Security Roundup - 2016-08-18

Researchers have discovered a vulnerability in an RFC5961. While designed to prevent a number of attacks, the disclosed vulnerability opens up new forms of attacks, where users could disconnect traffic, as well as inject content into unencrypted communications.

Blackhat 2016 videos are starting to trickle online, as is material from the 25th USENIX Security Symposium.

O’reilly posts an interesting article on “Patrolling the dark net”, where they go over the deep web, the dark web, and monitoring to check for the worst case scenario, your information is up for sale on the dark web.

For those companies that require absolute control of their encryption keys, Amazon and Google now allow you to provide your own keys for use on their services, rather than relying on third party key generation.

Interested in banking malware? You might enjoy this article on Automatic Transfer Systems by MalwareTech.

Rapid 7 has some interesting articles this week, including a writeup of how small companies have a great opportunity to set up a security foundation while they are small, as this inevitably gets harder as the organization grows.

The creators of Mayhem, the bot that won Darpa’s Grand Slam challenge, did an AMA on Reddit!

Attackers use a variety of methods to exfiltrate data from their targets. PhishLabs has apparently seen a recent attempt that uses XMPP to push data out.

Troy Hunt has an other article on security (or lack thereof). This time features account enumeration and some examples where sites leak far too much information due to enumeration techniques.

Checkpoint has released their latest Malware Top 10. Conficker still reigns supreme, but most of the other spots are in flux. They also have a nice expose on ransomware as a service, staring Cerber.

DDoSes frequently use DNS ANY queries to perform reflection attacks on the victims. Savvy attackers are turning to DNSSEC supported servers, as their signed responses can be up to 30x larger, thus increasing the impact of reflection by just choosing the right target. Just like any service exposed to the internet, failing to properly secure DNSSEC makes it potentially exploitable. Cloudflare has been actively trying to deprecate the ANY query for DNS in general, to minimize the ability for DNS to be exploitable for reflection to the extent it currently is.

Open source GPG libraries have had vulnerabilities discovered in the random number generator, allowing an attacker that obtains enough data to predict the outcome.

Written on August 18, 2016