From Paul's Security Weekly
Hack Naked News #125
Recorded May 16, 2017 at G-Unit Studios in Rhode Island!
- DocuSign forged crooks crack email system and send nasties - Due to a breach of a non-critical system, attackers were able to launch a phishing campaign from a Docusign server, allowing the emails to look more legitimate than usual. The emails of Docusign users were leaked to attackers during this breach, however no other information is know to be leaked. Docusign warned its user-base not to open Word-macro laiden emails with specific subject lines such as "Wire transfer for recipient-name Document Ready for Signature" and "Accounting Invoice [Number] Document Ready for Signature".
- Netflix confirms it is blocking rooted/unlocked devices, app itself is still working (for now) - Netflix started showing up as 'incompatible' on the Play Store for rooted and unlocked Android devices. However, the app itself continued to work just fine. Netflix has released a statement, saying "With our latest 5.0 release, we now fully rely on the Widevine DRM provided by Google; therefore, many devices that are not Google-certified or have been altered will no longer work with our latest app and those users will no longer see the Netflix app in the Play Store." Hurray for DRM, okay maybe not. However, Netflix has a pretty big responsibility, especially after some unreleased episodes of its own shows were posted to the Internet.
- FTC launches crackdown on tech support scammers - On Friday of last week, the FTC, along with federal, state and international law enforcement partners, announced that the coordinated effort includes 16 civil and criminal legal actions – including complaints, settlements, indictments, and guilty pleas – against tech support scammers that trick consumers into believing their computers are infected with viruses and malware, and then charge them hundreds of dollars for unnecessary repairs. Scammers are reported on charging victims credit cards for between $300 and $500 for bogus "technical support". Good to see the FTC getting involved with some higher-tech scams and working with law enforcement, lets hope this trend continues.
- Chrome Browser Hack Opens Door to Credential Theft - A vulnerability in Google’s Chrome browser allows hackers to automatically download a malicious file onto a victim’s PC that could be used to steal credentials and launch SMB relay attacks. The attack is described in detail on the link in the show notes for this episode and seems to extend beyond Chrome but limited to Windows systems. The researchers have not reported this to Google, and Google has said it is investigating.
- Car Security Experts Dump All Their Research and Vulnerabilities Online | Hackaday - Earlier this week Charlie Miller and Chris Valasek released all of their research on car hacking. Included on the site is all tools, data and presentations for your car hacking pleasure. FCA, the corporation that owns Jeep and has many vulnerable vehicles, is not happy about this stating: Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.
- United Airlines says cockpit door access info may have been made public - CBS News - United Airlines said in a "Safety Alert" emailed to employees that information regarding its flight deck access security procedures "may have been compromised" and "some cockpit door access information may have been made public.". The access codes to the cockpit doors are reported as requiring to be changed manually, and rumor is that is in the works for United's planes.
- HP laptops covertly log user keystrokes, researchers warn | Ars Technica - HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive. An audio device driver has debugging turned on that logs all keystrokes to a clear-text text file on the user's hard drive. The log file—located at C:\Users\Public\MicTray.log—is overwritten after each computer reboot, but there are several ways that the contents could survive for weeks, or even indefinitely. It seems there is no fix at this time, well, there is always Linux.
- Using Wi-Fi to Get 3D Images of Surrounding Location - The radio signals emitted by a commercial Wi-Fi router can act as a kind of radar, providing images of the transmitter's environment, according to new experiments. Two researchers in Germany borrowed techniques from the field of holography to demonstrate Wi-Fi imaging. They found that the technique could potentially allow users to peer through walls and could provide images 10 times per second. Just putting this one on your radar...
Expert Commentary: Jason Wood, Paladin Security
7 Florida Men Charged in Global Tech Support Scheme