InfoSec News 20191105

  • Publicado: Ter, 05/11/2019 - 11:11

Top News

  • Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam

"Smart voice assistants can be hijacked by attackers using lasers to send them remote, inaudible commands."

Link

TLP1 : Green

  • Phony HTTPS Everywhere Extension Used in Fake Tor Browser

"ESET researchers recently discovered a false “trojanized” version of Tor Browser that collectively stole $40,000 USD in Bitcoin."

Link

TLP1 : Green

  • 'More than £3,000 was spent on my account': Victims of Amazon fraud battle for refunds as the online shopping giant blames them

"Two Amazon customers have revealed how they've been left out of pocket after fraudsters went on a spending spree via their accounts."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • US grounds Chinese-made drones as part of security review

"Adding to the growing chorus of concern about Chinese technology and potential espionage, the US Department of the Interior (DOI) announced on Wednesday that it’s grounding all Chinese-made drones or drones with Chinese-made parts as it reviews its drone program."

Link

TLP1 : Green

  • Undercover reporter tells all after working for a Polish troll farm

"Investigative journalist Katarzyna Pruszkiewicz spent six months working undercover, creating fake social media accounts and sending them out to troll on either side of the political spectrum, for Cat@Net – a troll farm in Wroclaw, Poland that calls itself an “ePR firm.”"

Link

TLP1 : Green

  • Russia’s sovereign internet law comes into force

"The Russian government calls it the “sovereign internet” law and from 1 November it compels the country’s ISPs to forward all data arriving and departing from their networks through special gateway servers."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  •  Attack on Indian Ed Tech Firm Exposes 687K Users

"An Indian ed tech provider suffered a serious data breach months ago impacting hundreds of thousands of customers, but is only now informing them of the incident."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

"Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720. Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux and we recommend all Chrome users to update to this latest version as soon as possible! "

Link

TLP1 : Green

  • Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet

"A look into how Trik spreads Nemty, as well as some key updates made to the latest version of the ransomware."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Incident Response Ransomware Series – Part 3

"Once ransomware is found on a system, it is absolutely necessary to contain the system as soon as possible. Ransomware often encrypts local files first and then moves to files on shared folders; some ransomware, like CryptoFortress, will even scan for and encrypt files on open network shares. Therefore, it is imperative that systems with ransomware on them are quickly contained. Containment is the process of stopping the spread, additional impact, or continued damage of an incident. In a ransomware incident, the best way to contain a system is to isolate it and take it offline."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting

"ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. "

Link

TLP1 : Green

  • Retro shellcoding for current threats: rebinding sockets in Windows

"In March 2013, researchers from Malware.lu CERT published a report about APT1 in which they describe how they designed a custom shellcode to maintain access to the bad guys' infrastructure who used Poison Ivy to infect their victims. Initially, they run a standard stager (reverse shell) to gain access to the Poison Ivy server; however the attackers detected connections from their C2 server without going through its proxy identifying this way the intrusion. In order to stay stealth the people of Malware.lu crafted a shellcode to reuse the Poison Ivy socket and thus be able to connect to it through their proxy imitating a legitimate malware infection. Cool! Related to this last example, and continuing with the one-way shellcodes saga, I would like to share a shellcode to rebind sockets."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News