The AWS team published blog about the recent improvements to the secure random number generation in Linux 4.14, OpenSSL and libc.
Really good introduction to the anonymous communication network design and mix nets in general, published by Least Authority.
Those guys reverse-engineered the Furby Connect DLC file format and are able to remotely upload their own logos, songs to the device over Bluetooth.
There is a critical vulnerability in the MacOS High Sierra, anyone can login as root with empty password after clicking on login button several times. For now, it could be mitigated by just changing the root password.
Very good investigative journalism about the mysterious NSA contractor which could provided top secret documents to the Shadow Brokers.
Uber paid hackers $100k to delete stolen data on 57 million people and shut up. They have even tried to fake it as an bug bounty payment.
Someone published remote code execution exploit for the Exim Mail server (CVE-2017-16944) on GitHub. Shodan.io shows more than 400k servers with the vulnerable CHUNKING feature.
Some good souls are selling Ransomware as a service. It has own logo, support, bug tracker, and a clean website.
The webpage of the open-source video transcoder application Handbrake was compromised and served malware for the Mac users.
Comparison of the "http81 IoT botnet" against the Mirai source code. The C&C code is different, but they took some parts of the published source code.
IBM shipped malware infected USB flash drives to the customers.
Shodan can now find malware C&C servers.
Deep insight into use-after-free vulnerability and many possibilities how to exploit it. https://scarybeastsecurity.blogspot.ch/2017/05/ode-to-use-after-free-one-vulnerable.html
Critical remotely exploitable vulnerability found in the Microsofts' Malware Protection service.
The criminals are stealing 2FA tokens by abusing widespread telecommunications network equipment.
Guido Vranken found a vulnerability (CVE-2017-8779) that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote RPCBIND host, and the memory is never freed unless the process crashes or the administrator halts or restarts the RPCBIND service.
Good summary of an iCloud Keychain Secrets vulnerability (CVE-2017–2448). From the blog:
"This allows an adversary to craft an OTR message which can negotiate a key successfully while bypassing the actual signature verification...Considering that OTR uses ephemeral keys for encryption, this flaw implies that a syncing identity key is no longer required for an adversary with Man In The Middle capabilities to negotiate an OTR session to receive secrets."
Researchers developed the cheapest way so far to hack a passive keyless entry system, as found on some cars. No cryptography broken.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Linux Malware Detect (LMD) is a malware scanner for Linux designed around the threats faced in shared hosted environments.
Crooks are already using recently leaked NSA hack tools to exploit thousands of unpatched Windows machines.
Bosch Drivelog Connector dongle could allow hackers to halt the engine.
Android MilkyDoor malware lets attackers infiltrate phone's connected networks via Secure Shell (SSH) tunnels.
The Hajime IoT worm is hardening IoT devices (closing open ports for now) to lock out other IoT malware. The code is not weaponised, contains only white hat's message.
The guy found out how to trade other customers' stocks due to the bad implementation of the iPhone trading app.
NVIDIA is shipping node.js under the name "NVIDIA Web Helper.exe". As it's signed by the NVIDIA key, the application is whitelisted by Microsoft AppLocker, and can be used for bypassing protection.
Criminals are spreading financial malware using spam emails disguised as a payment confirmation email from Delta Air. Looks genuine. https://heimdalsecurity.com/blog/hancitor-malware-delta-airlines/
Some darkmarket real IP addresses can be found through the Shodan search.
"RAMP (Russian drug market, server in Russia) and Hydra (international drug market, server in Germany) are leaking.Anyone see other big ones?"
Nice blog about the common mistakes done by developers when using encryption \ secrets.
Apple File System (APFS), introduced in March 2017, reverse engineered by Jonas Plum.
WikiLeaks publishes the User Guide for CIA's "Weeping Angel" tool - an implant designed for Samsung F Series Smart Televisions. Based on the "Extending" tool from MI5/BTSS, the implant is designed to record audio from the built-in microphone and egress or store the data.
Funny research paper co-authored by Daniel J. Bernstein, "Post-quantum RSA", explores potential "parameters for which key generation,
encryption, decryption, signing, and verification are feasible on today’s computers while all known attacks are infeasible, even assuming highly scalable quantum computers".
Funny part is that the actual parameters are "really" practical. Example: "For the 2Tb (256GB) encryption, the longest multiplication took 13 hours, modular reduction took 40 hours, and in total encryption took a little over 100 hours."
A local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS.
fake sandbox processes (FSP) - script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid. Windows only. https://github.com/Aperture-Diversion/fake-sandbox