Language Selection

English French German Italian Portuguese Spanish

Security/Integrity/Proprietary: Microsoft, SWIFT, SymTCP, Emotet and CIA Leaks

Submitted by Roy Schestowitz on Thursday 13th of February 2020 08:11:50 AM Filed under
Security
  • Microsoft Patch Tuesday, February 2020 Edition

    A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.

    Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

    Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk) files (CVE-2020-0729) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. Allan Liska, intelligence analyst at Recorded Future, says Microsoft considers exploitation of the vulnerability unlikely, but that a similar vulnerability discovered last year, CVE-2019-1280, was being actively exploited by the Astaroth trojan as recently as September.

  • Forging SWIFT MT Payment Messages for fun and pr... research!

    TLDR: With a bit of research and support we were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message, and leveraging specific system trust relationships to do the hard work for us!

  • SymTCP – a new tool for circumventing deep packet inspections

    In a paper (PDF) entitled ‘SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery’, academics from the University of California’s Department of Computer Science and Engineering demonstrate how to bypass DPI mechanisms, regardless of their application.

    According to the team, DPI systems often use simplified machine states of network stacks that are not exact implementation copies of end hosts. Discrepancies can then be exploited through packet fragmentation or manipulation.

    SymTCP first runs ‘symbolic execution’ on a server’s TCP implementation, and the resulting scan collects execution paths labeled as either ‘accept’ or ‘drop’ for packet inspection.

    The DPI system is then checked with generated packet sequences to ascertain which, if any, are processed in the same way by the DPI and the server.

    If discrepancies in handling are detected, the open source tool is able to create packets that can reach core elements in the code responsible for accepting or dropping requests, thereby potentially avoiding DPI middlebox checks.

    •                    

  • Emotet can spread to poorly secured Wi-Fi networks and computers on them

                         

                           

    After the malware infects a computer that has Wi-Fi capability, it uses the wlanAPI interface to discover any Wi-Fi networks in the area: a neighbor’s Wi-Fi network, a free Wi-Fi network at a café, or a Wi-Fi network of a nearby business.

    •                    

  • Emotet can now hack Wi-Fi networks

                         

                           

    This new strain utilizes wlanAPI.dll calls to discover wireless networks around a computer that is already infected with Emotet. By using the compromised machine's Wi-Fi connection, the malware tries to brute-force its way in to other password protected networks nearby.

                           

    After the compromised device has been successfully connected to another wireless network, the Emotet Trojan begins looking for other Windows devices with non-hidden shares. The malware then scans for all accounts on these devices and once again brute-forces the password for the Administrator account and all other users on the system.

    •                    

  • “What is the Root User?” Joshua Schulte Set Up the Shared “root” Password He’ll Use in his Defense

                         

                           

    In a full day of testimony yesterday, one of Joshua Schulte’s former colleagues, testifying under the name Jeremy Weber (which may be a pseudonym of a pseudonym under the protective order imposed for the trial) introduced a ton of detail about how the engineering group he and Schulte worked in was set up bureaucratically, how the servers were set up, and how relations between Schulte and the rest of the group started to go south in the months and weeks leading up to the date when, the government alleges, he stole CIA’s [cracking] tools. He also described how devastating the leak was for the CIA.

                           

    In that testimony, the government began to lay out their theory of the case: When Schulte lost SysAdmin access to the servers hosting the malware they were working on — and the same day the unit announced they’d soon be moving the last server to which Schulte had administrator privileges under the official SysAdmin group — Schulte went back to the back-up file of the server from the day the fight started blowing up, March 3, 2016, and made a copy of it.

                           

    But the government also started previewing what will likely be Schulte’s defense: that some of these servers were available via a shared root password accessible to anyone in their group.

    •                    

  • State officials press Congress for more resources to fight cyberattacks [iophk: Windows TCO]

                         

                           

    Tuesday's hearing follows months of escalating attacks against government entities across the nation, with most involving ransomware, which attackers use to lock down a system and demand payment to give the user access again.

    •        

  • Trump administration wants private sector to do more to counter foreign intelligence efforts

                                 

                                   

    The Trump administration’s counterintelligence strategy, released Monday, aims for stronger collaboration between the intelligence community and the private sector on detecting and stopping foreign intelligence threats to U.S. entities.

