TrustedSec Security Podcast Episode 50 – FCA Bugbounty, Not Malware, OKPS, Jigsaw, FDIC, Flash, Sharing Crime, Attack Services, Sentencing, GSZ Analyzer, Pokemon, PIA, Printer Patch, Ethiopia, Energy Malware TrustedSec

Content provided by TrustedSec – Information Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by TrustedSec – Information Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

TrustedSec – Information Security «
TrustedSec Security Podcast Episode 50 – FCA Bugbounty, Not Malware, OKPS, Jigsaw, FDIC, Flash, Sharing Crime, Attack Services, Sentencing, GSZ Analyzer, Pokemon, PIA, Printer Patch, Ethiopia, Energy Malware

8y ago

MP3•Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on October 14, 2016 14:12 (8y ago). Last successful fetch was on September 13, 2016 16:12 (8y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

TrustedSec Security Podcast Episode 50 for July 21, 2016. This podcast is hosted by Rick Hayes, Scott White, and Ben Ten.

Visit the show notes page to download the Podcast or check us out on iTunes!
Download Page https://www.trustedsec.com/podcasts/trustedsec-security-podcast-episode-50.mp3
XML Page https://www.trustedsec.com/podcasts/trustedsecsecuritypodcast.xml

Announcements:
TrustedSec TV
https://www.youtube.com/channel/UCRkiASOIDfCDJeB9xkJoMRg

BSidesCLE
When: June 24-25, 2016
Where: Cleveland, OH
https://bsidescle.com

Converge
When: July 14-15, 2016
Where: Detroit, MI
http://convergeconference.org/main

Hackers on Planet Earth (HOPE) XI
When: July 22- 24, 2016
Where: New York, NY
http://x.hope.net

Stories:
Source: http://arstechnica.com/cars/2016/07/bug-bounties-and-automotive-firewalls-dealing-with-the-car-hacker-threat/
As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack. The car-hacking problem gained widespread attention in July 2015, when hackers revealed that 1.4 million Chrysler and Dodge vehicles were vulnerable to an exploit—via the car’s infotainment system—that could allow a malicious hacker to take over control of the vehicles’ throttle, brakes, and even steering.

On Wednesday morning, Fiat Chrysler Automobiles (FCA) announced it has created a bug bounty program, using Bugcrowd’s platform to allow the security community to inform it about possible exploits.

Source: www.zdnet.com/article/fbi-says-its-hacks-are-not-malware-because-they-are-used-to-catch-criminals
The FBI does “not believe” that the hacking tools it uses to break into the computers of suspected criminals should be considered “malware,” because it says they’re used with good intentions.
In the court filing, first spotted by Julian Sanchez, a senior fellow at the Cato Institute, the FBI said that its hacking tools, so-called network investigative techniques (NIT), are not “malicious.”

The FBI said it would retain the data to “aid in establishing patterns of activity” to help discover new criminals when they arise.

The legal brief written by the FBI last week said that: “A reasonable person or society would not interpret the actions taken by a law enforcement officer pursuant to a court order to be malicious.”

Source: http://news.softpedia.com/news/misconfigured-server-exposes-alarm-system-details-for-oklahoma-bank-and-dps-506291.shtml
A leaky CouchDB database was fixed over the weekend, after it exposed internal security details for the Oklahoma Department of Public Safety buildings, and even from a branch of the Oklahoma-based Midfirst Bank.

MacKeeper security researcher Chris Vickery discovered the database on Saturday, July 9, 2016. The CouchDB server belonged to physical security firm Automation Integrated and allowed anyone access to its contents without requiring users to authenticate using a password.

Source: https://www.grahamcluley.com/2016/07/jigsaw-ransomware-decrypted-using-simple-trick/
Researchers have found a simple trick they can use to once again decrypt the notorious Jigsaw ransomware. The Check Point Threat Intelligence Research team explain they made their discovery on Friday while investigating the ransomware’s user interface.

“When the user presses the ‘I made a payment, now give me back my files!’ button, the program makes an HTTP GET request to:

btc.blockr[.]io/api/v1/address/balance/

and as a response, gets the following

json: {“status”:”success”,”data”:{“address”:””,”balance”:0,”balance_multisig”:0},”code”:200,”message”:””}

Source: http://www.bankinfosecurity.com/china-suspected-in-fdic-breaches-a-9262
The Chinese government likely was responsible for the hacking of computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, according to a new congressional report.

Public disclosure of those breaches in the congressional report comes as the FDIC inspector general issued a new audit report that criticizes the agency for continued lax information security practices.

Source: http://www.darkreading.com/vulnerabilities-and-threats/adobe-fixes-52-vulnerabilities-in-flash-/d/d-id/1326248
Software firm Adobe has launched an updated version of Flash Player patching 52 vulnerabilties — one of the biggest security updates in Flash this year, Threatpost reports. The vulns were being exploited in targeted attacts that allowed control of a system. None of the exploits corrected are presently under attack in the wild, says Threatpost.

Of the CVEs patched, 33 of them resolve memory corruption weaknesses leading to code execution while 12 updates were use-after-free vulnerabilities that allowed machines to be exposed to code execution attacks. Other problems fixed include a race condition, type-confusion flaws, heap buffer overflow and security bypass vulnerabilities, memory leak weakness and stack corruption.

Source: https://www.schneier.com/blog/archives/2016/07/password_sharin_1.html
In a truly terrible ruling, the US 9th Circuit Court ruled that using someone else’s password with their permission but without the permission of the site owner is a federal crime.

The argument McKeown made is that the employee who shared the password with Nosal “had no authority from Korn/Ferry to provide her password to former employees.”

At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?

