Tag ShadowBrokers

InfoSec Week 43, 2018

A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!
https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206

A massive ad fraud scheme involving more than 125 Android apps and websites exploited Android Phones to steal millions.
Literally, almost everybody is doing this scheme against the smartphone users these days.
https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to

Kaspersky Lab analyzed complex DarkPulsar backdoor administrative module for a malware leaked by the ShadowBrokers.
They have found around 50 victims located in Russia, Iran and Egypt, mostly companies working in the nuclear energy, telecommunications, IT, aerospace and R&D.
https://securelist.com/darkpulsar/88199/

Haaretz investigation reveals Israel has become a leading exporter of tools for spying on civilians.
Dictators around the world use them eavesdrop on human rights activists, monitor emails, hack into apps and record conversations.
https://www.haaretz.com/israel-news/.premium.MAGAZINE-israel-s-cyber-spy-industry-aids-dictators-hunt-dissidents-and-gays-1.6573027

The consultancy firm McKinsey helping Saudi Arabia identify influential Saudis who opposed the government's line on Twitter.
Some of those individuals were later imprisoned & targeted with sophisticated spyware.
https://www.nytimes.com/2018/10/20/us/politics/saudi-image-campaign-twitter.html

Companies building "Smart home" products refuse to say whether law enforcement is using their products to spy on citizens.
https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/

Mozilla announces experimental partnership with the ProtonVPN.
They will offer a virtual private network (VPN) service to a small group of Firefox users.
https://blog.mozilla.org/futurereleases/2018/10/22/testing-new-ways-to-keep-you-safe-online/

The UK grassroots internet provider is testing a data only SIM card that blocks any non-Tor traffic from leaving the phone.
https://motherboard.vice.com/en_us/article/d3qqj7/sim-card-forces-data-through-tor-brass-horn-communications

That feeling when you can steal a Tesla by relay attack (or key cloning?), but you have to Google how to unplug the charger.
https://gizmodo.com/hackers-allegedly-caught-on-video-stealing-tesla-model-1829905478

An insightful review of Android's secure backup practices published by NCC Group.
https://www.nccgroup.trust/us/our-research/android-cloud-backuprestore/?research=Public+Reports

Endpoint security pioneer Joanna Rutkowska leaves Qubes OS, joins the Golem project.
https://www.qubes-os.org/news/2018/10/25/the-next-chapter/

Matthew Green wrote a post on password-based authenticated key exchange (PAKE )and the new OPAQUE protocol.
Quite useful techniques more people should know about.
https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/

Signal Desktop leaves message decryption key in the plain text.
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

Trail of Bits published a useful guide to the post-quantum cryptography.
https://blog.trailofbits.com/2018/10/22/a-guide-to-post-quantum-cryptography/

InfoSec Week 29, 2017

Microsoft has analyzed EnglishmansDentist exploit used against the Exchange 2003 mail servers on the out-dated Windows Server 2003 OS. Exploit was released by ShadowBrokers back in April 2017.
https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/

ESET researchers have analyzed a Stantinko botnet consisting of almost half a million machines used for ad-related fraud. It uses malicious Chrome extensions, but also creating and managing Facebook profiles and brute-forcing Joomla and WordPress websites.
https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/

A buffer overflow in the Source SDK in Valve's Source SDK allows an attacker to remotely execute code on a user's computer machine.
https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/
https://motherboard.vice.com/en_us/article/nevmwd/counter-strike-bug-allowed-hackers-to-completely-own-your-computer-with-a-frag

Secure messaging application Wire is now supporting end-to-end encrypted chats, file sharing and calls to businesses. But it's paid feature.
https://medium.com/@wireapp/wire-at-work-introducing-teams-beta-e50dacf6e9f1

Briar, a secure messaging app for Android, was released for a public beta testing. It's using Tor, or P2P direct messaging over Wifi, Bluetooth. Very interesting project.
https://briarproject.org/news/2017-beta-released-security-audit.html

D. J. Bernstein has published blog about the secure key material erasure: "2017.07.23: Fast-key-erasure random-number generators"
https://blog.cr.yp.to/20170723-random.html

Google Project Zero analyzed the security properties of the two major Trusted Execution Environment present on Android devices - Qualcomm’s QSEE and Trustonic’s Kinibi.
https://googleprojectzero.blogspot.sk/2017/07/trust-issues-exploiting-trustzone-tees.html

Prowler is a tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark.
https://github.com/alfresco/prowler

Hardentools is a utility that disables a number of risky Windows "features" exposed by Windows operating system.
https://github.com/securitywithoutborders/hardentools