InfoSec Week 34, 2018

Posted on 24 August 2018
SUBSCRIBE TO A WEEKLY NEWSLETTER!

If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.
https://raymii.org/s/blog/Linux_on_Microsoft_Azure_Disable_this_built_in_root_access_backdoor.html

There is a good blog post by Stuart Schechter about the dark side of the two factor authentication. Highly recommended reading.
https://medium.com/@stuartschechter/before-you-turn-on-two-factor-authentication-27148cc5b9a1

Great research by Eyal Ronen, Kenneth G. Paterson and Adi Shamir demonstrate that adopting pseudo constant time implementations of TLS are not secure against the modified Lucky 13 attack on encryption in CBC-mode. Tested against four fully patched implementations of TLS - Amazon's s2n, GnuTLS, mbed TLS and wolfSSL.
https://eprint.iacr.org/2018/747

Traefik, popular open source reverse proxy and load balancing solution is leaking (CVE-2018-15598) TLS certificate private keys via API.
https://www.bleepingcomputer.com/news/security/cloud-product-accidentally-exposes-users-tls-certificate-private-keys/

Google enrolled Hardware Secure Module to their Cloud Key Management Service. The customers can use it to store their encryption keys with FIPS 140-2 Level 3 security certified devices from now on.
https://cloud.google.com/hsm/

Microsoft Corp said that Russian hackers are targeting U.S. political groups ahead of November’s congressional elections.
https://www.reuters.com/article/us-usa-russia-hackers/russian-hacking-of-conservative-groups-sites-thwarted-microsoft-idUSKCN1L60I0

The WIRED cover story on how Russian NotPetya malware took down Maersk, the world’s largest shipping firm.
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

Kaspersky Lab published analysis of a sophisticated "Dark Tequila" banking malware which is targeting customers in Mexico and other Latin American nations.
https://securelist.com/dark-tequila-anejo/87528/

NSA successfully cracked and listened for years to encrypted networks of Russian Airlines, Al Jazeera, and other “High Potential” targets.
https://theintercept.com/2018/08/15/nsa-vpn-hack-al-jazeera-sidtoday/

Anonymous targeted Spanish Constitutional Court, economy and foreign ministry websites to support Catalonia separatist drive.
https://securityaffairs.co/wordpress/75509/hacking/anonymous-catalonia.html

Red Teaming/Adversary Simulation Toolkit is a collection of open source and commercial tools that aid in red team operations.
https://github.com/infosecn1nja/Red-Teaming-Toolkit


Comments !