BF-SIRT Newsletter 2017-34

This weeks top stories is how a hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide.

Researchers from Ben-Gurion University of the Negev has demonstrated that hardware replacements can be equipped with a chip that is capable of manipulating the device’s communication. While in other situations identity thieves are porting users’ mobile phone numbers to devices under their control in order to hijack their web accounts.

Mail continues to be main vector of attack. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, challenges the assumption that email is immutable once delivered. And Flashpoint has a nice write up of when they identified a recent credential phishing campaign that had a low detection rate due to its simplicity. And SANS ISC-handler Xavier does a new walkthrough of a malicious AutoIT script delivered in a self-extracting RAR file.

HPE Integrated Lights-out 4 (iLO 4) has multiple serious remote vulnerabilites, but you have that on a separate management VLAN anyway, right?

A spate of incidents involving US warships in Asia, has forced the navy to consider whether cyberattackers might be to blame.

And if you need some light reading this weekend I can recommend Microsoft Security Intelligence Report Volume 22 – Focuses on Cloud and Endpoints, it is about the current state of threats, recommended best practices, and solutions.

Top 5 Security links
Hacker Publishes iOS Secure Enclave Firmware Decryption Key
Hacking smartphones with malicious replacement parts
U.S. Warship Collisions Raise Cyberattack Fears
HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities
Microsoft Security Intelligence Report Volume 22

BF-SIRT Newsletter 2017-33

This weeks top stories is that Maersk Shipping reports $300m loss stemming from NotPetya attack, which hopefully will help decision makers understand that infosec is not pure cost. To follow up that some attackers seem to be searching for softer targets, Checkpoint has a nice case study on the real identity behind a wave of cyber attacks on energy, mining and infrastructure companies worldwide. AP is also running a story on how attackers are looking to shut down factories for pay, but it could also be a general ransomware-story, either way it shows how infosec can be an investment.

There are a couple of stories related to DDoS this week, Imperva Incapsula reports to have witnessed the emergence of a new assault pattern, which they have come to call a “pulse wave” DDoS attack(“audio autoplay”-link) where the attacker split resources to hit more targets utilizing same amount of bandwith, and Talos has a nice writeup about the rise of chinese online DDoS platforms.

Also Paloalto Networks threat research unit Unit42 has been looking into attacker infrastructure, and was lead down a rabbit hole while investigating malware utilizing PowerShell, uncovering malicious infrastructure supporting Chthonic, Nymaim, and other malware and malicious websites.

There has been several examples of supply chain attacks in the last few weeks, Proofpoint analyzes one specific compromise of a Chrome extension, but report that several other extensions has been modified using the same modus operandi by the same actor. Also, researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang’s server management software called Xmanager, dubbed it ShadowPad.

In other news, USB connections are found to leak information between each other, making that public airport USB-charger even more capable, surreptitiously.

The new NIST draft embeds privacy into US govt security for the first time, showing that there indeed is a solid connection between infosec and privacy.

London council ‘failed to test’ parking ticket app, exposed personal info and got fined for it, even though there never was any actual leak performed.

Top 5 Security links
Maersk Shipping Reports $300m Loss Stemming from NotPetya Attack
Attackers Use DDoS Pulses to Pin Down Multiple Targets
Creepy backdoor found in NetSarang server management software
New NIST draft embeds privacy into US govt security for the first time
USB connections make snooping easy

Virtual data warehousing: Even more efficient data processing

For companies who want to retain their position as a digital leader and keep pace with technological progress in our modern world, the accurate and efficient processing of data is now more critical than ever before. Data lakes are one tool that enables users to collate all the data they hold in a single location. In this post, we introduce an even more extensive method that allows users to maintain performance and efficiency in incoming data flows and retain complete flexibility during data processing: Virtual data warehouses. 

BF-SIRT Newsletter 2017-32

The top stories from this week is that
Carbon Black’s Cb Response is accused by DirectDefense to leak sensitive data, CB claim it’s a feature
, and how Salesforce fires red team staffers who gave Defcon talk.

You can also read about how the UK security community responds with shock and anger against UK authorities as MalwareTechBlog arrested suspected of creating banking trojan. or that NIST Publishes Cybersecurity Workforce Framework.

Top 5 Security Links
Carbon Black denies its IT security guard system oozes customer secrets
Salesforce fires red team staffers who gave Defcon talk
Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev
NIST Publishes Cybersecurity Workforce Framework
Windows 10 Can Detect PowerShell Attacks: Microsoft

BF-SIRT Newsletter 2017-31

The top stories from this week is the new SMB flaw, SMBLoris, and that Troy Hunt Releases Password List.

A security flaws has been found in 2G modems Used by BMW, Ford, Infiniti, and Nissan Cars, and Netflix Releases DoS Testing Tool.

Top 5 Security Links
SMBLoris – the New SMB Flaw
Troy Hunt Releases Password List
Security Flaws Found in 2G Modems Used by BMW, Ford, Infiniti, and Nissan Cars
Netflix Releases DoS Testing Tool
Attacking NoSQL applications (part 2)