InfoSec Week 2, 2017

Posted on 13 January 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Brother and sister arrested in Italy for spying on top public officials, businessmen and institutions. They wrote a VB.NET malware with RAT / spyware features. They infected high level targets via spear-phishing and pivoted on their email to infect more higher level targets. They had terrible OPSEC, bought some domains and hosting with real names.
http://www.telegraph.co.uk/news/2017/01/10/italian-brother-sister-arrested-cyber-espionage-operation-tapped/ https://jekil.sexy/blog/2017/eyepyramid-i-forgot-to-do-myhomework.html

BuzzFeed article about Trump claims that the Russian Security Service FSB has "capabilities" against the Telegram messaging app. Security researcher Frederic Jacobs wrote about this back in April 2016.
https://www.fredericjacobs.com/blog/2016/04/29/more-on-sms-logins/ https://twitter.com/i/web/status/819127046588813313 https://www.buzzfeed.com/kenbensinger/these-reports-allege-trump-has-deep-ties-to-russia

At 33rd Chaos Communication Congress, security researcher Claudio Guarnieri launched open initiative "Security Without Borders". "Security Without Borders will provide digital security assistance to organizations to harden infrastructure against attacks, perform incident response to secure organizations, engage in public education, and produce research on the threats posed to activists. Among our members we count penetration testers, malware analysts, reverse engineers, vulnerability researchers, and software developers."
https://securitywithoutborders.org/ https://medium.com/security-without-borders/transmission-1-7eaae7bc8caf

3 BYTES long RSA key secures implanted cardiac devices, and yes, it's also backdoored. As Matthew Green said on Twitter: "But in case 24-bit RSA isn't bad enough, the manufacturers also included a hard-coded 3-byte fixed override code. I'm crying now." Public statement: "The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks."
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm http://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/index.html

Security company Emsisoft spotted a new ransomware named Spora, that allows potential victims to pay for immunity from future attacks. From the article: "You can choose to only recover your files or pay for removal of the ransomware and immunity from future attacks at an extra cost." It has also very interesting intel gathering technique, which is later used for the monetisation.
http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/

Google has released a toolkit for a transparent and secure way to look up public keys. "Key Transparency can be used as a public key discovery service to authenticate users and provides a mechanism to keep the service accountable." This solves an open problem in messaging.
https://github.com/google/key-transparency/

Company E-Sports Entertainment Association refused to pay $100,000 to hackers, so they published customer dataset online.
http://fortune.com/2017/01/10/hackers-havoc-ransomware-esea/

Popular browsers and extensions can be tricked into leaking private information using hidden text boxes. https://github.com/anttiviljami/browser-autofill-phishing

Fake "Migrant Helpline" donations emails delivers malware.
https://myonlinesecurity.co.uk/spoofed-migrant-helpline-donations-delivers-malware/


Comments !