Security Roundup - 2018-03-16

AMD vulnerabilities spark controversy. Security research firm CT Labs turned heads this week after publicly disclosing a number of AMD vulnerabilities on very short notice. CT Labs defends their actions by suggesting responsible disclosure is broken, and trying to find a balance between 0-day notice, and full technical disclosure. The exploits themselves appear to require admin access to the machines, but still potential cause of worry since they could result in persistent threats outside of the regular operating system.

More Enigma 2018 Roundup. Lots of content from Enigma and just had to share some more!

  • Anatomy of Account Takeover from Google Security. They apparently collected 4K data breach dumps with 3.3B credits in 2016. In comparison, at time of writing, HaveIBeenPwned has ~5B credentials from 271 breaches sites over all time. They break down the risk from breaches vs keyloggers vs phishing, as well as investigate the low adoption of additional security measures by users, and go over what additional steps they do to try to protect their millions of users.
  • Insecurity In Information Technology. About moving beyond a culture of blame or overwhelming people with information of varying actionability and engaging and empowering developers such that they embrace “Security is Everyone’s Job”.
  • Surfing the Motivation Wave to Create Security Behavior Change. More on understanding and trying to influence positive vs negative behavioral changes within a company.

Mobile malware adopts sandbox evasion. At a recent security conference a member of Google Play’s security team went into how mobile apps are trying to avoid detection. The examples decribed appear to be similar to sandbox evasion, where depending on the environment the malware will perform different actions.

NSA tools reveal known unknowns. One security researcher has been fascinated with exploring the tools leaked by the Shadow Brokers last year. In particular, he is trying to figure out what threats the NSA may have known about, compared to what threats we currently know about. So far, he has found references to malware we know about, but NSA’s knowledge predates public knowledge significantly, as well as some references he is currently unable to match against public samples.

Written on March 16, 2018