From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #129

Recorded June 13, 2017 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • News

    1. When sysadmins attack: how to delete an entire company - Verlox, a Netherlands-based hosting company, issued a statement that customer data had been destroyed, likely due to an angry ex-employee. Then it said, never mind, we found all of your data and everything is fine. Yikes. Some question whether the ex-employee was to blame at all, stating: Never attribute to malice that which is adequately explained by stupidity. Seems we'll never know, accidents do happen and calls into question who is to blame. My personal take is you should be resilient, but of course everyone makes mistakes.
    2. GameStop Online Shoppers Officially Warned of Breach - GameStop customers received breach notification warnings this week, cautioning them that their personal and financial information could have been compromised nine months ago. According to postal letters sent to customers, GameStop said an undisclosed number of online customers had their credit card or bankcard data stolen, including the card numbers, expiration dates, names, addresses and the three-digit card verification values (CVV2). The breach occurred between Aug. 10, 2016 to Feb. 9, 2017, according to GameStop. GameStop said no retail customers were impacted, it is now believed that was hacked and that the data was stolen through the use of malware. Seems as though it is a bad idea to store the CVV eh?
    3. Google's news algorithm serves up penis pills - Turns out this story is not all that interesting, if you become and authorized source for Google News (Which requires you go through some process), you can tailor your content based on the referrer being set to, and serve ads targeted at people like, well, Jack Daniel, for all sorts of male enhancement drugs. And there you have it. Lets hope this is not a growing trend.
    4. Witcher 3 developers won't bow to extortion for stolen Cyberpunk 2077 files - More content falls in the hands of attackers who demand a ransom. This time, there will be no compliance as CD Projekt Red, the developers behind The Witcher 3, got out ahead of any potential leak by stating: An unidentified individual or individuals have just informed us they are in possession of a few internal files belonging to CD PROJEKT RED. Among them are documents connected to early designs for the upcoming game, Cyberpunk 2077.A demand for ransom has been made, saying that should we not comply... Good for you, in this case, it has served as some PR for the company, on the bright side anyhow. Tracking down the leak may prove difficult.
    5. Sneaky hackers use Intel management tools to bypass Windows firewall - The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines. PLATINUM's technique leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows firewall. The AMT firmware runs at a low level, below the operating system, and it has access to not just the processor, but also the network interface. AMT has to be turned on in addition to serial over LAN, which if you're not using this feature, should be turned off. More technical details, and pretty pictures, can be found in the articled linked in the show notes for this episode. It's worth checking out.
    6. News And Sports Websites Vulnerable To Attack - A study was conducted and found that News and Sports web sites don't use SSL as much as finance and technology web sites. "It's like news and sport content providers don't value the security of their content," Prof Woodward said. "They're leaving themselves vulnerable to attacks like cross-site scripting, where an attacker can pretend something's come from a website when it hasn't." But Prof Woodward warned against putting too much faith in sites that appear to have the most up-to-date and comprehensive security protocols in place. Sure, SSL is not a silver bullet, nothing is, however it does offer some protection from password snooping and XSS.
    7. Docker Aims to Improve Linux Kernel Security With LinuxKit - "Security is critically important for Docker, and LinuxKit represents an opportunity for us to help move security forward," Nathan McCauley, director of security at Docker Inc., told eWEEK. Within the LinuxKit effort there are a series of incubated projects that are focused on improving the security of Linux, according to McCauley. Docker and the LinuxKit project are also focused on making sure that all the Linux kernel security work moves upstream into the mainline Linux kernel, he added. This is good news as we see more widespread adoption of this technology, security is crucial.
    8. Mac Malware Installs Ransomware, Spyware, Security Firms Say - Turns out, Macs do get viruses: Mac users need to beware of two new malware-as-a-service threats found on dark web sites—one focused on spyware-as-a-service and the other focused on ransomware—which target the macOS platform with new criminal cyber-attacks, according to researchers at AlienVault and Fortinet, both which announced their analyses of the services on June 9. It appears they come from the same group. The new Mac spyware, straight-forwardedly named MacSpy, uses Tor for communications, records keystrokes and audio, and can capture a screenshot every 30 seconds, according to AlienVault. Another service, found by network-security firm Fortinet and dubbed “MacRansom,” offers some of the same features, along with encrypting a victim’s files in a ransomware-as-a-service model. They could at least come up with more fun names...

    Expert Commentary: Jason Wood, Paladin Security

    Facing limits of remote hacking, Army cybers up the battlefield

    There'a a lot of discussion about the use of offensive security as part of the military lately. One congressman has called for a dedicated cybersecurity reserve (like the National Guard) that would receive less physical training and more focus on technology. The US Army has started experimenting with offensive cybersecurity capabilities in forward deployed units. These soldiers would be right in the middle of battle working to sabotage or jam the communications of the enemy. How well could this work? Apparently at one NTC exercise in May of this year, an armored unit was staging attack the OPFOR operators successfully jammed the unit's communications and caused a delay while commanders tried to make sense of what was happening. This delay in movement allowed a simulated artillery barrage to take out the entire unit.