InfoSec Week 36, 2017

Posted on 14 September 2017
SUBSCRIBE!

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link routers.
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html

There is a new research paper published on a security of a Bluetooth stack named "The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks." Really alarming vulnerabilities discussed.
From a paper: "BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware to other devices. The attack does not require the targeted device to be set on discoverable mode or to be paired to the attacker’s device."
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf

FireEye has analyzed a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability leveraged by attackers to distribute notoriously known FinFisher / FINSPY malware.
I have included exploit example that is published on a GitHub.
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://github.com/Voulnet/CVE-2017-8759-Exploit-sample

Kaspersky Labs have analyzed the trend of malicious cryptocurrency mining practices on an infected machines.
https://securelist.com/miners-on-the-rise/81706/

The Android BankBot malware found on Google Play store is targeting multiple UAE banking applications.
http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-play-targets-ten-new-uae-banking-apps

Good analysis of how the JavaScript framework can be abused to bypass XSS mitigations, specifically NoScript’s XSS filter.
http://blog.portswigger.net/2017/09/abusing-javascript-frameworks-to-bypass.html

NSA had developed the capability to decrypt and decode Kazaa and eDonkey file-sharing apps traffic to determine which files are being shared, and what queries are being performed over those P2P networks.
https://theintercept.com/2017/09/13/nsa-broke-the-encryption-on-file-sharing-apps-kazaa-and-edonkey/

Formally verified implementation of Curve25519 made it into Firefox 57. And it is 20% faster on 64-bit architectures.
https://blog.mozilla.org/security/2017/09/13/verified-cryptography-firefox-57/

A nice curated list of IDA plugins.
https://github.com/onethawt/idaplugins-list


Comments !