Uncategorized

Article Link

Just to prove again that nothing is safe in this world, the Google Pixel Phone and Microsoft Edge were both hacked in less than a minute each in hacking competitions.

Google Pixel was hacked by a team in under a minute.  The hack used a zero-day vulnerability to achieve remote code access on the phone.  The hack opened a Google Chrome page and displayed “Pwned by 360 Alpha Team”.  The hack earned a cash prize of $120,000 for the team.

Microsoft Edge was hacked in just 18 seconds by a team.  The team gained SYSTEM-level remote code execution access on the system.   Details of the hack were not made public until a fix is released.

In my opinion, it is utterly amazing to see that teams of hackers can crack systems in mere minutes, or even seconds with known hacking techniques.  You would think that major vendors like Google and Microsoft would have those avenues all locked up by now, but unfortunately, not.

Just keep in mind, nothing is safe!

 

 

 

 

This article talks about the application Shazam, which uses the device microphone to listen to a couple seconds of music and determine the title and author of a song.  If you’ve used SoundHound before, then it’s very similar.  Patrick Wardle, director of research for the security Synack, recently published an application called OverSight.  OverSight was used to alert the macIOS user of malicious attempts to access their camera.  People that used OverSight, was also alerted that the system was also accessing the microphone while Shazam was off.  Although, review of the Shazam code shows that the recording was not transferred, saved, or exfiltrated, it is still a concern that the app is still recording you even though it is suppose to be off.  I wonder how many other applications are still running in the background when you supposedly turn it off.

http://www.databreachtoday.com/shazam-keeps-ears-open-when-microphone-off-a-9528

 

ImageWare has today launched what it describes as the “first ever multimodal biometric authentication solution for the Microsoft ecosystem Called GoVerifyID Enterprise Suit, the system combines ImageWare’s Biometric Engine and its GoMobile Interactive products to provide true multifactor authentication.

One of GoVerify’s strongest points is the ease and speed with which it can be integrated into any Microsoft installation. It integrates with Active Directory and is essentially a snap-in to the Microsoft Management Console. It is a SaaS cloud service with the biometrics database held in the cloud, and GoMobile operating as the agent on mobile devices

http://www.securityweek.com/imageware-launches-multi-modal-biometric-authentication-enterprises

burpsuite powerpoint slides

burp executive summary

This is a bank’s worst nightmare and I’ll be following this story closely.  The financial, reputational, and regulatory damage that an event like this causes is very significant.  Although, 20,000 accounts is a very small percentage of the 8 million total Tesco Bank accounts, this is very poor customer experience that will likely result in a loss of customers.

It is very important that this bank quickly perform root cause analysis and remediation activities to restore service to normal operations.  Then damage control will likely ensue, which will include efforts to appease customers and regulators, refund customer losses, and assure the public that they have fully addressed the vulnerability(ies) that were exploited.  I’m very curious to find out the root cause on this one.

http://arstechnica.com/security/2016/11/tesco-bank-online-fraudsters-attack-40000-current-accounts/

This article discusses the current state of US-Russian relations. To say the relationship between the two superpowers is not good would be an understatement. The US has repeatedly accused Russia of hacking an revealing DNC secrets. Russia and Putin of course deny any involvement but that has not stopped the US from taking the approach that, if the Russians continue their intrusions during the election, they will launch a counter attack against the rival. The response against Russia will come after the election, according to the article. The article sites an NBC report that states the US will strike Russian electric grids, telecommunications networks, and the Kremlin’s command system. Targeting DNC emails is certain unlawful but hitting major targets such as the ones reported in Russia would have a much more devastating affect, it would seem.

http://gizmodo.com/obama-may-unleash-cyberwar-on-russia-after-election-re-1788654382

This article talks about how the NSA allegedly snooped on VPN traffic by exploiting a vulnerability in the CISCO PIX VPN> The versions that are vulnerable are 5.3(9) through 6.3(4) and were supported by CISCO from 2002 to 2009. The attack code was dubbed BenignCertain and exploits a vulnerability in Cisco’s implementation of the Internet Key Exchange, a protocol that uses digital certificates to establish a secure connection between two parties. The packets cause the vulnerable device to return a chunk of memory. A parser tool included in the exploit is then able to extract the VPN’s pre-shared key and other configuration data out of the response. According to one of the researchers who helped confirm the exploit, it works remotely on the outside PIX interface. This means that anyone on the Internet can use it. No pre-requirements are necessary to make the exploit work. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in Der Spiegel. The article reported that the NSA had the ability to decrypt more than 1,000 VPN connections per hour. The revelation is also concerning because data returned by the Shodan search engine indicate more than 15,000 networks around the world still use PIX, with the Russian Federation, the US, and Australia being the top three countries affected. The following is a screen shot of BenignCertain extracting a shared key from a Cisco PIX firewall.

View article here.

I found this to be very interesting.  A very good interactive tutorial on how SQL injection works.

Click Here

 

Researchers at Skycure have discovered a new strain of Android spyware, dubbed Exaspy, that has been used in targeted attacks against high-level executives.Researchers from Skycure discovered an instance of the Exaspy malware that was installed on an Android 6.0.1 device owned by a Vice President at an unnamed company.

Here is how the app installs itself when it runs for the first time:

1. Malware requests access to device admin rights
2. Asks (nicely) for a licence number
3. Hides itself
4. Requests access to root (if the device is rooted and managed through popular rooting apps). Once granted, it installs itself as a system package to make its uninstallation process harder.”

Mitigation efforts should include disabling USB debugging and regularly checking an Android’s Device Administrators list and disable components you don’t trust

http://securityaffairs.co/wordpress/53108/malware/exaspy-spyware.html