Tag Zerodium

InfoSec Week 2, 2019

Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
https://www.thelocal.de/20190108/suspect-20-arrested-over-massive-german-politician-data-hack

Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
https://lwn.net/Articles/776404/

Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook
https://news.ycombinator.com/item?id=18864354

Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
https://cyber.gov.au/individual/news/whatsapp-gold-hoax/

After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
https://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-hunters

Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
https://www.nytimes.com/2019/01/08/nyregion/el-chapo-trial.html
https://twitter.com/alanfeuer/status/1083033189956964353

Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
https://www.mci.gov.sg/~/media/mcicorp/doc/report%20of%20the%20coi%20into%20the%20cyber%20attack%20on%20singhealth%2010%20jan%202019.pdf?la=en

Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620

If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
https://twitter.com/marcan42/status/1080869868889501696

Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
https://twitter.com/Zerodium/status/1082259805224333312

Security engineer Chris Palmer published blog about the state of software security in 2019.
https://noncombatant.org/2019/01/06/state-of-security-2019/

The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
https://github.com/nationalsecurityagency

Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
https://arxiv.org/abs/1901.01161

Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
https://arxiv.org/abs/1810.11888

InfoSec Week 37, 2018

Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/

Zerodium exploit acquisition program published a serious Tor Browser 7.x vulnerability leading to a full bypass of Tor / NoScript 'Safest' security level which is supposed to block all javascript.
This kind of bug is an law enforcement dream.
https://twitter.com/Zerodium/status/1039127214602641409

Very interesting read from Troy Hunt on the effectiveness of negative media coverage and shaming of bad security.
https://www.troyhunt.com/the-effectiveness-of-publicly-shaming-bad-security/

Researchers say that the developers of Adware Doctor, the fourth highest ranking paid app in the Mac App Store, have found a way to bypass Apple restrictions and sends the browsing history of its users to a server in China. Apple already removed the application from the Mac Store.
https://objective-see.com/blog/blog_0x37.html

Apple has also removed most of the popular security applications offered by cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.
https://www.bleepingcomputer.com/news/security/trend-micro-apps-leak-user-data-removed-from-mac-app-store/

European Court of Human Rights rules that GCHQ Data collection violates the human rights charter.
https://www.theguardian.com/uk-news/2018/sep/13/gchq-data-collection-violated-human-rights-strasbourg-court-rules

The Iran government, at least since 2016, is is spying on its citizens, Kurdish and Turkish natives, and ISIS supporters, using mobile applications with a malware.
The operation has been named Domestic Kitten.
https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/

Researchers introduced previously overlooked side-channel attack vector called Nemesis that abuses the CPU’s interrupt mechanism to leak microarchitectural instruction timings from enclaved execution environments such as Intel SGX, Sancus, and TrustLite.
https://github.com/jovanbulck/nemesis

India’s controversial Aadhaar identity database software was hacked, ID database compromised.
The vulnerability could allow someone to circumvent security measures in the Aadhaar software, and create new entries.
https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472

Criminals are faking Google Analytics script to steal credential and stay under the radar.
https://gwillem.gitlab.io/2018/09/06/fake-google-analytics-malware/

The OpenSSL team released version 1.1.1. There are a lots of new features like TLS 1.3 support, side-channel hardening, new RNG, SHA3, Ed25519 support.
https://www.openssl.org/blog/blog/2018/09/11/release111/