InfoSec Week 27, 2018
Posted
Samsung Galaxy S9 and S9+ devices, maybe others, are texting camera photos to random contacts through the Samsung Messages app without user permission.
https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages
Gentoo Linux distribution GitHub repository was compromised. Attacker removed out all the maintainers, who realized the intrusion only 10 minutes after he gained access. He add rm -rf /* to build scripts, changed README and some minor things.
https://wiki.gentoo.org/wiki/Github/2018-06-28
Since January 2017, Stylish browser extension has been augmented with spyware that records every single website that its 2 million other users visit, then sends complete browsing activity back to its servers, together with a unique identifier.
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Digicert Withdraws from the CA Security Council (CASC), because they “feel that CASC is not sufficiently transparent and does not represent the diversity of the modern Certificate Authority (CA) industry. Improving the ecosystem requires broad participation from all interested stakeholders, and many are being excluded unnecessarily.”
Great step Digicert!
https://www.digicert.com/blog/notice-of-withdrawal-from-the-ca-security-council/
CryptoCurrency Clipboard Hijacker malware discovered by Bleeping Computer monitors for more than 2.3 million Bitcoin addresses, then replace them in memory, with the attacker address.
https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/
Local root jailbreak, authorization bypass & privilege escalation vulnerabilities in all ADB broadband routers, gateways and modems. The patch is already available.
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
A Microsoft Security division published an analysis of the malware sample which exploited the Adobe Reader software and the Windows operating system using two zero-day exploits in a single PDF file.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
Blog about why it is not helpful to use the Canvas Defender extension, a browser canvas fingerprinting countermeasure.
https://antoinevastel.com/tracking/2018/07/01/eval-canvasdef.html
Blog about the cryptographic primitives used by the North Korean Red Star operating system. The OS is mostly uses AES-256 Rijndael with dynamic S-Box modifications, but the design is evolving and the latest version of the algorithm has more differences.
https://blog.kryptoslogic.com/crypto/2018/07/03/pyongyang.html
Interesting technique how to bypass web-application firewalls by abusing SSL/TLS. An attacker can use an unsupported SSL cipher to initialize the connection to the webserver which supports that cipher, but the WAF would not be able to identify the attack because it can’t view the data.
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
Good introduction to the Linux ELF file format with some practical examples how sections look like, how to shrink the size during compilation and more.
https://0x00sec.org/t/dissecting-and-exploiting-elf-files/7267