Uncategorized

The article states that there is a new threat which hackers can unauthorized access and change to encrypted PDF without knowing password. This threat is called PDFex attacks which hackers remotely use the technique to remotely exploit PDF data. This means using this attack can automatically send the decrypted file out by using a remote-controlled server. Vulnerabilities were found in various well-known software such as Adobe Acrobat, Foxit Reader, and Nitro Reader and multiple browsers such as Chrome, Firefox, and Safari. Additionally, a team of German security researchers found 2 weaknesses of PDF encryption which are partial encryption and ciphertext malleability.

Link : https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html

The article reviewed the battle between Microsoft and the U.S. Government since 2016 about disclosing “secrecy order” from government’s demand to obtain data from Microsoft’s customers. Microsoft is attempting to challenge the federal orders to retain its discipline towards customers’ privacy. In the case of 2016, the U.S. government was investigating a money fraud associated to two email account. Microsoft stopped the them before they moved forwards to obtain orders from the federal judges, as stated by the Dev Stahlkopf, Microsoft’s general counsel.

 

https://www.bloomberg.com/news/articles/2019-09-25/microsoft-is-still-rattled-over-u-s-sneak-and-peek-searches

The article states the mobile hacking campaign which the main target is Tibetan groups. The victims, especially in high management level, received a malicious link via WhatsApp application in both Iphone and Andriod platforms between November 2018 and May 2019. The Canadian researchers found that hackers (Poison Carp) use MOONSHINE spyware which allows them to gain full unauthorized access to victim devices and they are able to steal private data via applications like Gmail and Twitter.

Source: https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html

According to the article, it is difficult to tell whether a satellite has been hacked because there’s so much data to review that they really don’t know if something is going wrong. Satellites that orbit outside of a certain area or exhibit unusual behavior could indicate a compromise but humans don’t always notice it and don’t have the ability to make a determination quickly because there is so much data. As 5G is becoming more relevant, many more satellites are going into orbit. However, there hasn’t been an any evidence of improvements in satellite security. The NSA is trying to determine if small satellite behaviors can be categorized as good, bad or something else by using artificial intelligence. They are also trying to see if malware can be deployed to a satellite from the ground station. Cyber attacks are possible on satellites and ground stations because they are essentially just computers with special software. Hopefully these experiments reveal ways to address any threats and vulnerabilities in satellite systems.

https://www.defenseone.com/technology/2019/09/nsa-running-satellite-hacking-experiment/160009/

 

hey guys,

1. I found this article interesting, Is it safe to say that the term “war” is being redefined to cyber warfare rather the REAL wars?

Further more, Could the greatest danger today be seen in terms of “information security” because stealing trade secrets may give financial/economical advantage to the other country and hence increase its military might. Could this aspect of cyber crime play a pivotal role to a country’s rise in dominance?

 

…“We expect other nations will want to become self-sufficient in critical technologies. That’s what we’d expect of a responsible government,” he said. “The issue isn’t that China has set out to do that. It’s that part of their industrial policy, part of the way they try to accomplish that, is state-sponsored theft or creating an environment that rewards or turns a blind eye to it.”

 

https://www.cnbc.com/2019/09/23/chinese-theft-of-trade-secrets-is-on-the-rise-us-doj-warns.html

Since Rami posted about a newer version of VMware getting released, I figured I’d put it out there. Anyone running the above mentioned versions may want to apply 4 patches that were addressed by VMware this past week. I will list them out below:

CVE-2019-5534 covers an issue where virtual machines deployed in an Open Virtualization Format (OVF) could expose login information via the virtual machine’s vAppConfig properties. This can be resolved by updating to the latest version.

CVE-2019-5532 covers a situation where a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. This is typically done through the root account of the virtual machine. A patched version is now available for upload.

CVE-2019-5531 involves an information disclosure vulnerability in clients arising from insufficient session expiration that would allow an attacker with physical access or an ability to mimic a websocket connection to a user’s browser to possibly obtain control of a VM Console after the user has logged out or their session has timed out. A patched version is now available for upload.

CVE-2017-16544 is a vulnerability in ESXi where it contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames. An attacker may exploit this issue by tricking an ESXi Admin into executing shell commands by providing a malicious file, VMware wrote. A patched version is now available for upload.

Source Link: https://www.scmagazine.com/home/security-news/vulnerabilities/patches-issued-for-vmwares-vsphere-esxi-vmware-vcenter-server/

I had never heard the term: DevSecOps, so this article seemed interesting to me. This concept is a fairly new initiate that bring security personnel into the DevOps software development process, much earlier than they normally would be. This allows for security needs to be respected, all throughout the software development life cycle. In some software development circles, security is an afterthought. This new technique will hopefully prove to be the best overall solution.

https://www.darkreading.com/risk/devsecops-recreating-cybersecurity-culture–/a/d-id/1335783

North American Electric Reliability Corp reports a first of its kind cyber attack against power grids in the western region os the US. There are many unknowns about the attack, whether it was targeted or exploratory recon for a larger attack later. By exposing firewall vulnerabilities, attackers were able to cause blind spots for grid operators for about 10 hours on March 5. By exposing these vulnerabilities, the attackers forced unexpected reboots of the firewalls resulting in a denial of service conditions. The attack compromised web portals for firewalls that linked parts of the power grid in California, Utah, and Wyoming.

NERC posted a lessons learned document: https://www.eenews.net/assets/2019/09/06/document_ew_02.pdf

https://www.eenews.net/stories/1061111289

At this year’s Defcon conference, the US Airforce brought along an F-15 fighter jet data system to be evaluated for vulnerabilities, and serious vulnerabilities were found. The US Airforce is changing the way it looks at cybersecurity and is embracing external cybersecurity experts to assist in securing military technology. Rather than work in a bubble, they agreed to allow a hand-picked number of researches to attempt to highjack an orbiting satellite.

The F-15 fighter jet data system has many parts that are built by smaller third-party companies who don’t always design with security in mind. Working with external researchers allows the Air Force to understand these vulnerabilities and can start writing stronger security requirements into its SLA contracts.

How is this going to work? The Air Force will put out a call for submissions to researchers who are interested, then handpick their contestants, and allow them to test in a non-prod environment against satellite components.

The winner will attempt to compromise the ground station controlling the satellite, or the satellite directly altering the camera that is pointing at the earth, and change the position to capture the moon.

https://www.wired.com/story/air-force-defcon-satellite-hacking/