Events Related
- Three Things to Take Away from CanSecWest, Pwn2Own – threatpost.com
Browsers, brokers and BIOS: you could safely call that triumvirate the past, present and future of security, but you’d be wrong. If last week’s CanSecWest conference, and Pwn2Own and Pwnium contests are indeed a point-in-time snapshot of the technical side of information security, then after last week it’s a no-brainer all three merit more than a lackadaisical passing interest. - Financial cryptography 2014 – lightbluetouchpaper.org
Ross Anderson tried to liveblog Financial Cryptography 2014. The sessions of refereed papers blogged in comments to this post.
Resources
- CanSecWest2014 – github.com
It is ga1ois’s slides of CanSecWest2014 : The Art of Leaks: The Return of Heap Feng Shui. - projects ida patcher – hesprawl.org
IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory. The plugin is useful for tasks related to malware analysis, exploit development as well as bug patching.
Tools
- Introducing the iOS Reverse Engineering Toolkit – blog.veracode.com
The iRET toolkit, like any toolkit, is not a panacea for iOS mobile penetration testing. However, it will allow you to automate many of the tasks that are required in analyzing iOS applications. - SANS SIFT 3.0 Virtual Machine Released – digital-forensics.sans.org
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service.
Techniques
- How I got root with Sudo – www.securusglobal.com
During security engagements, we regularly come across servers configured with the privilege management software Sudo. The purpose of this post is to present a series of examples of common mistakes and insecure configurations that Securus have seen and leveraged on production environments during security assessments and how you can make their team’s life that little bit harder.- Interesting comments about this – www.reddit.com
- iClass Is Not Enough – penturalabs.wordpress.com
After patiently stalking eBay and other tech recycling companies; Andy was lucky enough to obtain a single HID RW300 Rev A, this post will walk through the exploit used to obtain the keys, and follow Meriac’s initial research and exploits. - ColdFusion Admin Compromise Analysis (CVE-2010-2861) – blog.spiderlabs.com
In a previous blog post, Ryan Barnett provided “Method of Entry” analysis for a ColdFusion compromise baed on sanitized data from a SpiderLabs IR/Forensics team investigation which resulted in the attacker’s installing a malicious IIS module that captured customer credit card data. In this blog post, he will analyze another ColdFusion compromise that again resulted in customer credit card data being stolen, however the initial vulnerability and exfiltration methods differed.
Vulnerabilities
- Remotely Crashing Bluetooth on Android – blog.lacklustre.net
At CanSecWest last week Mike Ryan demonstrated a remote Bluetooth stack crash in Bluedroid, Android’s Bluetooth stack since Android 4.3. This post briefly describes the bug. - The Long Tail of ColdFusion Fail – krebsonsecurity.com
Earlier this month, Brian Krebs published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. This post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions. - From Windows to Droids: An Insight in to Multi-vector Attack Mechanisms in RATs – fireeye.com
FireEye recently observed a targeted attack on a U.S.-based financial institution via a spear-phishing email. The payload used in this campaign is a tool called WinSpy, which is sold by the author as a spying and monitoring tool. - Wide Gap Between Attackers, BIOS Forensics Research – threatpost.com
Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look for other means onto a system.
Other News
- Google DNS briefly hijacked to Venezuela – arstechnica.com
One of Google’s DNS servers in the US were re-routed through a network in Venezuela. Bad admin or some more malicious act sent requests down the wrong pipe. - TrustWave Acquires Application Scanning Vendor Cenzic – darkreading.com
Trustwave announced the acquisition of Cenzic, Inc. As a result of the acquisition, Trustwave will deliver both static and dynamic security testing as integrated, subscription-based services. - OPERATION WINDIGO: Malware Used To Attack Over 500,000 Computers Daily After 25,000 UNIX Servers Hijacked By Backdoor Trojan – blog.eset.ie
Security researchers at ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing as well as other agencies, have uncovered a widespread cybercriminal campaign that has seized control of over 25,000 Unix servers worldwide.- Operation Windigo – the vivisection of a large Linux server-side credential-stealing malware campaign – welivesecurity.com
ESET discovered an infrastructure used for malicious activities that is all hosted on compromised servers. ESET were also able to find a link between different malicious components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group.
- Operation Windigo – the vivisection of a large Linux server-side credential-stealing malware campaign – welivesecurity.com
- Full Disclosure Security Mailing List Shuts Down – threatpost.com
The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said.
Leave A Comment