Security Roundup - 2016-11-17

Following up on the ‘Hack The Pentagon’ bug bounty program, the Army announced ‘Hack The Army’ on Veteran’s Day.

The Verge reports an unfortunate cause of user’s Skype accounts being compromised. Despite urging customer’s to migrate their accounts to Microsoft accounts for stricter security, user’s original Skype accounts could be used to log in, potentially leaving accounts vulnerable due to leaked credentials. User’s are urged to ‘complete’ the migration.

‘Pwnfest’, a security bug finding festival wrapped up this week. Among the systems available, VMWare was exploited (and subsequently fixed), as well as Microsoft Edge exploits found, as well as the new Pixel phone being exploited.

Talos goes in depth on how they do triage for some vulnerabilities for binaries, specifically stack based buffer overflow and heap based buffer overflow/heap overflow bugs.

I imagine everyone has heard of PoisonTap at this point, but for those who haven’t…. PoisonTap is an exploit device based on the Raspberry Pi that emulates a network device. Once connected, it convinces the laptop that all traffic should be routed to it. This allows the device to intercept traffic, harvest cookies, and poison the browser. The later allows the device to open up a websocket to allow remote control of the browser. The engineer behind the device suggests simple security measures be added for usb devices: simply prompt the user when (most/all) when connected if they would like the device to be allowed.

Chinese researchers have revealed that poor OAuth 2.0 (used to do single sign on via services like Facebook and Google) implementations cam be hijacked. Based on their analysis of top performing apps, they believe more than 1 billion accounts could be subject to compromise. The attack relies on a a malicious app being installed on the device, allowing the attacker to MitM connections.

Fortinet has been working to identify the author of several strains of malware and gives an inside view of what sorts of information they look for in order to find relationships.

BleepingComputer wraps us up with the Ransomware Roundup. Among the regular variants, some interesting news: Multiple new versions of Cerber, which has expanded the ip subnets they use to communicate back information and statistics to C&C nodes; A ransomware variant that is marketed as a Paysafe (Prepaid money card) number generator, asking people who are trying to ‘generate’ money to pay money; proof of concept PHP ransomware which could use another exploit to encrypt web servers; a new variant dubbed ‘Telecrypt’ due to the fact that it uses the Telegram service as its C&C channel.

Written on November 17, 2016