Tech News

Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt Proton Mac OS RAT https://www.cybersixgill.com/proton-a-new-mac-os-rat/ Linux Kernel n_hdlc Privilege Escalation http://seclists.org/oss-sec/2017/q1/569 VMWare Copy/Paste Exploit Fixed https://www.vmware.com/security/advisories/VMSA-2017-0005.html

Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts https://twitter.com/thecounter Telegram and WhatsApp Image Vulnerability http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/ RSA Panel Webcast https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q

Microsoft's Double Patch Tuesday https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/

Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml

Issues With Out Of Date Geo Location Databases https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/ Recovering Mobile Device PINs via Thermal Images http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf Unmasking Randomized MAC Addresses https://arxiv.org/abs/1703.02874v1 Mobile Phone Supply Chain Attacks http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

Struts 2 Update https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/ Exploits Against Haraka Mail Server https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py Android Password Stealing Apps http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/ Drupal Services Module Vulnerability and Exploit https://www.ambionics.io/blog/drupal-services-module-rce https://www.drupal.org/node/2858847

Security Researches Target Nintendo Switch https://twitter.com/qlutoo https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be Dockerscan https://github.com/cr0hn/dockerscan 1 in 5 Websites still rely on SHA-1 Based Certificates http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/ Not All Malware Samples Are Complex https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/ Struts Vulnerability Included in Metasploit https://github.com/rapid7/metasploit-framework/issues/8064 https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage

CIA Leak (note that link lead directly to leaked documents) https://wikileaks.com/ciav7p1/ From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf WordPress Update https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reading Secret Keys From SGX Enclaves https://arxiv.org/abs/1702.08719

Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/ Post Mortem on 911 DDoS Attack https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972 Nextcloud/Owncloud Scanner https://scan.nextcloud.com Western Digital MyCloud Vulnerability https://blog.exploitee.rs/2017/hacking_wd_mycloud/

How Your Pictures Affect Your Website Reputation https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/ De-Obuscating Padded Code https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/ FoxIT PDF Reader Vulnerability https://www.foxitsoftware.com/support/security-bulletins.php#content-2017 Applying SHA1 Shatter Attack To Bittorent https://biterrant.io Gargoyle Memory Scanning Evasion https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html Attacking Synergy Clients https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/

Business E-Mail Compromise and Sender Policy Framework Typos (SPF) https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/ Android Developers Infected With Malware Publishing Malicious Apps http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/ DBLTek GoIP Backdoor https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/ Decrypting Findzip/Patcher Ransomware https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/

LDAP and STARTTLS https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/ Wordpress NextGen Gallery Plugin SQL Injection Vulnerability https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html Password Manager Insecurities https://team-sik.org/trent_portfolio/password-manager-apps/ Slack Insecure Cross Window Messaging https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/

Amazon Cloud IPv4 Reuse Leads to Stray Requests https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129 Amazon S3 Outage https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/ CloudPets Leaks Recordings https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/ ESET Antivirus Vulnerability Puts Macs at Risk http://seclists.org/fulldisclosure/2017/Feb/68 Analysis of a Simple PHP Backdoor https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/

Google Chrome TLS 1.3 Update Causes Issues With Bluecoat https://bugs.chromium.org/p/chromium/issues/detail?id=694593 Windows 10 Will Implmenet "Gatekeeper" Like Technology https://twitter.com/vitorgrs/status/835674417602637824 Google Releases E2EMail Chrome Plugin https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html Decrypting SCOM "RunAs" Credentials https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/

Cloudflare Leaks Data https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ IE/Edge Denial of Service https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 "Dynamite Phishing" https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/ Google Credentials Problems https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM

Researchers Find SHA1 Collision https://shattered.io/static/shattered.pdf Arrest Made in Deutsche Telekom DSL Modem Attack https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/

User Centric Mobile Device Security With Stethoscope http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html Fingerprinting Firefox With Intermediate Certificates https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ JudasDNS Attack DNS Proxy https://github.com/mandatoryprogrammer/JudasDNS

Microsoft Releases Flash Patch From Skipped February Update https://technet.microsoft.com/en-us/library/security/MS17-005 Investigating Off-Premise Wireless Behaviour https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/ "Bugdrop" Steals Large Amount of Audio https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/

Hardening Postfix Against FTP Relay Attacks https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/ Kaspersky Examins Mobile Car Apps https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/ Cars "Remember" Prior Owners http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/ Xen Project Reconsidering Vulnerability Disclosure Policy https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/ Stagefright Vulnerability had minimal affect on Android Security https://www.rsaconference.com/speakers/adrian_ludwig

RTRBK: Router, Switch, Firewall Backups in Powershell https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/ Windows EMF Imge 0-Day Memory Leak https://bugs.chromium.org/p/project-zero/issues/detail?id=992 Brazillian Traffic Ticket Malspam https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/ Using XXE To Send E-Mail https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/