Tag Signal

InfoSec Week 8, 2018

Fraudsters are impersonating authors and publishing computer generated books so they can launder money via Amazon.

Crooks made over $3 million by installing cryptocurrency miners on Jenkins Servers by exploiting Java deserialization RCE vulnerability (CVE-2017-1000353) in the Jenkins.

Tesla's Kubernetes installed in the Amazon AWS infrastructure was compromised by hackers.They have set up private cryptocurrency mining pool there.

The co-founder of WhatsApp, Brian Acton, has given $50 millions to support Signal messenger and create a self-sustaining foundation. Very good news for this donation funded privacy technology.

Hackers are exploiting the CISCO ASA vulnerability (CVE-2018-0101) in attacks in the wild.

Security Researcher Troy Hunt published half a billion passwords collected and processed from various breaches. There is also API for this dataset, and some statistics about the password usage.

There is a critical vulnerability in Mi-Cam baby monitors that let attackers spy on infants. At least 52k users are affected.

Public key cryptography explained in the form of Ikea instructions. Check other images as well!

InfoSec Week 2, 2018

New research has found a flaw in a group messaging part of a Signal protocol used by Signal, WhatsApp and Threema. It’s hardly exploitable, but the server (attacker) could be, in some theoretical scenario, able to silently join an encrypted group chat.

Janit0r, author of the mass internet scanning campaign known as Internet Chemotherapy, released two more blogs about the campaign. Interesting.

A tale about the npm package which crawled user entered credit card information from the websites. It is a work of fiction, but published few hours after dozens of npm packages stopped working due to missing dependencies... Scary.

HC7 Planetary Ransomware is probably the first known ransomware asking for Ethereum as a ransom payment. It's for Windows users only.

There is a hardwired network backdoor in the Western Digital MyCloud drives (user: mydlinkBRionyg, password: abc12345cba). Vendor probably patched it six months after reported.

Wi-Fi Protected Access III - WPA3 will be forced on a marked this year. Hopefully a lot of security enhancements to wi-fi protocol will be delivered by the WPA3-certified devices.

Let's Encrypt certification authority has temporarily disabled TLS-SNI-01 authorization challenge due to reported exploitation technique possible on a shared hosting infrastructure.

Google Cloud security engineers reported remote code execution vulnerability in the AMD Platform Security Processor.

Brian Krebs wrote a blog about the flourishing online markets with the stolen credentials.

VirusTotal has a new feature, a visualization tool for the relationship between files, URLs, domains and IP addresses.

A Meltdown vulnerability proof of concept for reading passwords out of Google Chrome browser.

InfoSec Week 38, 2017

The ZNIU Android malware is exploiting Linux kernel "Dirty COW" vulnerability to install itself on a device and collect money through the SMS-enabled payment service.

Good introduction blog into the art of binary fuzzing and crash analysis demonstrated by fuzzing famous open-source Mimikatz software.

Security researcher Inti De Ceukelaire has gained access to company team pages by exploiting faulty business logic in popular third-party on-line helpdesks.

Server part of the Wire end-to-end encrypted instant messenger application is now open-source, but there are lots of external dependencies and no documentation yet.

A brief description behind the technology of a private contact discovery used in Signal messenger.

X41 IT Security company has released an in-depth analysis of the three leading enterprise web browsers Google Chrome, Microsoft Edge, and Internet Explorer.

A nice list of a various open-source honeypot projects available on-line.

SigThief - The script that will rip a signature off a signed PE file and append it to another one, fixing up the certificate table to sign the file. It's not a valid signature BUT it's enough for some anti-viruses to flag the executable as trustworthy.

InfoSec Week 34 - 35, 2017

Autodesk A360 cloud-based online storage misused as a delivery platform for multiple malware families.

Brian Krebs has done a good open source intel work on a shadowy past of Marcus Hutchins, author of the popular cybersecurity blog MalwareTech.

Wikileaks has published documents about the CIA Angelfire - "persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7)"

ESET has published a research paper about a Gazer, stealth cyberespionage trojan, attributed to the notoriously known Turla group. The group was spreading malware using watering hole and spearphishing campaigns. I cannot find any more direct attribution except the fact that it is targeting "embassies and consulates" which, I believe, are a very common target for every intelligence actor...

Zimperium Researcher Adam Donenfeld published a proof-of-concept for iOS Kernel Exploit.

Very good analysis of a group chat vulnerabilities in a popular IM applications:
"Insecurities of WhatsApp's, Signal's, and Threema's Group Chats"

Cloudflare's blog post about a quantum resistant supersingular isogeny Diffie-Hellman key agreement used in TLS 1.3.

A Phrack-style paper on research into abusing Windows token privileges for escalation of privilege. Deep down the rabbit hole.

Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the Intel Management Engine.

Secure communication: Pond

The Pond is asynchronous, encrypted, forward-secure messaging application written by Adam Langley in Go programming language.