Security Roundup - 2018-02-16

Telegram 0-day used to install malware. Security researchers at Kaspersky go into a Telegram 0-day, where attackers used special non-printing characters to convince users they were opening images, when they were in fact executing malicious javascript. The resulting malware then used Telegram as a C&C as well as launching bitcoin miners, the monitization strategy du jour.

Low powered encryption chip solution to IoT woes?. Part of the reason a number of connected devices are insecure is the power usage associated with running cryptographic functions, and device providers primary focus on utility over security. One of those reasons may dissapear soon as MIT is working on a new low power crytopgraphic processor, which uses less energy and is faster than software solutions.

DoubleDoor penetrates DoubleDeep. Botnets are evolving with the existence of DoubleDoor, a botnet that uses two exploits to more fully compromise the target. The first is an exploit to gain access to the firewall, giving the attacker internal access. The second uses their vntage point to exploit the target’s modem, in an attempt to be more persistent.

Thousands of websites impacted by domain hijack. Web hosting provider Newtek landed in some trouble, when three of their core domains hijacked, including one that customers used to manage their own sites.

Jumping the (air)gap. There are a number of interesting/esoteric ways in which someone can exfiltrate data off of computers, but using magnetic signals to breach faraday cages is a new one. While some extreme closeness to the device is still necessary, it is interesting in the ways that researchers are leveraging all the hardware and the physical properties they exert to do the unexpected.

Written on February 16, 2018