with 772,904,991 new email addresses and lots of passwords after finding 87GB of leaked passwords and email addresses by the MEGA cloud storage provider.
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

There was a massive data breach at the Oklahoma Securities Commission with millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials leaked.
https://www.newsweek.com/oklahoma-data-breach-may-expose-years-fbi-investigations-report-1293862

Hackers broke into an SEC database and made millions from inside info.
https://www.cnbc.com/2019/01/15/international-stock-trading-scheme-hacked-into-sec-database-justice-dept-says.html

Malicious former employee installed Raspberry Pi in the company network closet, but the Reddit crowd helped with the investigation.
https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html

Great blog post about the factors in authentication. The more factors to be used, the bigger headache from the enrollment procedures.
https://apenwarr.ca/log/20190114

Noise Protocol Framework Explorer created by Nadim Kobeissi now supports generating secure implementations in Go for any arbitrary Noise Handshake Pattern.
https://twitter.com/i/web/status/1085629955202011136

CERT Poland (CERT Polska) opens access to its malware database (MWDB).
https://www.cert.pl/en/news/single/mwdb-our-way-to-share-information-about-malicious-software/

InfoSec Week 23, 2017

Turla malware is communicating with the C&C infrastructure by leaving comments in Britney Spears's Instagram account.
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/

The gang behind Platinum threat is using Intel Active Management technology Serial-over-LAN channel to bypass the software firewall when transferring files, due to operating system independence of this low level technology.
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/

Montenegro is continuously targeted by cyber attacks attributed to the APT28 group as a part of a broader influence campaign.
http://securityaffairs.co/wordpress/59820/apt/apt28-targets-montenegro.html

MacSpy malware-as-a-service is a feature rich RAT targeting OS X operating system.
https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service

IBM researchers analyzed QakBot banking trojan responsible for "lock out" of the hundreds of Active Directory users.
https://securityintelligence.com/qakbot-banking-trojan-causes-massive-active-directory-lockouts/

A Linux malware is installing cryptocurrency mining software on Raspberry Pi via SSH. It's using only default SSH user & passphrase.
https://www.bleepingcomputer.com/news/security/linux-malware-mines-for-cryptocurrency-using-raspberry-pi-devices/

The GNU Privacy Guard (GnuPG) developers start new fundraising effort for the continued development of this well known encryption software.
If you want to know more about the capabilities of GnuPG, check the linked "An Advanced Intro to GnuPG" presentation from the last year.
Please, donate.
https://gnupg.org/donate/
https://begriffs.com/posts/2016-11-05-advanced-intro-gnupg.html