InfoSec Week 30, 2018
Researchers from the Palo Alto Networks analyzed new Mirai and Gafgyt IoT/Linux botnet campaigns. The samples used more than 11 exploits for spreading, exploiting D-Link, Dasan GPON routers.
Posted
#Weekly-News
Researchers from the Palo Alto Networks analyzed new Mirai and Gafgyt IoT/Linux botnet campaigns. The samples used more than 11 exploits for spreading, exploiting D-Link, Dasan GPON routers.
Posted
#Weekly-News
The academics have mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The novel part is that they are using real map data to generate plausible malicious instructions.
Posted
#Weekly-News
Hackers have poisoned the Arch Linux PDF reader package named “acroread” that was found in a user-provided Arch User Repository (AUR). They have put downloader malware inside.
Posted
#Weekly-News
Samsung Galaxy S9 and S9+ devices, maybe others, are texting camera photos to random contacts through the Samsung Messages app without user permission.
Posted
#Weekly-News
A reverse shell connection is possible from an OpenVPN configuration file. So be cautious and treat ovpn files like shell scripts.
Posted
#Weekly-News
Marcus Brinkmann demonstrated how some configuration options in the GnuPG allow remote attackers to spoof arbitrary signature. He used the embedded “filename” parameter in OpenPGP literal data packets, together with the verbose option set in their gpg.conf file.
Posted
#Weekly-News
Yet another high severity attack against the Intel CPUs. Unpatched systems can leak SIMD, FP register state between privilege levels. These registers are used for private keys nowadays. The cost of a patch is more expensive context switches because the fix has to unload and reload all SIMD, FP state.
Posted
#Weekly-News
Australian government drafts new laws, that will force technology giants like Facebook, Google to give government agencies access to encrypted data.
Posted
#Weekly-News
Google Pixel 2 devices implement insider attack resistance in the tamper-resistant hardware security module that guards the encryption keys for user data. It is not possible to upgrade the firmware that checks the user's password unless you present the correct user password.
Posted
#Weekly-News
500,000 routers in more than 50 countries are infected with the malware targeting routers. Primarily home devices like Linksys, MikroTik, NETGEAR and TP-Link. Cisco's Talos Security attributed malware to the future Russian cyber operations against the Ukraine. The US FBI agents seize control of the botnet.
Posted
#Weekly-News
Major (probably not only) US cell carriers are selling access to the real-time phone location data. Because, you know the Electronic Communications Privacy Act only restricts telecommunication companies from disclosing data to the government, it doesn't restrict disclosure to other companies. Which can resell back to the gov. Hacker News discussion on a topic is quite informative.
Posted
#Weekly-News
There is a first ransomware which is taking advantage of a new Process Doppelgänging fileless code injection technique. Working on all modern versions of Microsoft Windows, since Vista. This variant of a known SynAck ransomware is using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process.
Posted
#Weekly-News