InfoSec Week 42, 2018

Posted on 19 October 2018
SUBSCRIBE TO A WEEKLY NEWSLETTER!

The Czech Security Intelligence Service (BIS) shuts down Hezbollah servers in the Hezbollah hacking operation. Hackers used female Facebook profiles to trick victims into installing spyware.
https://www.zdnet.com/article/czech-intelligence-service-shuts-down-hezbollah-hacking-operation/

More than 420K compromised MikroTik routers can be found on the Internet with half of them mining cryptocurrencies, according to the results of Censys scanner.
Also, there is anonymous gray-hat researcher patching them remotely.
https://twitter.com/bad_packets/status/1050533001824595968
https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/

Fake Adobe updates are circulating that will actually update the Windows version of a plugin on your computer, but also install cryptocurrency mining malware.
https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

According to a new research, if you're an American of European descent, there's a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. https://www.schneier.com/blog/archives/2018/10/how_dna_databas.html

The Pentagon travel system has been hacked. Personal information and credit card data of at least 30K U.S. military and civilian personnel are affected.
https://www.militarytimes.com/news/your-military/2018/10/12/pentagon-reveals-cyber-breach-of-travel-records/

A PoC exploit for a Windows (CVE-2018-8495) remote code execution vulnerability that can be exploited via Microsoft Edge has been published.
https://leucosite.com/Microsoft-Edge-RCE/

There is a serious SSH bug discovered in LibSSH library.
Basically a client can bypass the authentication process by telling the server to set the internal state machine maintained by the library to authenticated.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Electron just merged fix enabling position independent executable build (PIE) on Linux, so all Electron-Apps on Linux can soon leverage Address space layout randomization (ASLR) protection.
https://github.com/electron/electron/pull/15148

On this site, you can find "every byte of a TLS connection explained and reproduced".
Really interesting project.
https://tls.ulfheim.net/

Researcher Lance R. Vick started a spreadsheet to compare relative security, privacy, compatibility, and features of various messenger systems.
https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/edit

Recorded Future published analysis of a Russian and Chinese illegal hacking Communities.
https://www.recordedfuture.com/russian-chinese-hacking-communities/

Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on a network from learning users browsing history.
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/

Swedish kids can read about the DNSSEC on a milk carton.
https://twitter.com/recollir/status/1051480941171003392/photo/1


Comments !