Date Published: July 20, 2018
[ALERT] Weblogic Exploit Code Made Public (CVE-2018-2893)
On 18-JUL-2018 Oracle released a Critical Patch Update (https://isc.sans.edu/forums/diary/Oracle+Critical+Patch+Update+Release/23886/) Yesterday exploit targeting CVE-2018-2893 impacting Oracle Weblogic Server appeared publicly.
Here's the link for the ORACLE CPU JULY 2018 (http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html)
Date Published: July 10, 2018
[PRIVACY] Just using a $39 device it is possible to defeat new iOS USB Restricted Mode
While Apple proudly announced its new feature, experts from ElcomSoft have found a way to reset the countdown timer of USB Restricted Mode and bypass the defense mechanism.
The researchers discovered that by directly connecting a USB accessory to the iOS device within an hour after it was last unlocked would reset the 1-hour countdown.
A cheap Apple’s $39 Lightning to USB 3 Camera adapter could be used to bypass the security features, the experts also discovered that it is possible to bypass the USB Restricted Mode by using untrusted Lightning accessories, or those that have not been paired with the iPhone before.
Date Published: July 9, 2018
[BREACH] Timehop data breach, data from 21 million users exposed
Stolen data includes names, email addresses, and some phone numbers, while no private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were exposed.
The company pointed out that none of the users’ “memories,” – the social media posts & photos that Timehop stores, were accessed by the attackers. The company admitted that hackers obtained access credential to its cloud computing environment, that incredibly was not protected by multifactor authentication.
The security team locked out the attackers two hours and nineteen minutes later its discovery. The attackers also accessed the keys that let Timehop read and show you your social media posts (but not private messages), in response to the incident the IT staff at the company has deactivated them, this means that users will have to re-authenticate to their App.
Date Published: July 6, 2018
[VULNS] The Pirate Bay is cryptomining for Monero with your CPU again
A quick inspection of the HTML source code of the page confirms that The Pirate Bay really did intend the text to be small.
Small font
Danny Bradbury, writing for the Sophos Naked Security blog, reports that The Pirate Bay appears to have shifted its allegiances - now using JavaScript from Crypto-Loot rather than Coinhive to mine its Monero, presumably to reduce the size of the commission they have to forego.
Ad blockers are increasingly adding support for blocking unwanted cryptomining code on webpages, whether the websites are upfront about what they are doing or not.
Date Published: July 6, 2018
[PRIVACY] Two-Thirds of Second-Hand Memory Cards Contain Data From Previous Owners
All in all, researchers say the memory cards they recovered were previously used in smartphones and tablets, but some cards were also used cameras, SatNav systems, and even drones.
The research team says the analysis process consisted of creating a bit-by-bit image of the card and then using freely available software to see if they could recover any data from the card.
Their efforts were successful and worrisome at the same time, as the team says it managed to recover data from the memory cards, including intimate photos, selfies, passport copies, contact lists, navigation files, pornography, resumes, browsing history, identification numbers, and other personal documents.
Date Published: July 5, 2018
[PRIVACY] Phone apps aren't secretly listening to your calls: But what they do is still 'alarming'
Over 9,000 of the 17,260 apps in the study have camera and microphone permissions. The researchers used 10 Android phones to look at traffic generated by them when their software interacts with the apps. They found that some apps are transmitting screen recordings and video recordings of what people are doing in the software.
One of the apps that displays this behavior is goPuff, a food delivery app, which records how the user interacts with the app and sends the data to mobile analytics firm Appsee.
The main problem the researchers see is that it isn't clear to the user that this data is being captured and shared.
The goPuff app uses Appsee's analytics library, which is promoted as a tool for helping developers fix bugs and promises to let developers "Watch every user action and understand exactly how they use your app, which problems they're experiencing, and how to fix them"
[ARREST] Programmer tried to sell cyberweapon on dark web for $50M: Reminder to secure employees
The employee began working at the company in November 2017, and hadaccess to its computer servers, software, and product source code.According to an indictment cited in Globes, it was made clear that theemployee was not allowed to remove or transfer any information belongingto the company from the workplace, or to connect external storagedevices to company computers without approval. NSO computers even hadsecurity software installed to prevent external storage devices frombeing connected, according to the report.
Despite these rules, in February, the employee Googled how to get aroundthis security software, and was able to connect an external drive to hisworkstation, without the company's knowledge. In April, he was called toa hearing and was dismissed from the company for unrelated reasons, thenewspaper report noted. At this point, he connected an external storagedevice to company servers and downloaded the Pegasus software and sourcecode.
Date Published: July 4, 2018
[PRIVACY] Carole Cadwalladr takes us behind the scenes of the Cambridge Analytica investigation
If you’re not familiar with her name then you will definitely be aware of the massive story she broke earlier this year which revealed how Cambridge Analytica harvested the profiles of 50 million Facebook users and targeted them in an attempt to get them to vote for Donald Trump in the 2016 US Presidential election.
Facebook threatened to sue Cadwalladr’s newspaper to prevent them from printing the allegations, and then later admitted that as many as 87 million people have had their details improperly shared with Cambridge Analytica.
Date Published: July 3, 2018
[VULNS] Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal
The zero-day vulnerabilities in question are a remote code execution flaw in Adobe Acrobat and Reader (CVE-2018-4990) and a privilege escalation bug in Microsoft Windows (CVE-2018-8120).
"The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module," Matt Oh, Security Engineer at Windows Defender ATP Research, says.
"The second exploit, which does not affect modern platforms like Windows 10, allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory."
The Adobe Acrobat and Reader exploit was incorporated in a PDF document as a maliciously crafted JPEG 2000 image containing the JavaScript exploit code, which triggers a double-free vulnerability in the software to run shellcode.