InfoSec Week 18, 2017

Posted on 10 May 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Some good souls are selling Ransomware as a service. It has own logo, support, bug tracker, and a clean website.
https://therainmakerlabs.in/philadelphia

The webpage of the open-source video transcoder application Handbrake was compromised and served malware for the Mac users.
https://objective-see.com/blog/blog_0x1D.html

Comparison of the "http81 IoT botnet" against the Mirai source code. The C&C code is different, but they took some parts of the published source code.
http://blog.netlab.360.com/http-81-botnet-the-comparison-against-mirai-and-new-findings-en/
http://blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/

IBM shipped malware infected USB flash drives to the customers.
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146

Shodan can now find malware C&C servers.
https://malware-hunter.shodan.io/
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/

Deep insight into use-after-free vulnerability and many possibilities how to exploit it. https://scarybeastsecurity.blogspot.ch/2017/05/ode-to-use-after-free-one-vulnerable.html

Critical remotely exploitable vulnerability found in the Microsofts' Malware Protection service.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
https://technet.microsoft.com/en-us/library/security/4022344

The criminals are stealing 2FA tokens by abusing widespread telecommunications network equipment.
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/

Guido Vranken found a vulnerability (CVE-2017-8779) that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote RPCBIND host, and the memory is never freed unless the process crashes or the administrator halts or restarts the RPCBIND service.
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/

Good summary of an iCloud Keychain Secrets vulnerability (CVE-2017–2448). From the blog:
"This allows an adversary to craft an OTR message which can negotiate a key successfully while bypassing the actual signature verification...Considering that OTR uses ephemeral keys for encryption, this flaw implies that a syncing identity key is no longer required for an adversary with Man In The Middle capabilities to negotiate an OTR session to receive secrets."
https://hackernoon.com/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605

Researchers developed the cheapest way so far to hack a passive keyless entry system, as found on some cars. No cryptography broken.
https://conference.hitb.org/hitbsecconf2017ams/sessions/chasing-cars-keyless-entry-system-attacks/
https://hackaday.com/2017/04/27/stealing-cars-for-20-bucks/

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
https://github.com/evilsocket/opensnitch

Linux Malware Detect (LMD) is a malware scanner for Linux designed around the threats faced in shared hosted environments.
https://github.com/rfxn/linux-malware-detect


Comments !