From Security Weekly Wiki
Jump to navigationJump to search
604 bytes added ,  17:27, 10 December 2019
no edit summary
#[ A new Windows 10 ransomware threat? Examining claims of a potentially unstoppable vulnerability] - Lets clear up the sensational headline, first this is a vulnerability in Microsoft's CFA (Controlled Folder Access): ''The idea behind CFA is simple: if you haven’t prevented malware from executing on the system...CFA can at least provide protection by thwarting the main thing that ransomware does: encrypt key files.'' and an example of one of the bypass techniques is as follows: '' in the “RIPlace” technique, malicious code replaces the file with its encrypted version rather than deleting the file first. Based on conversations with Nyotron, this situation occurs due to an error in the way that CFA is monitoring files to protect them.'' Also important to note, Microsoft is not motivated to fix this issue.
#[ Birth Certificate Data Laid Bare on the Web in Multiple States] - Basically someone is operating with their pants down and has no clue: ''The bucket contained more than 752,000 applications, with names, addresses, email, phone numbers, family member info, dates of birth and the reason for making the application. According to TechCrunch, which verified the data, the bucket is still open – and updates daily. In one week, it added 9,000 applications to the database. The owner didn’t respond to multiple contact efforts; Amazon said that it would notify the owner, but no action has been taken, according to Fidus. For that reason, the company has not been named.''
#[ 'Hackable' karaoke and walkie talkie toys found by Which?]- Looks like basic Bluetooth pairing vulnerabilities: ''A stranger could, for example, use a Vtech's KidiGear walkie talkie to pair to another one of the devices being used by a child - from a distance of up to 200m (656ft). The Bluetooth pairing of devices, however, would have to take place within a 30-second window, once the child's device was activated.'' and ''Which? also found that the Singing Machine SMK250PP karaoke machine had been designed so that a stranger could stream audio to a child from a distance of up to 10 metres because the Bluetooth connection did not ask for authentication.''
#[ Linux Bug Opens Most VPNs to Hijacking] - ''According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” In an advisory released this week, they noted that once a proof-of-concept exploit allowed them to determine a VPN client’s virtual IP address and make inferences about active connections, they were then able to use encrypted replies to unsolicited packets to determine the sequence and acknowledgment numbers of connections. These allowed them to hijack TCP sessions and inject data into the TCP stream.''
#[ Hardware-based Password Managers Store Credentials in Plaintext]


Navigation menu