Week 41 In Review – 2015

Events Related

• hardwear.io Conference
  Jumping right in with the keynote of Day 1 by Jon Callas and my favorite quote “Make your devices fixable”. Enough said.
  • Conference Day 1 – www.insinuator.net
  • Conference Day 2 – www.insinuator.net
  • Applied Physical Attacks on x86 Systems – www.insinuator.net

• GrrCON 2015 Videos – www.irongeek.com
  Videos of the presentations from GrrCON 2015

Resources

• Software Defined Radio with HackRF – greatscottgadgets.com

• Threat Spotlight: Cisco Talos thwarts access to massive international exploit kit generating $60M annually from Ransomware alone – talosintel.com
  Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit. Angler is one of the largest exploit kit found on the market and has been making news as it has been linked to several high profile malvertising/ransomware campaigns.

• The SHAppening: freestart collisions for SHA-1 – sites.google.com
  This website contains latest news and background information regarding the SHA-1 freestart collision work from Marc Stevens (CWI, the Netherlands), Pierre Karpman (Inria, France and NTU Singapore) and Thomas Peyrin (NTU Singapore).

Tools

• HoneyPress – github.com
  WordPress honeypot in a docker container running Naxsi WAF in learning mode

• bettercap – github.com
  A complete, modular, portable and easily extensible MITM framework.

• New Metasploit Tools
  Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate.
  • MSU Finder – github.com
  • bat – github.com

Techniques

• How I could hack internet bank accounts of Danish largest bank in a few minutes – sijmen.ruwhof.net
  Seemed like quite a lot of Danish bank have terrible HTTPS connection security (scoring a F on Qualys SSL Labs). That’s a bad sign and my gut feeling was telling me that this wouldn’t be the only security vulnerability they would have.

Vulnerabilities

• Is there an Internet-of-Things vigilante out there? – www.symantec.com
  Wifatch compromises routers and other Internet of Things devices and appears to try and improve infected devices’ security.

• Security advisory: Stored XSS in Jetpack – blog.sucuri.net
  The vulnerability affects users of Jetpack version lower or equal to 3.7 that uses the contact form module present in the plugin (it is activated by default).

• Patreon got hacked.
  Yesterday Patreon, which is a funding platform for artists and creators, went out with a Security Notice about a compromise happening on the 28th of September on one of their debug versions which was publicly available.
  • Gigabytes of user data from hack of Patreon donations site dumped online – arstechnica.com
  • How Patreon got hacked – Publicly exposed Werkzeug Debugger – labs.detectify.com

• YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs – researchcenter.paloaltonetworks.com
  We recently identified a new Apple iOS malware and named it YiSpecter. YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors.

• New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords – thehackernews.com
  Researchers from security vendor Cybereason discovered a suspicious DLL file loaded into the company’s OWA server that siphoned decrypted HTTPS server requests.

• Brute Force Amplification Attacks Against WordPress XMLRPC – blog.sucuri.net
  Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now.

• Critical Netgear Router Exploit allows anyone to Hack You Remotely – thehackernews.com
  Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices. This week, we reported about a Vigilante Hacker, who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password.

Other News

• DOD now requires contractors to report hacks – thehill.com
  According to a notice published in Friday’s Federal Register, DOD contractors are now mandated to report “cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system.”

• California Now Has the Nation’s Best Digital Privacy Law – www.wired.com
  California continued its long-standing tradition for forward-thinking privacy laws today when Governor Jerry Brown signed a sweeping law protecting digital privacy rights.

• Trans-Pacific Partnership (TPP)
  Car hackers, farmers fixing their high-tech tractors, and teenage DVD rippers; all over the world, these digital tinkerers could have their devices seized and destroyed by the authorities thanks to provisions in the newly-minted Trans-Pacific Partnership trade deal.
  • White Hat Hackers Would Have Their Devices Destroyed Under the TPP – motherboard.vice.com
  • The Final Leaked TPP Text is All That We Feared – www.eff.org

• In a first, Chinese hackers are arrested at the behest of the U.S. government – www.washingtonpost.com
  The Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government — an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.

• Infosec is good people – blog.erratasec.com
  For all that we complain about drama in our community, we are actually good people. At a small conference yesterday, I met “Kath”. She just got her degree in advertising, but has become disillusioned.