Week 44 In Review – 2016

Events Related

• Charlie Miller Keynote, Automotive Security: A Hacker’s Eye View – www.youtube.com
  The security of today’s vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today’s vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, and also looks toward the future and onset of autonomous vehicles.

• BruCON – www.youtube.com
  BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops.

Tools

• github.io – github.com

Techniques

• AtomBombing: Brand New Code Injection for Windows – breakingmalware.com
  Here’s a new code injection technique, dubbed AtomBombing, which exploits Windows atom tables and Async Procedure Calls (APC). Currently, this technique goes undetected by common security solutions that focus on preventing infiltration.

• Blocking countries via iptables – room362.com
  With all of the scanning / noise on the Internet, it’s nice to get rid of a large chunk of it simply by blocking an entire country’s worth of IP space. To do that you can simply use a kernel module for iptables called “xtables-addons”. On Debian/Ubuntu it’s pretty easy to get going, just apt-get install the needed perl library and the addons themselves.

Vendor/Software Patches

• Security updates available for Adobe Flash Player – helpx.adobe.com
  Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Vulnerabilities

• Major Vulnerability Found in Schneider Electric Unity Pro – threatpost.com
  The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered the vulnerability and issued a report on the flaw Tuesday. Mille Gandelsman, CTO of Indegy, called the vulnerability a “major concern” and urged anyone running Unity Pro software to update to the latest version. Unity Pro, which runs on Window-based PCs, is used for managing and programing millions of industrial controllers around the world.

• Details on the Privilege Escalation Vulnerability in Joomla – blog.sucuri.net
  It was fairly easy to figure out where the vulnerable code was, as pretty much all the patch does (with the exception of fixing an additional two factor authentication bug) is basically remove the register method from the UsersControllerUser class.

• Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back – threatpost.com
  The Mirai botnet apparently has a weakness that could shut down its ability to flood targets with HTTP requests. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back.

• There’s a new way to take down drones, and it doesn’t involve shotguns – arstechnica.com
  Now, a researcher has demonstrated a significantly more subtle and proactive remedy that doesn’t involve shotgun blasts or after-the-fact arrests by law enforcement. It’s a radio transmitter that seizes complete control of nearby drones as they’re in mid-flight.

Other News

• Webcams used to attack Reddit and Twitter recalled – www.bbc.com
  Chinese electronics firm Hangzhou Xiongmai issued the recall soon after its cameras were identified as aiding the massive web attacks. They made access to popular websites, such as Reddit, Twitter, Spotify and many other sites, intermittent. Security experts said easy-to-guess default passwords, used on Xiongmai webcams, aided the hijacking.

• Fixing The IoT Isn’t Going To Be Easy – mjg59.dreamwidth.org
  A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there’s no real amount of diversification that can fix this – malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.