InfoSec Week 11, 2018
Posted
A cyberattack on a Saudi Arabian petrochemical company was probably planed with the physical explosion in mind.
They have attributed Iran, and didn’t mention Stuxnet at all, so a little bit one-sided view of this cyberwarfare exchange.
https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
There is a critical vulnerability in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows. Due to cryptographic flaw, man-in-the-middle attack could allow remote procedure calls attack and data exfiltration against the RDP and WinRM.
https://thehackernews.com/2018/03/credssp-rdp-exploit.html
A vulnerability (CVE-2018-1057) in Samba allows authenticated users to change other users’ password.
https://www.samba.org/samba/security/CVE-2018-1057.html
Kubernetes vulnerability (CVE-2017-1002101) allows containers using subpath volume mounts with any volume type to access files/directories outside of the volume, including the host’s filesystem. Updated version is already available.
https://groups.google.com/forum/m/#!topic/kubernetes-announce/6sNHO_jyBzE
Quite good exchange on the encryption policy and the government backdoor proposals between the US National Academy of Sciences and the Electronic Frontier Foundation. Relevant for all democratic regimes.
https://www.schneier.com/blog/archives/2018/03/two_new_papers_.html
Kaspersky has discovered PlugX remote access tool (RAT) malware installed across the pharmaceutical organizations in Vietnam, aimed at stealing drug formulas and business information.
https://usa.kaspersky.com/about/press-releases/2018_chinese-speaking-apt-actor-caught-spying-on-pharmaceutical-organizations
Encrypted Email Service provider ProtonMail is being blocked by internet service providers in Turkey.
https://protonmail.com/blog/turkey-online-censorship-bypass/
CTS-Labs security researchers has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines.
https://www.anandtech.com/show/12525/security-researchers-publish-ryzen-flaws-gave-amd-24-hours-to-respond
Adam Langley’s blog post about the inability of the TLS 1.3 to snoop on proxy traffic.
https://www.imperialviolet.org/2018/03/10/tls13.html
Hacker Adrian Lamo dies at 37. He was known for his involvement in passing information on whistleblower Chelsea Manning, a former US Army soldier who leaked sensitive information to the WikiLeaks.
http://www.zdnet.com/article/adrian-lamo-hacker-dies/
To find assault suspect, police in the Raleigh, North Carolina used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime in specific time.
http://www.wral.com/to-find-suspects-police-quietly-turn-to-google/17377435/
Kaspersky releases Klara, a distributed system written in Python, designed to help threat intelligence researchers hunt for new malware using Yara rules.
https://github.com/KasperskyLab/klara/
Nice paper about the simple manual cipher that should be resistant against the modern cryptanalysis.
LC4: A Low-Tech Authenticated Cipher for Human-To-Human Communication
https://eprint.iacr.org/2017/339