BF-SIRT Newsletter 2017-34

This weeks top stories is how a hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide.

Researchers from Ben-Gurion University of the Negev has demonstrated that hardware replacements can be equipped with a chip that is capable of manipulating the device’s communication. While in other situations identity thieves are porting users’ mobile phone numbers to devices under their control in order to hijack their web accounts.

Mail continues to be main vector of attack. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, challenges the assumption that email is immutable once delivered. And Flashpoint has a nice write up of when they identified a recent credential phishing campaign that had a low detection rate due to its simplicity. And SANS ISC-handler Xavier does a new walkthrough of a malicious AutoIT script delivered in a self-extracting RAR file.

HPE Integrated Lights-out 4 (iLO 4) has multiple serious remote vulnerabilites, but you have that on a separate management VLAN anyway, right?

A spate of incidents involving US warships in Asia, has forced the navy to consider whether cyberattackers might be to blame.

And if you need some light reading this weekend I can recommend Microsoft Security Intelligence Report Volume 22 – Focuses on Cloud and Endpoints, it is about the current state of threats, recommended best practices, and solutions.

Top 5 Security links
Hacker Publishes iOS Secure Enclave Firmware Decryption Key
Hacking smartphones with malicious replacement parts
U.S. Warship Collisions Raise Cyberattack Fears
HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities
Microsoft Security Intelligence Report Volume 22