Week 12 In Review – 2016

Events Related

• Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws – securityweek.com
  On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an out-of-bounds issue in Mac OS X.

• Cyphercon 2016 Videos – irongeek.com
  These are the videos from the Cyphercon 2016 conference.

Resources

• Advanced Reconnaissance Framework
  • ARF – github.com
  • Adv Recon Framework – osintframework.com

Tools

• Nmap 7.10 released – nmap.org
  I’m pleased to announce the release of Nmap 7.10 with many great improvements! It’s got 12 new NSE scripts, hundreds of new OS/version fingerprints, and dozens if smaller improvements and bug fixes. And that’s not even counting the changes in Nmap 7.01, which we released in December but I never got around to announcing because I suck at marketing.

• rop_compiler – github.com
  This repository contains my attempts at making a useful, open source, multi-architecture ROP compiler.

• sdrsharp-bladerf – github.com

Vulnerabilities

• The .om Domain Scam
  Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web.
  • Typosquatters Target Mac Users With New ‘.om’ Domain Scam – threatpost.com
  • What does Oman, the House of Cards, and Typosquatting Have in Common? The .om Domain and the Dangers of Typosquatting – endgame.com

• CVE-2016-3115 OpenSSH forced-command and security bypass – eromang.zataz.com
  Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth.

• AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device – researchcenter.paloaltonetworks.com
  What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all.

• Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” – arstechnica.com
  The paper, titled How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware, arrived at that conclusion by testing the integrity of dual in-line memory modules, or DIMMs, using diagnostic techniques that hadn’t previously been applied to finding the vulnerability.

Other News

TP-Link blocks open source router firmware to comply with new FCC rule – news.ycombinator.com