February 2016
* Provided by CDR Pablo Breuer *
DCO/DGO:
- Operation Blockbuster: http://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf Good write-up on the Sony attack.
- Operation Dust Storm: https://www.cylance.com/content/dam/cylance/pdfs/other/Op_Dust_Storm_Report.pdf Decent write-up on Asia-Pacific targeting APT
- Airport experiment shows people recklessly connect to any open WiFi hotspot: http://news.softpedia.com/
news/airport-experiment-shows- that-people-randomly-connect- to-any-open-wifi-hotspot- 500808.shtml It's troubling (but not surprising) how many do this without making use of a VPN. - Database error exposed sensitive information on 1,700 kids: http://www.csoonline.com/
article/3036313/security/ uknowkids-com-database-error- exposed-sensitive-information- on-1-700-kids.html - Linux Mint hit by malware infection on its website, forum after hack attack: http://blog.linuxmint.com/?p=
2994 Ouch! Remember that checking MD5 hashes that are on the same website as the software you downloaded afford you *ZERO* protection or assurance. More here: https://threatpost.com/linux- mint-website-hacked-isos- replaced-with-backdoored- versions/116370/ - Mousejack attacks abuse vulnerable wireless keyboard, mouse dongles: https://threatpost.com/
mousejack-attacks-abuse- vulnerable-wireless-keyboard- mouse-dongles/116402/ This should not be a surprise to anyone. - Angler EK generated by "admedia" gates: https://isc.sans.edu/forums/
diary/Angler+exploit+kit+ generated+by+admedia+gates/ 20741/ This is an informative post in general, but for my students I particularly would look at the screencaps of Open Source tools including Wireshark, Snort, Suricata, etc. - New Silverlight attacks in Angler EK: https://threatpost.com/new-
silverlight-attacks-appear-in- angler-exploit-kit/116409/ - Comodo Internet Security installs and starts a VNC server by default: https://code.google.com/p/
google-security-research/ issues/detail?id=703 Verify what ports you've got listening, people. - Hospital pays $17,000 to decrypt files: http://hollywoodpresbyterian.
com/default/assets/File/ 20160217%20Memo%20from%20the% 20CEO%20v2.pdf (archived) More here: https://threatpost.com/ hollywood-hospital-pays-17k- ransom-to-decrypt-files/ 116325/ Remember when I said medical was going to go on a hiring spree after banks and Fortune 500? Here it is... - Sergey Lozhkin on how he hacked his hospital: https://threatpost.com/
sergey-lozhkin-on-how-he- hacked-his-hospital/116314/ Again, Medical is going to start recruiting your cyber folks...just sayin'. - Tor project accuses CloudFlare of Mass Surveillance, Sabotaging Tor Traffic: http://news.softpedia.com/
news/tor-project-accuses- cloudflare-of-mass- surveillance-sabotaging-tor- traffic-501035.shtml I believe CloudFlair still holds the record for being the target of the largest ever DDoS. I'm thinking this is not going to be a winning strategy for them. - Obama Administration set to expand sharing of data that NSA intercepts: http://www.nytimes.com/2016/
02/26/us/politics/obama- administration-set-to-expand- sharing-of-data-that-nsa- intercepts.html?_r=1 - Memory analysis of BlackEnergy Big dropper: http://malware-
unplugged.blogspot.in/2016/02/ blackout-memory-analysis-of- blackenergy.html Very nice analysis. - Vulnerability in IDA Pro licensing: https://www.securifera.com/
advisories/cve-2015-8277/ Ouch. - "Locky" ransomware analysis: https://nakedsecurity.sophos.
com/2016/02/17/locky- ransomware-what-you-need-to- know/ Very nicely done. - Former White House adviser to chair new cyber commission: http://www.federaltimes.com/
story/government/ cybersecurity/2016/02/18/ donilon-cyber-commission/ 80550078/?utm_content= 28807089&utm_medium=social& utm_source=twitter You had me at "Commission on Enhancing National Cybersecurity." It reminds me of a famous Marine saying, "Perfect, we can attack in any direction." - Director of US-CERT leaving post to start firm: http://www.scmagazine.com/
director-of-us-cert-leaving- post-to-start-firm/article/ 478524/ 'cause retention. - Asus lawsuits puts entire industry on notice over shoddy router security: http://arstechnica.com/
security/2016/02/asus-lawsuit- puts-entire-industry-on- notice-over-shoddy-router- security/ Love this. *LOVE IT* 20 years of supervised security audits. - Using EMET to shut off EMET: https://www.fireeye.com/blog/
threat-research/2016/02/using_ emet_to_disabl.html Oops. Updated EMET here: https://technet.microsoft. com/en-us/security/jj653751 - Compromising Symantec Endpoint Protection: http://codewhitesec.blogspot.
