Week 44 In Review – 2016

Events Related

  • Charlie Miller Keynote, Automotive Security: A Hacker’s Eye View – www.youtube.com
    The security of today’s vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today’s vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, and also looks toward the future and onset of autonomous vehicles.
  • BruCON – www.youtube.com
    BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops.

Tools

Techniques

  • AtomBombing: Brand New Code Injection for Windows – breakingmalware.com
    Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.
  • Blocking countries via iptables – room362.com
    With all of the scanning / noise on the Internet, it’s nice to get rid of a large chunk of it simply by blocking an entire country’s worth of IP space. To do that you can simply use a kernel module for iptables called “xtables-addons”. On Debian/Ubuntu it’s pretty easy to get going, just apt-get install the needed perl library and the addons themselves.

Vendor/Software Patches

  • Security updates available for Adobe Flash Player – helpx.adobe.com
    Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Vulnerabilities

  • Major Vulnerability Found in Schneider Electric Unity Pro – threatpost.com
    The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered the vulnerability and issued a report on the flaw Tuesday. Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version. Unity Pro, which runs on Window-based PCs, is used for managing and programing millions of industrial controllers around the world.
  • Details on the Privilege Escalation Vulnerability in Joomla – blog.sucuri.net
    It was fairly easy to figure out where the vulnerable code was, as pretty much all the patch does (with the exception of fixing an additional two factor authentication bug) is basically remove the register method from the UsersControllerUser class.

Other News

  • Webcams used to attack Reddit and Twitter recalled – www.bbc.com
    Chinese electronics firm Hangzhou Xiongmai issued the recall soon after its cameras were identified as aiding the massive web attacks. They made access to popular websites, such as Reddit, Twitter, Spotify and many other sites, intermittent. Security experts said easy-to-guess default passwords, used on Xiongmai webcams, aided the hijacking.
  • Fixing The IoT Isn’t Going To Be Easy – mjg59.dreamwidth.org
    A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there’s no real amount of diversification that can fix this – malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.

 

One Comment

  1. Charles Villanueva February 28, 2017 at 11:35 pm

    Hello guys,

    This might help people interested in getting started in Cybersecurity. We interviewed a bunch of people and asked how they got their break in Cybersecurity (Pentesters, Forensics, Analysts etc) – https://breakingintocybersecurity.com/

    Thanks

Leave A Comment