Week 42 In Review – 2015

Events Related

• Videos and Slide Decks from the re:Invent 2015 Security and Compliance Track – blogs.aws.amazon.com
  Whether you want to review a Security and Compliance track session you attended at re:Invent 2015, or you want to experience a session for the first time, videos and slide decks from the Security and Compliance track are now available.

Resources

• Calculating the score – androidvulnerabilities.org
  We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.

• Index of materials / sg2015 – gsec.hitb.org

• Archives – Hardwear.io – hardwear.io

Tools

• USBPcap – USB Packet capture for Windows – desowin.org
  USBPcap is an open-source USB sniffer for Windows.

• XSSTracer – github.com
  XSSTracer is a small python script that checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection.

• New Tool: SprayWMI – Mass WMI Pwnage – github.com
  In the blog post, Justin went through how to leverage wmis and wmic for exploitation methods instead of using PSEXEC.

• Advanced WiFi Attacks Using Commodity Hardware – www.mathyvanhoef.com
  An attacker can also use this equipment to create a constant jammer, which continuously transmits noise, and makes the channel completely unusable.

Vendor/Software Patches

• New zero-day exploit hits fully patched Adobe Flash
  [Updated] – arstechnica.com
  Adobe officials have confirmed this vulnerability affects Flash version 19.0.0.207, which was released on Tuesday. The vulnerability has been cataloged as CVE-2015-7645. The company expects to release a fix next week.

• Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
  Adobe and Microsoft on Tuesday each released security updates to remedy critical vulnerabilities in their software. Adobe pushed patches to plug at least 56 security holes present in Adobe Reader and Acrobat, as well as a fix for Flash Player that corrects 13 flaws.

Vulnerabilities

• Hackers Can Silently Control Siri From 16 Feet Away – www.wired.com
  SIRI MAY BE your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.

• Reverse shell over SMS (Exploiting CVE-2015-5897) – blog.gdssecurity.com
  In our previous post, we looked at a bug that allowed malware running on OS X to make calls on a user’s iPhone without their knowledge. Apple released a patch to fix this bug in OS X 10.10.5 by adding a check for an entitlement that could only be granted by Apple.

• New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries – blog.trendmicro.com
  Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.

• Stored XSS in Askimet
  Developers at Automattic, the parent company behind the blogging platform WordPress, fixed a nasty stored cross-site scripting error this week in Akismet, an anti-spam plugin that figures into millions of websites.
  • WordPress Fixes Critical Stored XSS Error in Akismet – threatpost.com
  • Security Advisory: Stored XSS in Akismet WordPress Plugin – blog.sucuri.net

Other News

• US Cyber Command floats $460m contract to outsource most of itself – www.theregister.co.uk
  The United States’ Cyber Command has floated a $460m contract to outsource pretty much all of its duties, as the nation seeks to bulk up its offensive cyberspace capabilities.

• How to become a pentester – www.corelan.be
  Depending on whom you ask this question, you may get different results or may be told to take a specific approach.  With this post, I am trying to formulate my views on this question (with a focus on the process and not so much on the technical aspect), in an attempt to hopefully provide a good starting point for those that find themselves in a similar situation.