InfoSec Week 34, 2018
Posted
If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.
https://raymii.org/s/blog/Linux_on_Microsoft_Azure_Disable_this_built_in_root_access_backdoor.html
There is a good blog post by Stuart Schechter about the dark side of the two factor authentication. Highly recommended reading.
https://medium.com/@stuartschechter/before-you-turn-on-two-factor-authentication-27148cc5b9a1
Great research by Eyal Ronen, Kenneth G. Paterson and Adi Shamir demonstrate that adopting pseudo constant time implementations of TLS are not secure against the modified Lucky 13 attack on encryption in CBC-mode. Tested against four fully patched implementations of TLS - Amazon’s s2n, GnuTLS, mbed TLS and wolfSSL.
https://eprint.iacr.org/2018/747
Traefik, popular open source reverse proxy and load balancing solution is leaking (CVE-2018-15598) TLS certificate private keys via API.
https://www.bleepingcomputer.com/news/security/cloud-product-accidentally-exposes-users-tls-certificate-private-keys/
Google enrolled Hardware Secure Module to their Cloud Key Management Service. The customers can use it to store their encryption keys with FIPS 140-2 Level 3 security certified devices from now on.
https://cloud.google.com/hsm/
Microsoft Corp said that Russian hackers are targeting U.S. political groups ahead of November’s congressional elections.
https://www.reuters.com/article/us-usa-russia-hackers/russian-hacking-of-conservative-groups-sites-thwarted-microsoft-idUSKCN1L60I0
The WIRED cover story on how Russian NotPetya malware took down Maersk, the world’s largest shipping firm.
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Kaspersky Lab published analysis of a sophisticated “Dark Tequila” banking malware which is targeting customers in Mexico and other Latin American nations.
https://securelist.com/dark-tequila-anejo/87528/
NSA successfully cracked and listened for years to encrypted networks of Russian Airlines, Al Jazeera, and other “High Potential” targets.
https://theintercept.com/2018/08/15/nsa-vpn-hack-al-jazeera-sidtoday/
Anonymous targeted Spanish Constitutional Court, economy and foreign ministry websites to support Catalonia separatist drive.
https://securityaffairs.co/wordpress/75509/hacking/anonymous-catalonia.html
Red Teaming/Adversary Simulation Toolkit is a collection of open source and commercial tools that aid in red team operations.
https://github.com/infosecn1nja/Red-Teaming-Toolkit