in/2016/02/symantec-endpoint- protection-legacy-edition.html - Libssh vulnerability: https://www.libssh.org/2016/
02/23/libssh-0-7-3-security- and-bugfix-release/ This is going to hurt a lot of embedded devices and cell phones. DH key exchange gets used for SSL/TLS/SSH/etc. - Abusing exchange web service: http://www.shellntel.com/
blog/2016/2/13/abusing- exchange-web-service - VMWare products affected by critical glibc flaw: http://www.securityweek.com/
vmware-products-affected- critical-glibc-flaw?utm_ source=dlvr.it&utm_medium= twitter Panic for the CANES program office in 3, 2, 1... - RCE in Linux kernel: https://xairy.github.io/blog/
2016/cve-2016-2384 - Nice write-up on powergrid attacks: https://blindseeker.com/
blahg/?p=774
Not quite as fragile as some would have you believe.
PACOM:
- Baidu's and Don'ts: Privacy and Security Issues in Baidu Browser: https://citizenlab.org/2016/
02/privacy-security-issues- baidu-browser/ This is a fun read. As a pentester, this is a treasure-trove of information. - Lenovo CEO hopes US-China cyber-theft case will not affect IBM, Motorola deal approval: http://uk.reuters.com/
article/us-china-lenovo- cybercrime- idUKBREA4K0JB20140521 This just makes me laugh.
CENTCOM:
- ISIS supporters threaten Mark Zuckerberg, Twitter's Jack Dorsey: http://www.nytimes.com/2016/
02/26/us/politics/obama- administration-set-to-expand- sharing-of-data-that-nsa- intercepts.html?_r=1 I wonder if they did it with Facebook's new "anger" emoji. ;)
EUCOM:
- Hackers did indeed cause Ukranian power outage, US report concludes: https://ics-cert.us-cert.gov/
alerts/IR-ALERT-H-16-056-01 Shocked! Shocked, I tell you!
Cutting Edge:
- NP-complete problem solved with biological motors: http://arstechnica.com/
science/2016/02/np-complete- problem-solved-with- biological-motors/ The computer scientist in me loves this, but calling it "solved" is a gross over-simplification. - Coercion changes the sense of agency in the human brain: http://www.cell.com/current-biology/abstract/S0960-9822%2816%2900052-X This is fun for all sorts of good reasons. With great power, comes great responsibility.
- Google's latest AI doesn't need geotags to figure out a photo's location: http://www.theverge.com/2016/
2/25/11112594/google-new-deep- learning-image-location-planet That's TOO cool. IMINT anyone? - Counteracting Data-Only malware with code pointer examination: https://www.sec.in.tum.de/
assets/Uploads/kittelraid2015. pdf ROP mitigation paper. I'm not super impressed, but it's a worth attempt. - On the unicity of smartphone applications: http://arxiv.org/pdf/1507.
07851v2.pdf 4 apps uniquely identify 95% of users. Pretty impressive. I hope our IC is paying attention. - ECDH Extraction via low-bandwidth electromagnetic attacks on PCs: https://eprint.iacr.org/2016/
129.pdf Practical TEMPEST attacks are always fun.
Mobile/Drones:
- AT&T and Intel test drones' capability on LTE beyond line of sight and at higher altitudes: http://venturebeat.com/2016/
02/22/att-intel-drones/ Interesting. I've got more than a few security concerns with this. For starters, we have enough problems with drones flying in restricted airspace even with the ranges afforded by WiFi. That's ok, I'm sure no terrorists will ever use a burner phone and drone to fly an IED since they'll now get extended range. - Android malware GM Bot source leaked: https://securityintelligence.
com/android-malware-about-to- get-worse-gm-bot-source-code- leaked/ - Porn Clicker Android malware hits Google Play hard: https://www.helpnetsecurity.