                                   

    The plan, which President Donald Trump approved in early January, emphasizes a longstanding government argument that the private sector must do more to prevent foreign espionage. As state-sponsored hackers target more U.S. companies, corporate America should prioritize preparations to stifle similar attacks in the future, the director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday.

    •                            

»

More in Tux Machines

Python Programming

  • Integrating MongoDB with Python Using PyMongo

    In this post, we will dive into MongoDB as a data store from a Python perspective. To that end, we'll write a simple script to showcase what we can achieve and any benefits we can reap from it. Web applications, like many other software applications, are powered by data. The organization and storage of this data are important as they dictate how we interact with the various applications at our disposal. The kind of data handled can also have an influence on how we undertake this process. Databases allow us to organize and store this data, while also controlling how we store, access, and secure the information.

  • EuroPython 2020: Presenting our conference logo for Dublin

    The logo is inspired by the colors and symbols often associated with Ireland: the shamrock and the Celtic harp. It was again created by our designer Jessica Peña Moro from Simétriko, who had already helped us in previous years with the conference design.

  • Finding the Perfect Python Code Editor

    Find your perfect Python development setup with this review of Python IDEs and code editors. Writing Python using IDLE or the Python REPL is great for simple things, but not ideal for larger programming projects. With this course you’ll get an overview of the most common Python coding environments to help you make an informed decision.

  • PyCoder’s Weekly: Issue #408 (Feb. 18, 2020)
  • Airflow By Example (II)
  • PyCon: The Hatchery Returns with Nine Events!

    Since its start in 2018, the PyCon US Hatchery Program has become a fundamental part of how PyCon as a conference adapts to best serve the Python community as it grows and changes with time. In keeping with that focus on innovation, the Hatchery Program itself has continued to evolve. Initially we wanted to gauge community interest for this type of program, and in 2018 we launched our first trial program to learn more about what kind of events the community might propose. At the end of that inaugural program, we accepted the PyCon Charlas as our first Hatchery event and it has grown into a permanent track offered at PyCon US.

  • Using "python -m" in Wing 7.2

    Wing version 7.2 has been released, and the next couple Wing Tips look at some of its new features. We've already looked at reformatting with Black and YAPF and Wing 7.2's expanded support for virtualenv. Now let's look at how to set up debugging modules that need to be launched with python -m. This command line option for Python allows searching the Python Path for the name of a module or package, and then loading and executing it. This capability was introduced way back in Python 2.4, and then extended in Python 2.5 through PEP 338 . However, it only came into widespread use relatively recently, for example to launch venv, black, or other command line tools that are shipped as Python packages.

  • New Python Programmer? Learn These Concepts First.

    As a novice Python developer, the world is your oyster with regards to the type of applications that you can create. Despite its age (30 years—an eternity in tech-world terms), Python remains a dominant programming language, with companies using it for all kinds of services, platforms, and applications. For example, Python lets you create web applications via Django or other frameworks such as Flask. Perhaps you want to create games instead? For that, learn Pygame for 2D games (or Panda3D for 3D). Or maybe you’re more enterprise-minded, and want to create useful utilities (such as automatically cataloguing e-books); in that case, Python works well with frameworks and software such as Calibre.

Screencasts/Audiocasts/Shows: Void Linux-based Project Trident 20.02, LINUX Unplugged, Linux Headlines and Tom Christie on Django

  • Project Trident 20.02 overview | A c based desktop-focused operating system

    In this video, I am going to show an overview of Project Trident 20.02 and some of the applications pre-installed.

  • Project Trident 20.02 Run Through

    In this video, we are looking at Project Trident 20.0, now based on Void Linux. 

  • Long Term Rolling | LINUX Unplugged 341

    We question the very nature of Linux development, and debate if a new approach is needed. Plus an easy way to snapshot any workstation, some great feedback, and an extra nerdy command-line pick.

  • 2020-02-18 | Linux Headlines

    Red Hat moves up Fortune’s 100 Best Companies to Work For list, Mozilla releases significant changes to its WebThings Gateway, and O’Reilly publishes analytics for its online learning platform.

