This Week In Security #2

This Week In Security #2

Security is looking past what you know. With new threats and vulnerabilities found every day we’ll try to give you an organized weekly dose of security news. This is Koda Ops TWIS#2

Shadow Brokers

The shadow brokers who recently gained fame for stealing a large arsenal of NSA hacking tools, seem to have a hard time selling it.  A recent post this past Saturday the group stated: “Peoples is not thinking auctions is being real”. It seems they are also disappointed in the lack of media attention stating “media no make a big story”. As of now, the bids have totaled up to 1.76 bitcoins or roughly $1,082. It’s been three days and the bids haven’t budged. The group has implied that the files are worth more than $500 million and have mocked people for not buying.

This is just being typical “I’m the smartest guy” dumbass mentality of talking heads. If I don’t understand it then it can’t be done and it isn’t real.

I’m going to make up a more reasonable sounding but still fantasy story to sound smart and make myself feel better!

TheShadowBrokers … is thinking peoples is having more balls, is taking bigger risks for to make advantage over adversaries. Equation Group is pwning you everyday, because you are giant fucking pussies.


Zero-day mayhem at EMC

A company by the name of Digital Defense announced Monday that they privately revealed a set of five zero-day vulnerabilities in Dell EMC’s vApp Manager for Unisphere for VMAX, a web application used to manage all of EMC’s storage platforms. Weaknesses found in how Unisphere would use the Adobe Flash Action Message Format protocol to send messages to different interfaces without requiring authentication. The flaws would also allow hackers with access to network storage devices to send malicious AMF messages to the web application server, allowing hackers to run arbitrary commands on the storage system. Hackers could potentially give full access to your storage devices. With over 3,300 companies worldwide using VMAX to manage all their storage systems we’re glad that EMC took quick action in patching the found vulnerabilities


Google play isn’t playing nice

Researchers at trend micro discovered that the google play store is currently harboring over 400 instances of Dresscode malware. Using a similar approach technique as malware “Viking Horde” it hides and masquerades as a legitimate application to trick users into downloading it. Dresscode disguises itself as games, skins,themes and phone optimization boosters Unfortunately only a small part of the app was modified placing malware in hard to reach spots. According to google plays statistics one particular malicious app a modification for Minecraft users have installed around 500,000 times meaning this app alone could have infected half a million users with Dresscode malware. Once installed it will communicate back to its command and control server where the hacker will be able to issue commands stealing data and possible launching attacks from your phone which can put a whole enterprise network at risk.


Rogue employees and the threat to critical infrastructure

Federal officials are quietly warning those who operate power grids, transportation hubs and other critical infrastructure about the potential threats posed by insiders.  Rogue, disgruntled, ex-employees can ”wreak digital havoc” and pose a “substantial threat” warns Public Safety Canada. The big concern is a “black swan” a rare but devastating event that could cause massive losses. And Public Safety Canada is looking at the power grid and telecom systems in particular. The fact is insider threats are hard to detect. This news given last December to leaders in the 10 most crucial infra sectors. While gov’t regulations and compliance can help secure these areas better, over 90% of critical infra is controlled by the private sector. As well, many sectors are interdependent, so that a problem in one will impact others.


Linux tumbles down with systemd to blame

A system administrator has discovered a critical bug in systemd allowing a hacker to bring a vulnerable Linux server to its knees with a single command. After the command is sent the system locks up hanging PID1 and not allowing the user to start or stop daemons. Inetd-style services also stop working by not accepting any new connections leaving the system at a standstill. Rebooting is the only option you have but because the system froze you cannot do a clean shutdown forcing you to make a tough choice especially if you were doing something important on the server. Debian, Ubuntu, and CentOS are among the distros susceptible to this bug. please beware that the bug does not require root access to exploit your machine.


Do the french really have the answers?

As credit card fraud gains popularity and Data breaches get more severe two french are stepping up their game to protect their clients from hackers.  It happens every day millions of credit cards stolen from data breaches and sold online. And until recently it seemed no one had a single clue of how to really protect your credit card data online. Société Générale and Groupe BPCE, two of France’s largest banking groups, are preparing to roll out these cards across all their customers after completing a pilot scheme last year. So how do they work and what makes them so secure? well, it’s a technology called “motion code” and it works by changing the CCV every hour for three years. Allowing you to thwart hackers before they were able to use your credit card information leaving them with outdated information. While this is a huge step forward for credit cards and online safety I’m just waiting for someone to break this security till then, keep up the good work.


FBI secretly subpoenaed signal

Newly released documents show that Open Whisper Systems, creators of signal- was secretly subpoenaed by the FBI earlier this year. OWS who made the encryption for their own application has their encryption built into apps like WhatsApp, Facebook Messager and google allo. OWS with the help of the ACLU has begun fighting the shakedown in a federal grand jury proceeding in the Eastern District of Virginia. The FBI were after a wealth of information – the ACLU called the demand “wildly overboard” – but given that OWS doesn’t store much of anything, they basically came away empty-handed. The subpoena came with a gag order compelling OWS to complete silence as to the data sought and whether or not the company complied. The gag order was supposed to last an entire year.


This is this week in security I hope you enjoyed reading, please comment below and stay tuned for more TWIS.


Leave a comment