HNNEpisode123

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #123

Recorded May 9, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • News

    1. HandBrake for Mac Compromised with Proton Spyware - The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed the software between May 2 and May 6 could have also downloaded a variant of the OSX.PROTON Trojan onto their Mac system.
    2. Team Macron praised for feeding phishing spies duff info - The Macron campaign reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts.Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at least some security pundits as a smart move. It's unclear whether or not the Macron campaign used 2FA, which remains a simple and effective defence against login phishing.Part of the En Marche! party's strategy against Fancy Bear (AKA APT28) was to "sign on to the phishing pages and plant bogus information".
    3. All your Googles are belong to us: Look out for the Google Docs phishing worm - A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets.
    4. Dell To Patch AMT-Vulnerable Systems - Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu. In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit. As readers should already know, Intel introduced the bug in 2010, and it turned out that an attacker need only offer an empty login string to Chipzilla's VPro AMT remote management firmware to access vulnerable systems.
    5. Microsoft Releases Emergency Patch For Crazy Bad Windows Zero-Day Bug - Microsoft has released a patch rapidly developed to combat a severe zero-day vulnerability discovered only days ago. Late Monday, the Redmond giant issued a security advisory for CVE-2017-0290, a remote code execution flaw impacting the Windows operating system. The security vulnerability was disclosed over the weekend by Google Project Zero security experts Natalie Silvanovich and Tavis Ormandy. The vulnerability allows attackers to remotely execute code if the Microsoft Malware Protection Engine scans a specially crafted file.

    Expert Commentary: Jason Wood, Paladin Security

    Ultrasonic Beacons Can Track You Via Your Phone

    We've talked about apps turning on your camera and microphones on mobile devices, TVs and computers for a while now. No one likes the idea of someone spying on them, but the capabilities are still there. In a new twist, there are over 200 Android applications that are now listening for things that we can't hear as well as those we can. The apps are turning on phone microphones to pick up sounds that are at a frequency above the range that the human ear is capable of hearing. This information appears to being transmitted back the app's servers and then can be used to target individuals with specific advertising or even determine their location. This keeps getting crazier as individuals and organizations figure out ways to find out where we are and what we are doing.

    Original Paper - http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf

    Articles - https://threatpost.com/ultrasonic-beacons-are-tracking-your-every-movement/125484/ https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/