Security/Integrity/Proprietary: Microsoft, SWIFT, SymTCP, Emotet and CIA Leaks

-
Microsoft Patch Tuesday, February 2020 Edition
A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.
Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.
Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk) files (CVE-2020-0729) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. Allan Liska, intelligence analyst at Recorded Future, says Microsoft considers exploitation of the vulnerability unlikely, but that a similar vulnerability discovered last year, CVE-2019-1280, was being actively exploited by the Astaroth trojan as recently as September.
-
Forging SWIFT MT Payment Messages for fun and pr... research!
TLDR: With a bit of research and support we were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message, and leveraging specific system trust relationships to do the hard work for us!
-
SymTCP – a new tool for circumventing deep packet inspections
In a paper (PDF) entitled ‘SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery’, academics from the University of California’s Department of Computer Science and Engineering demonstrate how to bypass DPI mechanisms, regardless of their application.
According to the team, DPI systems often use simplified machine states of network stacks that are not exact implementation copies of end hosts. Discrepancies can then be exploited through packet fragmentation or manipulation.
SymTCP first runs ‘symbolic execution’ on a server’s TCP implementation, and the resulting scan collects execution paths labeled as either ‘accept’ or ‘drop’ for packet inspection.
The DPI system is then checked with generated packet sequences to ascertain which, if any, are processed in the same way by the DPI and the server.
If discrepancies in handling are detected, the open source tool is able to create packets that can reach core elements in the code responsible for accepting or dropping requests, thereby potentially avoiding DPI middlebox checks.
-
Emotet can spread to poorly secured Wi-Fi networks and computers on them
After the malware infects a computer that has Wi-Fi capability, it uses the wlanAPI interface to discover any Wi-Fi networks in the area: a neighbor’s Wi-Fi network, a free Wi-Fi network at a café, or a Wi-Fi network of a nearby business.
-
Emotet can now hack Wi-Fi networks
This new strain utilizes wlanAPI.dll calls to discover wireless networks around a computer that is already infected with Emotet. By using the compromised machine's Wi-Fi connection, the malware tries to brute-force its way in to other password protected networks nearby.
After the compromised device has been successfully connected to another wireless network, the Emotet Trojan begins looking for other Windows devices with non-hidden shares. The malware then scans for all accounts on these devices and once again brute-forces the password for the Administrator account and all other users on the system.
-
“What is the Root User?” Joshua Schulte Set Up the Shared “root” Password He’ll Use in his Defense
In a full day of testimony yesterday, one of Joshua Schulte’s former colleagues, testifying under the name Jeremy Weber (which may be a pseudonym of a pseudonym under the protective order imposed for the trial) introduced a ton of detail about how the engineering group he and Schulte worked in was set up bureaucratically, how the servers were set up, and how relations between Schulte and the rest of the group started to go south in the months and weeks leading up to the date when, the government alleges, he stole CIA’s [cracking] tools. He also described how devastating the leak was for the CIA.
In that testimony, the government began to lay out their theory of the case: When Schulte lost SysAdmin access to the servers hosting the malware they were working on — and the same day the unit announced they’d soon be moving the last server to which Schulte had administrator privileges under the official SysAdmin group — Schulte went back to the back-up file of the server from the day the fight started blowing up, March 3, 2016, and made a copy of it.
But the government also started previewing what will likely be Schulte’s defense: that some of these servers were available via a shared root password accessible to anyone in their group.
-
State officials press Congress for more resources to fight cyberattacks [iophk: Windows TCO]
Tuesday's hearing follows months of escalating attacks against government entities across the nation, with most involving ransomware, which attackers use to lock down a system and demand payment to give the user access again.
-
Trump administration wants private sector to do more to counter foreign intelligence efforts
The Trump administration’s counterintelligence strategy, released Monday, aims for stronger collaboration between the intelligence community and the private sector on detecting and stopping foreign intelligence threats to U.S. entities.
The plan, which President Donald Trump approved in early January, emphasizes a longstanding government argument that the private sector must do more to prevent foreign espionage. As state-sponsored hackers target more U.S. companies, corporate America should prioritize preparations to stifle similar attacks in the future, the director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday.
-
- Login or register to post comments
Printer-friendly version
- 3738 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
EasyOS Dunfell 2.6.1 released for x86_64 PC
Yesterday announced EasyOS Dunfell 2.6.1 aarch64 for the Raspberry Pi4:
https://bkhome.org/news/202101/easyos-dunfell-261-released-for-the-raspberry-pi4.html
Today it is the turn for EasyOS Dunfell-series 2.6.1 64-bit on the PC. This is the first official release in this series.
Same packages compiled in OpenEmbedded. Latest SeaMonkey 2.53.6. A different kernel for the PC build, 5.10.11.
Read all about it here:
http://distro.ibiblio.org/easyos/amd64/releases/dunfell/2.6.1/release-notes-2.6.1.htm
As stated in the release notes, all three streams are being sync'ed to the same version number.
The Buster-series 2.6.1 will probably be uploaded tomorrow. I have to compile the latest 5.4.x kernel, and SeaMonkey 2.53.6.
As to which you would choose for the PC, it is like asking "which is better, strawberry icecream or chocolate icecream?"
| Top 20 Uses of Linux
The Linux OS and its related distros and flavors have transformed it from hardcore software into an industrial brand. Even if you are not a fan of it, the Linux OS might be as common as the air you breathe if you closely analyze your day to day interactive activities. Almost all the modern technologies that transform and innovate the tech industry have a Linux OS DNA imprinted on them.
Those that are yet to be branded with their innovative uniqueness and recognition are waiting in line for the famed chance. Therefore, you might boldly claim that the Linux OS does not run your life, but the world around you cannot avoid the flirty pursuits of this open-source and free software.
Nowadays, almost anything that can be described as cool is either pursuing Linux or is being pursued by Linux. It is the perfect symbiotic relationship in a world that tries to find a balance in technology and innovation. This article explores the awesomeness and outreach of the Linux OS in the world around us. It might even be an eye-opener for some of us to start taking our Linux skills to the next level. Top500 quotes Linux as the powerhouse or engine behind five-hundred fastest computers worldwide.
I do not know of the speed of the computer composing this article or whether it qualifies to be among the listed five-hundred fastest computers worldwide. However, one thing is certain; it is 100% Linux DNA. On this note, let us start parading the top 20 uses of Linux.
|
parted-3.4 released [stable]
Parted 3.4 has been released. This release includes many bug fixes and new features. Here is Parted's home page: http://www.gnu.org/software/parted/ For a summary of all changes and contributors, see: https://git.savannah.gnu.org/cgit/parted.git/log/?h=v3.4 or run this command from a git-cloned parted directory: git shortlog v3.3..v3.4 (appended below) Here are the compressed sources and a GPG detached signature[*]: http://ftp.gnu.org/gnu/parted/parted-3.4.tar.xz http://ftp.gnu.org/gnu/parted/parted-3.4.tar.xz.sig Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify parted-3.4.tar.xz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 117E8C168EFE3A7F and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69 Automake 1.16.1 Gettext 0.21 Gnulib v0.1-4131-g252c4d944a Gperf 3.1 ![]() | Kernel: LWN's Latest and IO_uring Patches
|
Recent comments
1 hour 2 min ago
1 hour 3 min ago
1 hour 5 min ago
1 hour 5 min ago
1 hour 7 min ago
1 hour 46 min ago
7 hours 46 min ago
7 hours 54 min ago
7 hours 57 min ago
8 hours 6 min ago