InfoSec Week 30, 2018
Posted
Researchers from the Palo Alto Networks analyzed new Mirai and Gafgyt IoT/Linux botnet campaigns. The samples used more than 11 exploits for spreading, exploiting D-Link, Dasan GPON routers.
https://researchcenter.paloaltonetworks.com/2018/07/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns/
Brian Krebs published a blog post about the current status of the Universal 2nd Factor (U2F) support. Google practically eliminated employee phishing by introducing mandatory usage of the physical security keys.
https://krebsonsecurity.com/2018/07/google-security-keys-neutered-employee-phishing/
There is a new module for the CHIPSEC Security Assessment Framework to check CPU USB debug features and host Direct Connection Interface (DCI), which can be used to modify system firmware with physical access and introduce “Evil Maid” firmware attacks.
https://blog.eclypsium.com/2018/07/23/evil-mai%EF%BB%BFd-firmware-attacks-using-usb-debug/
Chinese police arrested malware developers for hacking millions of computers to steal $2 million in cryptocurrencies.
https://www.ccn.com/chinese-police-arrest-malware-developers-who-hacked-2-million-in-crypto/
Paper on a new Spectre variant called SpectreRSB was published with the name “Spectre Returns! Speculation Attacks using the Return Stack Buffer”.
According to a paper „none of the known defenses including Retpoline and Intel’s microcode patches stop all SpectreRSB attacks.“
https://arxiv.org/abs/1807.07940
The source code of an Exobot Android Banking Trojan has been leaked online back in May has rapidly spread in the malware community.
https://www.bleepingcomputer.com/news/security/source-code-for-exobot-android-banking-trojan-leaked-online/
Because of insufficient validation of parameters in many Bluetooth implementations, attackers can inject invalid elliptic curve parameters which aren’t checked by many implementations in an invalid public key making session keys vulnerable.
https://www.kb.cert.org/vuls/id/304725
The Cisco Talos security team found multiple vulnerabilities, including remote code execution vulnerability in the Sony IPELA E series network camera. https://blog.talosintelligence.com/2018/07/sony-ipela-vulnerability-spotlight-multiple.html
NSA declassified papers from John Tiltman, one of Britain’s top cryptanalysts during the Second World War, which reveal how pre-world war 2 Brits analyzed and decrypted Russian cryptography.
https://www.theregister.co.uk/2018/07/19/russia_one_time_pads_error_british/