Resources
- House of Keys: 9 Months later… 40% Worse – blog.sec-consult.com
In our initial study we analyzed SSH host key use as well. Unfortunately there is no recent scan data on SSH host keys available (however there is a ticket over at the awesome ZMap project).
Tools
- FaceWhisperer – github.com
FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel analysis tool, for working with devices that primarily communicate over USB.
- What is RFtap? – rftap.github.io
RFtap is a simple protocol designed to provide Radio Frequency (RF) metadata about packets
Techniques
- Snagging creds from locked machines – room362.com
Basically the capturing is done with Laurent Gaffié’s Responder so you need to find a way to get Responder onto the device.
- NexMon
NexMon is a firmware patching framework for the BCM4339 WiFi firmware of Nexus 5 smartphones. It’s main intension was to enable monitor mode and frame injection, which is already working quite well.- bcm-public – dev.seemoo.tu-darmstadt.de
- bcm-rpi3 – dev.seemoo.tu-darmstadt.de
Vulnerabilities
- Google Hacker Finds Way To Exploit Yet Another ‘Stagefright’ Bug – motherboard.vice.com
Last summer, a security researcher found that a series of bugs in a core part of the Android operating system could be abused to hack users with a simple multimedia message, potentially giving hackers full control of the phone before the target even saw the message notification.
- Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives – news.softpedia.com
A malware variant named Mal/Miner-C (also known as PhotoMiner) is infecting Internet-exposed Seagate Central Network Attached Storage (NAS) devices and using them to infect connected computers to mine for the Monero cryptocurrency.
Other News
- Hacking Your Phone – www.cbsnews.com
Sharyn Alfonsi reports on how cellphones and mobile phone networks are vulnerable to hacking
- Announcing the First Federal Chief Information Security Officer – www.whitehouse.gov
In February, President Obama announced a Cybersecurity National Action Plan (CNAP) that takes a series of short-term and long-term actions to improve our cybersecurity posture within the Federal Government and across the country.
[…] post Week 37 In Review – 2016 appeared first on Infosec […]