Episode – 04 (Bangkok Edition)

Welcome to the weekly dose of cyber security news and views.
Date – 28th Jan 2018

 

Podcast –

Videocast –

Shownote –

WTF: What The Fun!!!!!

CryptoJacking : Malicious ads these days, focusing towards using browsers to steal cryptocurrency, hopefully you are smart enough to save yourself from Crypto jacking 😀

Natalya Kaspersky’s Cryptocurrency Theory: She says that Cryptocurrency is a project of American Intelligence Agencies to generate quick funding!! 😀

Cryptocurrency Conspiracy Theory: Some says that Cryptocurrency is a rogue work of Artificial Intelligence Bots and if continues, rogue AI will take over the world!! 😀

Danish Municipality leaked the data which was kept on an unauthenticated FTP server and they asked their citizens to confirm that they did not download these sensitive files!!! 😀 😀

HNS IoT Bot:

Affected more than 14k devices and named Hide N Seek because it was first identified in 10th Jan, then faded away and re-emerged on 20th Jan. HNS scans the Internet randomly for specific ports: Port 23, Port 80, Port 2323 and Port 8080, which all are unencrypted ports. If the connection is established, it tries to attempt brute force attack on the IoT device. Good news: HNS can’t achieve persistence so rebooting cleans the compromised device. Make sure to use strong and complex password and change the password of IoT device before connecting it to the internet.

One Plus credit card data breach:

Around 40k One Plus mobile users impacted by credit card breach as a malicious code was injected onto 1+ website into payment page code to sniff credit card info, users who entered credit card details between mid-November 2017 and January 11, 2018″ potentially be impacted. Advice: Check out for Virtual Credit Card feature provided for net banking platform by most of the banks and create a virtual credit card with card number, CVV and restricted amount to secure your primary card info.

Patchy patches of Meltdown and Spectre:

Not ready to go away Patchy Patches of Meltdown and Spectre are causing random reboot issues into servers. If you have used the patches, make sure to be cautious and use defence in-depth mechanism to stop the attack. Once the stable patches are in, make sure to use them. If you have faced the issue, I am open for a discussion, reach out to me!!!

Malicious apps on Google Play Store:

Recently, so much in news that Facebook hacking app, malicious gaming apps and other credentials stealing apps on google platform is available on google platform.

Be smart not to download or use any unnecessary apps from unknown sources, and not to give unnecessary permissions to the apps.

Malware stealing gas from gas station:

Just like famous petrol pump frauds in India, a malware was stealing gas from a gas station in Russia which let customers into paying more than the gas pumped into their car tank as this malware steals some of the gas pumped into customers cars.

Good Morning GIFs on WhatsApp:

A news agency investigated a message floating on WhatsApp which asked not to use Good Morning /Good Night GIFs saying that these are coming from adversary country and used to steal your sensitive information and came out with a verdict that this message was fake and GIFs do not affect your mobile phones. Appreciate if you do not flood the chatgroups with those GIFs!!

Firefox 58 Patch:

Firefox released a patch for its version 58 which includes patches for 3 critical, 13 high, 13 moderate & 3 low severity vulnerabilities that could allow remote attackers to take control of an affected system. Make sure you patch your Firefox browser asap. In fact, practice the good hygiene by keep patching, restarting and updating your browsers.

Personal Recommendation: Use Brave Browser: a version of chrome, default feature that does not allow script to run, allows fingerprinting and scripting manually.

Browsers, scripts and fingerprinting: If you open a regular browser from your cell phone, it takes your IP address, screen resolutions, your OS version, your browser version, Plug-ins, LAN IP of users, Location of the phone and what not.

Want to know more about it, do reach out to me!!!

Check it out at https://brave.com for iOS, Android, Windows, Mac OSX etc.

Episode 02

Welcome to the weekly dose of cyber security news and views.
Date – 14th Jan 2018

 

Podcast –

Videocast –

Shownotes –

Reliance Jio is set to introduce its own cryptocurrency “JioCoin”
• Year of the blockchain. Reliance Jio is the latest on the list.
• Akash Ambani, son of Mukesh Ambani will lead the young team of 50 blockchain experts and cryptocurrency veterans for the Blockchain project to launch “JioCoin”
• Although not confirmed by Reliance or Jio as of now, but the report has sent shockwaves across India, and globally.
• Reliance Jio’s entry into the blockchain, and creating their own cryptocurrency can actually shift the equilibrium, and incite a new wave of growth.

Blackberry mobile website targeted by crypto/Monero mining code/hackers
• Official website of Blackberry was using its visitors’ CPU power to mine Monero digital coins.
The advice, as always, is to practice safe internet: Do not download unknown apps/software from Android stores, make sure to have up-to-date antivirus software installed and keep an eye on your processor usage because cryptocurrency miners trigger high usage.

