Tech News

Juniper/Cisco Updates Regarding #NSA Exploits https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ Wildfire Ransomware Takedown and Key Recovery https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/ "Sandscout" tool to exploit iOS Sandbox Vulnerabilities http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German) Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn) http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html

Voicemail Message Notification Deliver Ransomware https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/ Updates Microsoft Word Bulletin https://support.microsoft.com/en-us/kb/3179163 Multiple BTS Software Vulnerabilities https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/ Popular HTTP Proxies Vulnerable to Cache Poisoning https://hostoftroubles.com

Multiple Vulnerabilities in BHU Router http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html Smart Socket Vulnerability https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/ Smart Security Cameras are Spying on You http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e Veracrypt 1.18a With Limited UEFI Support https://veracrypt.codeplex.com/releases/view/625477

GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316) https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Wikileaks Leaked E-Mail Includes Malware https://github.com/bontchev/wlscrape/blob/master/malware.md Android Vulnerable to TCP Connection Hijack https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/ Cerber Ransomware Decryption Tool No Longer Operational https://www.cerberdecrypt.com/RansomwareDecryptionTool/

One Compromised Site - 2 Exploit Campaigns https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/ Shadow Broker Leak Vendor Responses https://blogs.cisco.com/security/shadow-brokers http://fortiguard.com/advisory/FG-IR-16-023 Google Releases OS X Whitelisting Application https://github.com/google/santa/wiki

522 Error Code For the Win https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/ Short PGP Keys Abused in the Wild https://news.ycombinator.com/item?id=12296974 HTTP "FalseConnect" Vulnerability http://www.kb.cert.org/vuls/id/905344

Cryptoanalysis of a Fully Homomorphic Encryption Scheme http://eprint.iacr.org/2016/775.pdf Recreating Android App Displays from Memory https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf Various Router Exploits Released https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu

Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1 https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ Updated Group Policies To Block Macros in Office 2013 https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/ Bypassing Application Whitelisting using WinDbg http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html Bypassing UAC without writing to disk https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/

Most Android Devices Protected From Quadrooter By Default http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits Dangers of IP Geolocation https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/ Microsoft Secure Boot Key Bypass https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)

Bling Spoofing of TCP Connections CVE-2016-5696 http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf Fingerprinting TLS Using TShark https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/ Forensics Artifcats on iOS Messaging Apps https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/ Vulnerable VW Remote Keyless Unlock https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia

MSFT Patch Tuesday Summary https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/ Adobe Patch for Adobe Experience Manager https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html Avast Anti Virus Conflict With Windows 10 Anniversary Update https://forum.avast.com/index.php?topic=189403.0

Using File Entropy to Identify "Ransomwared" Files https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/ Bypassing Windows Digital Signatures https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf Quadrooter Android Vulnerability http://blog.checkpoint.com/2016/08/07/quadrooter/ Defcon Slides Online https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/ Philips Hue Exploit (Video) http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf

Analyzing Malicious RTF Files https://isc.sans.edu/forums/diary/rtfdump/21347/ Monitors Vulnerable To Remote Code Execution http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels Brute Forcing Encrypted Hard drive Protections https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf What is Using Your Webcam http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/

Surge in Scans for Netis Router https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/ iPhone Thieves Use Targeted Phishing https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk NUUO/ReadyNAS Video Recorder Vulnerabilities https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt mixed-blend-mode Browser History Leak https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html

The Dark Side of Certificate Transparency https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/ Ouch Security Awareness Newsletter https://securingthehuman.sans.org/resources/newsletters/ouch/2016 HTTP/2 Vulnerabilities http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf

Windows 10 Aniversary Update Feedback https://kc.mcafee.com/corporate/index?page=content&id=KB87536 Android Updates https://source.android.com/security/bulletin/2016-08-01.html Unlocking Murder Victim Phone With Printed Fingerprint http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/ signout.live.com remote code execution vulnerability http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html Edge/IE Still Leak NTLM Credentials (since 1997!) hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)

Are You Getting I-CANNED? https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/ Windows 10 Anniversary Edition https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/ Pangu Jailbreak Leading To Compromised Accounts? https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/ https://twitter.com/PanguTeam/status/759729314577342468 SANS Boston "Security Impact of IPv6" https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box

rtfobj Update https://isc.sans.edu/forums/diary/rtfobj/21317/ Comodo SSL Certificates Mixup https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html SwiftKey Keyboard May Leak Private Data to Other Users https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/ New Version of OPNSense Released https://forum.opnsense.org/index.php?topic=3428.0 WhatsApp Does Not Delete All Chats http://www.zdziarski.com/blog/?p=6143

Verifying SSL/TLS Certificates Manually https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/ LastPass Security Updates https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ Android Linux Kernel Defenses https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html Update to ISC Suspicious Domain List https://isc.sans.edu/suspicious_domains.html

Linux Bot Analysis https://isc.sans.edu/forums/diary/Analyze+of+a+Linux+botnet+client+source+code/21305/ Critical XEN PV Guests Vulnerability https://isc.sans.edu/forums/diary/Critical+Xen+PV+guests+vulnerabilities/21307/ LastPass Vulnerability https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ Chimera Ransomware Keys Leaked https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/ Fiat/Chrysler Software Recall http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected?preview=true Defending Web Applications Security Essentials (DEV522) in Vegas! https://www.sans.org/event/network-security-2016/course/defending-web-applications-security-essentials