Reinhardt argues that Nosal’s use of the database was unauthorized by the firm, but was authorized by the former employee who shared it with him. For you and me, this case means that unless Netflix specifically authorizes you to share your password with your friend, you’re breaking federal law.

Source: http://blog.radware.com/security/2016/07/malware-and-botnet-attack-services-found-on-the-darknet/
A botnet is a collection of compromised computers that are often referred to as zombies, slaves, or bots. These devices are infected by malware that allows the attacker to ultimately control the compromised computers. The owner of a botnet is often referred to as a “herder” and is able to control the infected devices through covert channels like an Internet Relay Chat (IRC), that allows the attacker to issue commands. These commands inputted into the Command and Control server (C&C) tell the bots in the botnet what to do, such as performing denial of service attacks, sending spam with ransomware attached or information theft.

Source: http://miami.cbslocal.com/2016/07/13/former-insurance-co-employee-sentenced-for-identity-theft/
A former health insurance company employee was sentenced to nearly three years in prison for stealing more than 50 customer identities from her former job.

Quinzella Romer, 39, previously pled guilty to one count of possession of fifteen or more unauthorized access devices, in this case social security numbers which had been issued to other people.

Romer was employed as a Short-Term Disability Benefit Manager at a health insurance company from June, 2007 until August, 2013. Investigators determined that the screenshots were taken from her work station at the company.

Source: https://packetstormsecurity.com/files/137883/gsxanalyzer-hardcoded.txt
After decompiling the SWF file “Main.swf”, a hardcoded credential in one of the products of GSX, namely GSX Analyzer, has been found. Credential is a superadmin account, which is not listed as a user in the userlist, but can be used to login GSX Analyzer portals. Seemingly a backdoor or a “solution” to provide “support” from the vendor.

The found credentials are:
Username: gsxlogin
Password: gsxpassword

Source: http://www.cnet.com/news/sen-al-franken-questions-pokemon-go-creator-over-data-collection-policies-niantic-privacy/
The US senator, known for championing internet privacy, sent a letter on Tuesday to Niantic Labs, developer of the wildly popular game, demanding to know what data it’s collecting from users and sharing with third parties.

“I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent, Franken wrote in a letter (PDF) addressed to Niantic CEO John Hanke. “From a user’s general profile information to their precise location data and device identifiers, Niantic has access to a significant amount of information, unless users — many of whom are children — opt-out of this collection.”

Source: http://www.theregister.co.uk/2016/07/13/the_exodus_begins_vpn_provider_leaves_russia_after_servers_seized/
VPN provider Private Internet Access (PIA) says its servers have been seized by the Russian government, so has quit the country in protest at its privacy laws.

The company has sent an e-mail to users claiming some of its servers have been seized, even though the enforcement regime – in which all Internet traffic has to be logged for a year – doesn’t come into effect until September 2016.

A paying user has forwarded the company’s e-mail to The Register, which we reproduce at the bottom of this story. The customer also told us the Russian gateways disappeared automatically from “older versions of the PIA client” in the last week.

Source: http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/
For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.

The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.

Source: https://www.washingtonpost.com/news/worldviews/wp/2016/07/13/ethiopia-shuts-down-social-media-to-keep-from-distracting-students/
Social media applications on Ethiopian phones and computers stopped working over the weekend. Then, on Monday afternoon, the entire Internet shut down for nearly 24 hours. The next day it was running again, but Facebook, Twitter, Instagram, Viber and other social media apps were still blocked, along with WhatsApp and downloading sites such as Apple’s iTunes and Google Play.

The Ethiopian government said the move was to help students concentrate on key university entrance exams being taken through Wednesday, although it did not aim for a complete Internet shutdown.

“They had some technical issues, but it was turned back on. It must have been a mistake — the focus was on the social media,” said government spokesman Getachew Reda. The shutdown was in response to public calls to close social media, Reda said.

Source: http://www.computing.co.uk/ctg/news/2464720/new-malware-targeting-energy-grid-actively-evades-security-measures
New malware, which security researchers say was most likely crafted by nation-state attackers, has been identified on the network of a European energy company.

The malware was possibly released in May, and was written to bypass traditional anti-virus software and next-generation firewalls. It also uses anti-sandboxing techniques intended to hamper analysis. Security sandboxing software, such as GFI and Joe Sandbox, will not therefore reveal the malware’s full functionality in analysis.

“The [malware] sample appears to be targeting facilities that not only have software security in place, but physical security as well. ZKTeco is a global manufacturer of access control systems, including facial recognition, fingerprint scanners and RFID. If the sample is run on a workstation with ZKTeco’s ZKAccess software installed, the process will prematurely terminate.

Source: https://www.databreaches.net/cicis-pizza-card-breach-at-130-locations/
Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.

In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.

Source: http://www.itnews.com.au/news/dell-sonicwall-gms-comes-with-hidden-backdoor-431166
Researchers have discovered a range of vulnerabilities in Dell’s SonicWall Global Management System (GMS) console, including a hidden default account with an easily guessable password. US security vendor Digital Defense said the hidden account can be accessed through a command line interface client that can be downloaded from the console of the GMS web application.

Non-administrative users can be added with the command line interface; however, they can log into the web interface and change the password for the admin user. By logging in with the admin user account, attackers using this method can get full contol of the GMS, and the SonicWall devices it controls.

Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/
Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack. The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline:

@megireid We’ve been the target pf a denial-of-service attack & are working hard to restore full service. Sorry for the inconvenience!

The post TrustedSec Security Podcast Episode 50 – FCA Bugbounty, Not Malware, OKPS, Jigsaw, FDIC, Flash, Sharing Crime, Attack Services, Sentencing, GSZ Analyzer, Pokemon, PIA, Printer Patch, Ethiopia, Energy Malware appeared first on TrustedSec - Information Security.

5 episodes

#Rick Hayes