InfoSec Week 2, 2018
Posted
New research has found a flaw in a group messaging part of a Signal protocol used by Signal, WhatsApp and Threema. It’s hardly exploitable, but the server (attacker) could be, in some theoretical scenario, able to silently join an encrypted group chat.
https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/
Janit0r, author of the mass internet scanning campaign known as Internet Chemotherapy, released two more blogs about the campaign. Interesting.
http://depastedihrn3jtw.onion.link/show.php?md5=ee7136ac48fa59fba803b9fbcbc6d7b9
http://depastedihrn3jtw.onion.link/show.php?md5=7e7bfe406315f120d8ed325ffb87670b
A tale about the npm package which crawled user entered credit card information from the websites. It is a work of fiction, but published few hours after dozens of npm packages stopped working due to missing dependencies… Scary.
https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
HC7 Planetary Ransomware is probably the first known ransomware asking for Ethereum as a ransom payment. It’s for Windows users only.
https://www.bleepingcomputer.com/news/security/hc7-planetary-ransomware-may-be-the-first-to-accept-ethereum/
There is a hardwired network backdoor in the Western Digital MyCloud drives (user: mydlinkBRionyg, password: abc12345cba). Vendor probably patched it six months after reported.
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
https://twitter.com/dragosr/status/949822668563365889
Wi-Fi Protected Access III - WPA3 will be forced on a marked this year. Hopefully a lot of security enhancements to wi-fi protocol will be delivered by the WPA3-certified devices.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
Let’s Encrypt certification authority has temporarily disabled TLS-SNI-01 authorization challenge due to reported exploitation technique possible on a shared hosting infrastructure.
https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996
Google Cloud security engineers reported remote code execution vulnerability in the AMD Platform Security Processor.
http://seclists.org/fulldisclosure/2018/Jan/12
Brian Krebs wrote a blog about the flourishing online markets with the stolen credentials.
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/
VirusTotal has a new feature, a visualization tool for the relationship between files, URLs, domains and IP addresses.
http://blog.virustotal.com/2018/01/virustotal-graph.html
A Meltdown vulnerability proof of concept for reading passwords out of Google Chrome browser.
https://github.com/RealJTG/Meltdown