Oracle WebLogic Exploit used in Cryptocurrency Mining Campaign
• After Chinese security researcher, Lian Zhang, published a proof-of-concept exploit of an Oracle Web application server vulnerability in late December, hackers were quick to take advantage of the information to make a quick buck. Oracle issued a patch for the flaw in October.
• The ongoing campaign targets Oracle’s PeopleSoft and WebLogic servers, leveraging the newly revealed vulnerability to mine cryptocurrencies and had mined 611 Monero coins, which carries a current value of $226,070.
• This WebLogic vulnerability enables hackers to remotely run arbitrary instructions with WebLogic server consumer privileges and allows them to steal data from affected PeopleSoft systems, or even install ransomware, yet the group so far has only use the vulnerability to install a Monero miner as it’s paying off!
• The compromised machines were detected because the script that downloads the Monero miner “accidentally” kills the WebLogic service after compromise.
WebLogic is a Java EE application server and the script replaces its java binary with the Monero miner xmrig — a legitimate miner that the attackers are illegitimately using on others’ hardware.

• It is recommended that organisations check 3333
• Enterprises tend to be slow in deploying Oracle updates,
• Virtual patching by creating a WAF and DBF is one workaround

Patch Tuesday: Zero Day gap in Microsoft Office
• Microsoft released several patches that close a total of 56 new security holes in. Of these:
16 are considered “critical”
39 are “important”
01 is “moderate”
• These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
• Do not include the Spectre/Meltdown (ADV180002) or Adobe Flash (ADV180001) CVEs.
• Currently, various hacker groups are actively attacking a vulnerability ( CVE-2018-0797 ) in Office.
• Critical gaps can be found in the Scripting Engine. This threatens the web browsers Edge and Internet Explorer. Here, attackers could initiate the execution of malicious code by visiting a specially crafted website. The critical flash update for Edge and Internet Explorer 11 will automatically serve users of Windows 8.1 and 10.

MacOS high Sierra’s App Store Preferences can be accessed with ANY password
• Let anyone access to your system and bypass your password.
• On can easily disable security updates to take advantage of system vulnerabilities.

• This is second time, remember the ‘root user’ bug in December 2017.
• The bug doesn’t exist in macOS Sierra version 10.12.6 or earlier.
• Apple has fixed the bug in the latest beta of macOS 10.13.3, which currently remains in testing and will likely be released at some point this month.

Aadhar
• Trot Hunt’s post on Aadhar.
• @fs0c131y troll.
• Should there by penalties on vendors who did security testing?

Episode 01

Welcome to the weekly dose of cyber security news and views.
Date – 7th Jan 2018

 

Podcast –

Videocast –

Shownotes –

Before I tell you about the most relevant cyber security news of the first week of this new year, I want to wish you all “Happy New Year” and a very safe and secure 2018! It’s been only 5 days of this year and we already learn about two major and severe security flaws found in Intel CPUs: Meltdown and Spectre, which are affecting computers worldwide. If you haven’t done it already, we recommend keeping all your devices and applications up to date!

Here’s what happened in this first week of 2018 in cyber security, as we’ve summed up the most important stories of this week in our weekly security round-up.:

1. SPECTRE OR MELTDOWN unaffected to RASPBERRY PI:

Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Both vulnerabilities exploit performance common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities.

2. India, the Aadhaar Nation under scrutiny by privacy concerns

In a report titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details” published on Wednesday, The Tribune had claimed to have bought “a service being offered by anonymous sellers over WhatsApp” for unrestricted access to details of the more than 1 billion Aadhaar holders. Former Central Intelligence Agency (CIA) employee, Edward Snowden also shared his viewpoint stated that admin accounts can be made and the access can be sold to the database. This was a major blow to the Centre’s push for Aadhaar.

3. WD MyCloud NAS devices vulnerable to Critical Hard-coded backdoor

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital’s My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. The researcher has also written a Metasploit module to exploit this vulnerability.

An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as ‘wdmycloud’ and ‘wdmycloudmirror’ etc.”

4. Forever 21 PoS Systems Breached

Forever 21 joins a crowded list of retailers and hotel chains bitten by PoS-style attacks in 2017. Over the past 12 months, there has been a number PoS systems targeted in attacks by a growing list of malwares. The company said each of its Forever 21 retail outlets uses multiple PoS terminals, but at some stores a number of devices did not have encryption enabled. It said hackers targeted those few stores and the vulnerable PoS devices that kept logs of completed payment transaction authorizations.