News

Security Researches Target Nintendo Switch https://twitter.com/qlutoo https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be Dockerscan https://github.com/cr0hn/dockerscan 1 in 5 Websites still rely on SHA-1 Based Certificates http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/ Not All Malware Samples Are Complex https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/ Struts Vulnerability Included in Metasploit https://github.com/rapid7/metasploit-framework/issues/8064 https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage

CIA Leak (note that link lead directly to leaked documents) https://wikileaks.com/ciav7p1/ From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf WordPress Update https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reading Secret Keys From SGX Enclaves https://arxiv.org/abs/1702.08719

Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/ Post Mortem on 911 DDoS Attack https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972 Nextcloud/Owncloud Scanner https://scan.nextcloud.com Western Digital MyCloud Vulnerability https://blog.exploitee.rs/2017/hacking_wd_mycloud/

How Your Pictures Affect Your Website Reputation https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/ De-Obuscating Padded Code https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/ FoxIT PDF Reader Vulnerability https://www.foxitsoftware.com/support/security-bulletins.php#content-2017 Applying SHA1 Shatter Attack To Bittorent https://biterrant.io Gargoyle Memory Scanning Evasion https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html Attacking Synergy Clients https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/

Business E-Mail Compromise and Sender Policy Framework Typos (SPF) https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/ Android Developers Infected With Malware Publishing Malicious Apps http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/ DBLTek GoIP Backdoor https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/ Decrypting Findzip/Patcher Ransomware https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/

LDAP and STARTTLS https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/ Wordpress NextGen Gallery Plugin SQL Injection Vulnerability https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html Password Manager Insecurities https://team-sik.org/trent_portfolio/password-manager-apps/ Slack Insecure Cross Window Messaging https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/

Amazon Cloud IPv4 Reuse Leads to Stray Requests https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129 Amazon S3 Outage https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/ CloudPets Leaks Recordings https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ ESET Antivirus Vulnerability Puts Macs at Risk http://seclists.org/fulldisclosure/2017/Feb/68 Analysis of a Simple PHP Backdoor https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/

Google Chrome TLS 1.3 Update Causes Issues With Bluecoat https://bugs.chromium.org/p/chromium/issues/detail?id=694593 Windows 10 Will Implmenet "Gatekeeper" Like Technology https://twitter.com/vitorgrs/status/835674417602637824 Google Releases E2EMail Chrome Plugin https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html Decrypting SCOM "RunAs" Credentials https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/

Cloudflare Leaks Data https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ IE/Edge Denial of Service https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 "Dynamite Phishing" https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/ Google Credentials Problems https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM

Researchers Find SHA1 Collision https://shattered.io/static/shattered.pdf Arrest Made in Deutsche Telekom DSL Modem Attack https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/

User Centric Mobile Device Security With Stethoscope http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html Fingerprinting Firefox With Intermediate Certificates https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ JudasDNS Attack DNS Proxy https://github.com/mandatoryprogrammer/JudasDNS

Microsoft Releases Flash Patch From Skipped February Update https://technet.microsoft.com/en-us/library/security/MS17-005 Investigating Off-Premise Wireless Behaviour https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/ "Bugdrop" Steals Large Amount of Audio https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/

Hardening Postfix Against FTP Relay Attacks https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/ Kaspersky Examins Mobile Car Apps https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/ Cars "Remember" Prior Owners http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/ Xen Project Reconsidering Vulnerability Disclosure Policy https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/ Stagefright Vulnerability had minimal affect on Android Security https://www.rsaconference.com/speakers/adrian_ludwig

RTRBK: Router, Switch, Firewall Backups in Powershell https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/ Windows EMF Imge 0-Day Memory Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=992 Brazillian Traffic Ticket Malspam https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/ Using XXE To Send E-Mail https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/

AVM Private Key Leak Puts Cable Modems At Risk https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/ OpenSSL Update https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/ Microsoft Update Delayed https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ ANC Attack ASLR Bypass https://www.vusec.net/projects/anc/

How Was Your Stay At The Hotel La Playa https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069 XAgent OS X Malware https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/ Conference Phone Compromise https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/

Microsoft Cancels Patch Tuesday https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/ Adobe Update For Flash https://helpx.adobe.com/security/products/flash-player/apsb17-04.html WebSephere Update http://www-01.ibm.com/support/docview.wss?uid=swg21997743 Operation Kingphish https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk Hacking Node-Serialize http://blog.websecurify.com/2017/02/hacking-node-serialize.html

New Tool: Packettotal.com http://www.packettotal.com What Not To Decrypt When Intercepting SSL https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/ webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277 Simple Static Malware Analyzer https://github.com/secrary/SSMA Critical Firefox for Android Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/ Ubuntu ntfs-3g Privilege Escalation https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 Microsoft Patch Tuesday Changes http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html

Vulnerabilities in Samsung KNOX https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html Auditing MongoDB Configurations https://github.com/stampery/mongoaudit Reversing Javascript https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/ Wordpress REST API Flaw Widely Exploited https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/ Cryptographically Secure PHP Development https://paragonie.com/blog/2017/02/cryptographically-secure-php-development DEV522 Web Application Security Essentials https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials

F5 Big IP Ticketbleed Vulnerability https://filippo.io/Ticketbleed/ CryptoShield Ransomware from Rig EK https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/ Hancitor/Pony Malspam https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/ Apple Retaining Old Browser History Data https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769 Brute Forcing LUKS Passwords https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811