com/2016/02/26/porn-clicker- android-malware-hits-google- play-hard/ - Break down of Nissan Leaf hack: https://threatpost.com/
total-recall-troy-hunt-breaks- down-his-nissan-hack/116497/ More here: http://www.troyhunt.com/2016/ 02/controlling-vehicle- features-of-nissan.html
IOT:
- ARM's Cortex A32 announced: http://arstechnica.com/
gadgets/2016/02/arms-cortex- a32-is-a-tiny-cpu-for- wearables-and-raspberry-pi- like-boards/ You'll see this in IOT devices in the very near future. There are some critical defenses that did not make the cut in this processor, but perhaps for the 64-bit A35. - Remotely disabling a wireless burglar alarm: https://ioactive.com/remotely-disabling-wireless-burglar/
- Security Testers managed to hack hospital patient monitors and drug dispensers: http://gizmodo.com/security-
testers-managed-to-hack- hospital-patient-monit- 1761426524 - Development of a tailored methodology and forensic toolkit for ICS incident response: https://scholar.
google.com/citations?user= G5SabasAAAAJ Well done, young sir. Always to see students doing good work. - There's a new kind of WiFi that uses 10,000 times less power: http://gizmodo.com/theres-a-
new-kind-of-wifi-that-uses-10- 000-times-less-p-1760848538? utm_campaign=socialflow_ gizmodo_twitter&utm_source= gizmodo_twitter&utm_medium= socialflow All sorts of good uses for this in DoD (also for IoT).
Legal/PR:
- FBI vs Apple:
- Justice Department wants Apple to extract data from 12 other iPhones: http://www.doncio.navy.mil/
CHIPS/ArticleDetails.aspx?id= 5921 The WSJ article can be found here: http://www.wsj.com/articles/ justice-department-seeks-to- force-apple-to-extract-data- from-about-12-other-iphones- 1456202213 - Bill Gates breaks ranks over FBI Apple request: http://www.ft.com/cms/s/2/
3559f46e-d9c5-11e5-98fd- 06d75973fe09.html# axzz40zu2k06W - More support for Justice Department than for Apple in dispute over unlocking phone: http://www.people-press.org/
2016/02/22/more-support-for- justice-department-than-for- apple-in-dispute-over- unlocking-iphone/ - NYPD admits the battle over Apple will set a crucial precedent: http://gizmodo.com/nypd-
chief-admits-the-battle-over- apple-will-set-a-cruc- 1760775671 - How the FBI could use acid and lasers to access data stored on seized iPhone: http://arstechnica.com/
security/2016/02/how-the-fbi- could-use-acid-and-lasers-to- access-data-stored-on-seized- iphone/ - Senate intel chief backs off on bill criminalizing refusal to aid decryption: http://arstechnica.com/tech-
policy/2016/02/senate-intel- chief-backs-off-on-bill- criminalizing-refusal-to-aid- decryption/ - Former NSA and CIA chief says Apple is right on the bigger issue of encryption back door: http://9to5mac.com/2016/02/
22/michael-hayden-fbi-apple- encryption/ - FBI director admits under oath that iPhone case would set a precedent: http://9to5mac.com/2016/02/
26/fbi-apple-iphone-precedent- poll-candidates/ - NSA Chief stakes out pro-encryption position, in contrast to FBI: https://theintercept.com/
2016/01/21/nsa-chief-stakes- out-pro-encryption-position- in-contrast-to-fbi/ - Apple makes interesting security hire as it compares FBI request to forcing pharma firm to make lethal drugs: http://9to5mac.com/2016/02/
26/apple-signal-lethal-drug/ This is all going to end horribly. - A technical autopsy of the Apple - FBI debate using iPhone forensics: https://digital-forensics.
sans.org/blog/2016/02/23/ iphone-forensics-separating- the-facts-from-fiction-a- technical-autopsy-of-the- apple-fbi-debate/ Fantastic little write-up by a forensics expert.
- Justice Department wants Apple to extract data from 12 other iPhones: http://www.doncio.navy.mil/
- In Australia, Labor, Coalition vote against strong encryption in Senate: https://delimiter.com.au/
2016/02/24/labor-coalition- vote-against-strong- encryption-in-senate/ - OPM and Education Department CIOs resign
- OPM's cybersecurity chief resigns in wake of massive data breach: http://www.usatoday.com/
story/news/2016/02/22/opms- cybersecurity-chief-resigns- amid-continuing-pressure- congress/80766320/ - OPM, Education Department CIOs resign under fire from Congress: http://arstechnica.com/
information-technology/2016/ 02/opm-education-department- cios-resign-under-fire-from- congress/
- OPM's cybersecurity chief resigns in wake of massive data breach: http://www.usatoday.com/
- Judge confirms DoD funded research to decloak Tor users: https://threatpost.com/judge-
confirms-dod-funded-research- to-decloak-tor-users/116464/