InfoSec Week 42, 2018
Posted
The Czech Security Intelligence Service (BIS) shuts down Hezbollah servers in the Hezbollah hacking operation. Hackers used female Facebook profiles to trick victims into installing spyware.
https://www.zdnet.com/article/czech-intelligence-service-shuts-down-hezbollah-hacking-operation/
More than 420K compromised MikroTik routers can be found on the Internet with half of them mining cryptocurrencies, according to the results of Censys scanner.
Also, there is anonymous gray-hat researcher patching them remotely.
https://twitter.com/bad_packets/status/1050533001824595968
https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/
Fake Adobe updates are circulating that will actually update the Windows version of a plugin on your computer, but also install cryptocurrency mining malware.
https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/
According to a new research, if you’re an American of European descent, there’s a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. https://www.schneier.com/blog/archives/2018/10/how_dna_databas.html
The Pentagon travel system has been hacked. Personal information and credit card data of at least 30K U.S. military and civilian personnel are affected.
https://www.militarytimes.com/news/your-military/2018/10/12/pentagon-reveals-cyber-breach-of-travel-records/
A PoC exploit for a Windows (CVE-2018-8495) remote code execution vulnerability that can be exploited via Microsoft Edge has been published.
https://leucosite.com/Microsoft-Edge-RCE/
There is a serious SSH bug discovered in LibSSH library.
Basically a client can bypass the authentication process by telling the server to set the internal state machine maintained by the library to authenticated.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Electron just merged fix enabling position independent executable build (PIE) on Linux, so all Electron-Apps on Linux can soon leverage Address space layout randomization (ASLR) protection.
https://github.com/electron/electron/pull/15148
On this site, you can find “every byte of a TLS connection explained and reproduced”.
Really interesting project.
https://tls.ulfheim.net/
Researcher Lance R. Vick started a spreadsheet to compare relative security, privacy, compatibility, and features of various messenger systems.
https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/edit
Recorded Future published analysis of a Russian and Chinese illegal hacking Communities.
https://www.recordedfuture.com/russian-chinese-hacking-communities/
Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on a network from learning users browsing history.
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Swedish kids can read about the DNSSEC on a milk carton.
https://twitter.com/recollir/status/1051480941171003392/photo/1