InfoSec Week 6, 2017

Posted on 12 February 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

A new malware called MacDownloader, attributed to the Iran, targeting macOS systems spotted in the wild. Spreading as an Adobe Flash installer or a Bitdefender Adware Removal Tool, depend on social engineering. After installation, it attempts to exfiltrate OS X keychain database as well as the other system information.
https://iranthreats.github.io/resources/macdownloader-macos-malware/

Google Project Zero investigated inner-working of Real-Time Kernel Protection (RKP) used by Samsung KNOX using a fully updated Galaxy S7 Edge. They have presented multiple vulnerabilities which allow them to subvert each of RKP’s security mechanisms.
https://googleprojectzero.blogspot.ch/2017/02/lifting-hyper-visor-bypassing-samsungs.html

A former National Security Agency contractor Harold T. Martin III is accused of carrying out theft of 50 terabytes of classified information.
"The indictment against Harold T. Martin III is expected to contain charges of violating the Espionage Act by "willfully" retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against "a known enemy" of the United States, according to individuals familiar with the case."
https://www.washingtonpost.com/world/national-security/prosecutors-to-seek-indictment-against-former-nsa-contractor-as-early-as-this-week/2017/02/06/362a22ca-ec83-11e6-9662-6eedf1627882_story.html

Google Chrome 56 lets websites connect to Bluetooth devices and harvest information from them through the browser. Summary of the Web Bluetooth API security model written by Chrome team's Jeffrey Yasskin can be found on Medium.
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2

Doctor Web detects new Mirai trojan fork able to use Windows machines when scanning the internet for the other targets.
http://vms.drweb.com/search/?q=Trojan.Mirai.1

CRYSIS ransomware family is targeting a US healthcare sector via remote desktop (RDP) brute force attacks.
http://blog.trendmicro.com/trendlabs-security-intelligence/brute-force-rdp-attacks-plant-crysis-ransomware/

A new ransomware known as "Serpent" is targeting Danish recipients using emails linking to malicious Microsoft Office documents.
https://www.proofpoint.com/us/threat-insight/post/new-serpent-ransomware-targets-danish-speakers

Multiple proponents of Mexico’s 2014 soda tax aimed at reducing consumption of sugary drinks in Mexico were targeted by spyware.
The malicious program is developed by an Israeli cyberarms dealer NSO Group.
https://www.nytimes.com/2017/02/11/technology/hack-mexico-soda-tax-advocates.html

Keybase introduced an end-to-end crypto app for secure interactive messaging which works with already established 3rd party accounts.
Interesting solution to the key exchange problem, other solutions usually use a Trust On First Use (TOFU). Just to note, only "exploding" messages have forward secrecy.
https://keybase.io/blog/keybase-chat

Wire’s encrypted messaging protocol got audited. Kudelski Security and X41 D-Sec found it to have "high security, thanks to state-of-the-art cryptographic protocols and algorithms, and software engineering practices mitigating the risk of software bugs."
https://research.kudelskisecurity.com/2017/02/09/wire-cryptography-audit-with-x41-d-sec/ https://medium.com/wire-news/wires-independent-security-review-61f37a1762a8

A great story about the Russian "research" company which reverse engineered older slot machines in order to predict the output. And they are cashing in on it...
https://www.wired.com/2017/02/russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix/


Comments !