InfoSec Week 49, 2018
Posted
Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview).
The new WebAuthentication as implemented supports USB-based CTAP2 devices.
https://webkit.org/blog/8517/release-notes-for-safari-technology-preview-71/
Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
https://gravitational.com/blog/kubernetes-websocket-upgrade-security-vulnerability/
https://github.com/evict/poc_CVE-2018-1002105
British Telecom will not use Huawei’s 5G kit within the core of the network due to security concerns.
https://www.bbc.com/news/technology-46453425
Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
https://mobile.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944
US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
https://nsarchive.gwu.edu/briefing-book/cyber-vault/2018-12-04/cyber-brief-cryptolog
Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger’s attack.
The research with a name “The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations” also includes a TLS 1.3 downgrade attack.
http://cat.eyalro.net/
Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an “encryption”. Author was probably identified because he registered domain to his own name.
https://movaxbx.ru/2018/12/05/ransomware-infects-100k-pcs-in-china-demands-wechat-payment/
It looks like 13 years old Virut botnet is resurrected in the wild.
https://chrisdietri.ch/post/virut-resurrects/
Great blog on how guy scammed the scammer to send him photo of his ID.
https://medium.com/@hackerfantastic/scamming-the-scammers-2fb934099ccc
Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
https://motherboard.vice.com/en_us/article/59vwez/nearly-250-pages-of-devastating-internal-facebook-documents-posted-online-by-uk-parliament
A User Data of the question-and-answer website Quora were compromised.
https://help.quora.com/hc/en-us/articles/360020212652
The records of 500 million customers of the Marriott International hotel group were compromised.
https://www.bbc.com/news/technology-46401890
Interesting revisited paper: “From Keys to Databases – Real-World Applications of Secure Multi-Party Computation.”
https://eprint.iacr.org/2018/450
GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.
https://github.com/mthbernardes/GTRS