BF-SIRT Newsletter 2017-50

This weeks top stories begins with the ROBOT attack, a bug in the implementation of RSA key exchange for products using PKCS #1 v1.5. This includes SSL\TLS if RSA is used for for exchanging keys. The bug can let an adversary decrypt traffic and even sign messages with someones else private key. The vulnerable products include F5, Citrix, and Cisco and many vendors has released patches.

A database containing over 1.4 Billion clear text passwords was discovered by security firm 4iQ while looking for passwords on the “dark web”. The full database contains over 41GB of cleartext passwords and user-names aggreated from previos leaks from Bitcoin, Pastebin, LinkedIn, MySpace, Netflix, YouPorn, Last.FM, Zoosk, Badoo, RedBox, games like Minecraft and Runescape, and credential lists like Anti Public, Exploit.in.

Security researcher discovered that a lot of HP models comes pre-installed with a keylogger that could be used to spy on user by malware or hackers. The kyelogger is disabled by default, but can be turned on by making changes to the registry in windows machines. Since this is built into the drivers by HP, this keylogger can be turned on bypassing . HP.

Tennable released Nessus Professional v7, removing API and multi-user support. These two components are looked to as essential by many security professionals and is met with criticism in the security community. But it gets even worse. When notifying its user about the new version, they added all users to a support-forum that sent out as much as 150 emails a minute for over an hour, effectively creating a spam-storm for all its users.

A new attack-framework “TRITON” is targeting Industrial Control Systems (ICS)and caused operational disruption to critical infrastructure according to Mandiant. This looks to be Nation-state sponsored attack, and could lead to physical damage of critical systems producing gas, power and other national critical infrastructure.

And don’t forget that this Tuesdays was Microsoft s patch Tuesday, with fixes for over 30 vulnerabilities, including 19 Critical browser issues.

Top 5 Security links
ROBOT attack
1.4 Billion Clear Text Credentials Discovered in a Single Database
Pre-installed keylogger found in over 460 HP laptops
Tennable released Nessus Professional v7, removing features and spaming users
TRITON Attacker Disrupts ICS Operations