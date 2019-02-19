Security: Windows Holes, Dow Jones Breach/Leak, Tomcat and Kafka in EU, Drupal, Supply Chain, Bitcoin, Thunderbolt and More
Mimikatz tutorial: How it hacks Windows passwords, credentials
Mimikatz is an open source Windows utility available for download from GitHub. First developed in 2007 to demonstrate a practical exploit of the Microsoft Windows Local Security Authority Subsystem Service, or LSASS, Mimikatz is capable of dumping account login information, including clear text passwords stored in system memory.
New exploit lets attackers take control of Windows IoT Core devices
Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password.
Bob Diachenko, an independent security researcher, found the Amazon Web Services-hosted Elasticsearch database exposing more than 2.4 million records of individuals or business entities.
The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts. Other financial companies, like Thomson Reuters, have their own databases of high-risk clients, politically exposed persons and terrorists — but have also been exposed over the years through separate security lapses.
Tomcat and Kafka Selected for EU Bug Bounty Programme
The European Union recently launched a bug bounty program for critical infrastructure projects, offering financial compensation to anyone who finds and reports a new security flaw.
The bug bounty is offered as part of FOSSA, the "Free and Open Source Software Audit" project. The FOSSA list includes two notable Java projects: Apache Tomcat and Kafka. Other projects, such as KeePass, are available now.
Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn
Bunnie Huang's tour-de-force explanation of how hardware implants and supply chain hacks work
Alleged Coinomi $60,000 exploit shows how easy it is to have your Bitcoin stolen
Bitmain Releases Bugfix, But Sidesteps Open Source Issue
James Hilliard, who discovered the unpatched bug, is refusing to disclose the additional vulnerability until Bitmain complies with the GPL software license. Bitmain’s firmware is currently closed source, but since it is built on GPL-licensed open source software, Bitmain is technically required to open source its firmware as well.
Bitmain, for its part, has acknowledged that the open source community discovered a vulnerability in its firmware, but the update doesn’t indicate that Bitmain has any immediate plans to make its firmware open source. Bitmain does, however, throw the community a bone: It claims that it has created a “special team” to pursue compliance with open source code.
It is not clear what Bitmain will do next, though Hilliard notes that the company has released its source code in the past. Regardless, there is a simple reason that releasing source code might matter: Public access to the code would allow the community to fix vulnerabilities without relying on Bitmain—and Hilliard believes that there are many more bugs to be found.
‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks
Most laptops vulnerable to attack via peripheral devices
The research, to be presented today (26 February) at the Network and Distributed Systems Security Symposium in San Diego, shows that attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.
Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops and an increasing number of desktops are susceptible.
[...]
Computer peripherals such as network cards and graphics processing units have direct memory access (DMA), which allows them to bypass operating system security policies. DMA attacks abusing this access have been widely employed to take control of and extract sensitive data from target machines.
Sysdig Introduces eBPF Instrumentation to Extend Cloud-native Visibility and Security to Container-Optimized Linux Platforms
Intel open-sources HBFA app to help with firmware security testing