  • Podcast.__init__: APIs, Sustainable Open Source and The Async Web With Tom Christie

    Tom Christie is probably best known as the creator of Django REST Framework, but his contributions to the state the web in Python extend well beyond that. In this episode he shares his story of getting involved in web development, his work on various projects to power the asynchronous web in Python, and his efforts to make his open source contributions sustainable. This was an excellent conversation about the state of asynchronous frameworks for Python and the challenges of making a career out of open source.

Mozilla: WebRender, Dexterity in Depth, WebThings and Departure of Ronaldo Lemos

  • Mozilla GFX: Challenge: Snitch on the glitch! Help the Graphics team track down an interesting WebRender bug…

    For the past little while, we have been tracking some interesting WebRender bugs that people are reporting in release. Despite best efforts, we have been unable to determine clear steps to reproduce these issues and have been unable to find a fix for them. Today we are announcing a special challenge to the community – help us track down steps to reproduce (a.k.a STR) for this bug and you will win some special, limited edition Firefox Graphics team swag! Read on for more details if you are interested in participating.

  • Mike Hoye: Dexterity In Depth

    I’m exactly one microphone and one ridiculous haircut away from turning into Management Shingy when I get rolling on stuff like this, because it’s just so clear to me how much this stuff matters and how little sense I might be making at the same time. Is your issue tracker automatically flagging your structural blind spots? Do your QA and UX team run your next reorg? Why not? This all started life as a rant on Mastodon, so bear with me here. There are two empirically-established facts that organizations making software need to internalize. The first is that by wide margin the most significant predictive indicator that there will be a future bug in a piece of software is the relative orgchart distance of the people working on it. People who are working on a shared codebase in the same room but report to different VPs are wildly more likely to introduce errors into a codebase than two people who are on opposite sides of the planet and speak different first languages but report to the same manager. The second is that the number one predictor that a bug will be resolved is if it is triaged correctly – filed in the right issue tracker, against the right component, assigned to the right people – on the first try. It’s fascinating that neither of the strongest predictive indicators of the most important parts of a bug’s lifecycle – birth and death – actually take place on the developers’ desk, but it’s true. In terms of predictive power, nothing else in the software lifecycle comes close.

  • WebThings Gateway Goes Global

    Today, we’re releasing version 0.11 of the WebThings Gateway. For those of you running a previous version of our Raspberry Pi build, you should have already received the update. You can check in your UI by navigating to Settings ➡ Add-ons.

  • Thank You, Ronaldo Lemos

    Ronaldo Lemos joined the Mozilla Foundation board almost six years ago. Today he is stepping down in order to turn his attention to the growing Agora! social movement in Brazil. Over the past six years, Ronaldo has helped Mozilla and our allies advance the cause of a healthy internet in countless ways. Ronaldo played a particularly important role on policy issues including the approval of the Marco Civil in Brazil and shaping debates around net neutrality and data protection. More broadly, he brought his experience as an academic, lawyer and active commentator in the fields of intellectual property, technology and culture to Mozilla at a time when we needed to step up on these topics in an opinionated way. As a board member, Ronaldo also played a critical role in the development of Mozilla Foundation’s movement building strategy. As the Foundation evolved it’s programs over the past few years, he brought to bear extensive experience with social movements in general — and with the open internet movement in particular. This was an invaluable contribution.

Komikku is a GTK Manga App for Linux

If you read a lot of manga and you use the Ubuntu desktop check out Komikku, a relatively new Manga reader app for Linux written in Python and GTK. Now, usually when I highlight a GTK app on this blog you’d assume that I’m talking about a desktop app. But with GTK apps now running on mobile (like the Librem 5, for instance) a new breed of Linux software is emerging, built with mobile first use cases in mind. And Komikku is one such app. Alex, aka BabyWogue, aka the Linux YouTube guy who uses a robot voice and anime wallpaper in every video, recently shared a concise video overview of Komikku (it’s how I heard about it in the first place) and how it runs on …a desktop... Read more Also: BingWall is —Yes, a Bing Wallpaper App for Ubuntu

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6