InfoSec Week 16, 2018
Posted
Google disables domain fronting capability in their App Engine, which was used to evade censorship. What a fortunate timing.
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Bloomberg published article on how Palantir is using the War on Terror tools to track American citizens.
https://www.bloomberg.com/features/2018-palantir-peter-thiel/
Third-party javascript trackers are actively exfiltrating personal identifiers from websites which uses “login with Facebook” button and other such social login APIs.
https://freedom-to-tinker.com/2018/04/18/no-boundaries-for-facebook-data-third-party-trackers-abuse-facebook-login/
The U.S. and the UK blame Russia for a campaign of hacks into routers, switches and other connected infrastructure.
https://www.forbes.com/sites/thomasbrewster/2018/04/16/russia-accused-of-hacking-network-infrastructure/
One of the people charged for the Reveton ransomware trojan was actually working as a Microsoft network engineer.
https://www.bleepingcomputer.com/news/security/microsoft-engineer-charged-in-reveton-ransomware-case/
Intel processors now allow antivirus (mostly Microsoft right now) to Use built-in GPUs for in-memory malware scanning.
https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/
Avast shared CCleaner breach timeline. They were infiltrated via TeamViewer. More than 2.3 million users, 40 companies infected.
https://blog.avast.com/update-ccleaner-attackers-entered-via-teamviewer
Nice blog post about the quantum resistant hash-based signature schemes. No public key cryptography.
https://blog.cryptographyengineering.com/2018/04/07/hash-based-signatures-an-illustrated-primer/
New Android P enables users to change default DNS server, it will also support DNS over TLS.
https://www.androidpolice.com/2018/04/14/google-explains-new-private-dns-setting-android-p/
There is a new web standard for authentication, designed to replace password login method with the public key cryptography and biometrics.
https://www.w3.org/TR/2018/CR-webauthn-20180320/
OpenSSL is vulnerable to a cache timing vulnerability in RSA Key Generation (CVE-2018-0737).
Could be theoretically exploited by some hypervisor, but they have decided not to release emergency fix.
https://mta.openssl.org/pipermail/openssl-announce/2018-April/000122.html
The Endgame has released Ember (Endgame Malware BEnchmark for Research), an open source collection of 1.1 million portable executable file metadata & derived features from the PE files, hashes and a benchmark model trained on those features.
https://github.com/endgameinc/ember