Security Roundup - 2016-10-20

Not quite as much IoT news this week. The highlight is that Mirai has evolved to infect cellular modems, including ones that connect automotive and industrial equipment.

Firefox’s data collection has indicated that their users see roughly 50% of the internet encrypted, in comparison to 40% at the end of 2015. This is at least partially attributed to free SSL provider’s like Let’s Encrypt.

Security researchers have discovered a vulnerability in some Foxconn hardware used to power several phones. This vulnerability, dubbed “Pork Explosion”.

HTML5 potentially adds additional threat vectors to the browser, in this article that highlights some CORS vulnerabilities, as well as how XSS can enable attacks on local browser storage.

Sophos breaks down DNS hijacking, including how easy it could be to just social engineer a hijack. The comparison is to recent SIM card hijacks, with a simple phone call transfering ownership until the actual owner takes steps to recover.

Breakpoint labs details 5 ways in which they break into a network. Phishing, unpatched applications, and poor account policies are no surprise. Poisoning netbios name resolution to collect user and password hashes? That is a bit different. They appear to be going in depth into these topics, with the first being phishing.

Facebook recently celebrated the 5th anniversary of their bug bounty program. Some interesting stats: More than $5 million paid to 900 researchers over those 5 years. ~$612K of that was this year, due to no fewer than 9K reports since January 1st.

Bleeping computer provides the ransomware roundup. This week includes a number of new variants, including VenisRansomware which not only encrypts files but includes modules for things like remote access and password stealing. On the defensive side, Talos Group has developed a program that dumps the configuration of several variants of Locky.

Written on October 20, 2016