Author Topic: Technical (Read 1488601 times)

Asyn · « **Reply #2175 on:** May 25, 2018, 08:00:50 AM »

Spectre continues: Did we all trade speed for security?
https://blog.avast.com/spectre-continues-did-we-all-trade-speed-for-security-avast

Asyn · « **Reply #2176 on:** May 26, 2018, 06:46:23 AM »

New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected

Asyn · « **Reply #2177 on:** May 27, 2018, 09:17:15 AM »

Brain Food botnet gives website operators heartburn
https://www.proofpoint.com/us/threat-insight/post/brain-food-botnet-gives-website-operators-heartburn

Asyn · « **Reply #2178 on:** May 28, 2018, 06:18:50 AM »

Quote from: Asyn on May 26, 2018, 06:46:23 AM

New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected

Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Gopher John · « **Reply #2179 on:** May 28, 2018, 02:28:15 PM »

Quote from: Asyn on May 28, 2018, 06:18:50 AM

Quote from: Asyn on May 26, 2018, 06:46:23 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection? Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?

Filip Braun · « **Reply #2180 on:** May 28, 2018, 04:33:05 PM »

Quote from: Gopher John on May 28, 2018, 02:28:15 PM

Quote from: Asyn on May 28, 2018, 06:18:50 AM
Quote from: Asyn on May 26, 2018, 06:46:23 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection? Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?

Hello,
We were considering whether to add a detection for the VPNFilter exploit, but at this point we are leaning towards NO.
The reasons being:
- It is targeted mostly towards corporate networks (not Wi-Fi Inspectors focus)
- It is not that wide spread
- It is one of the more sophisticated and harder to detect exploits (more development time needed)
Added up, it would not be worth to invest the time into this, when we can add several other detections, that we think will benefit our users more.

Filip

Gopher John · « **Reply #2181 on:** May 28, 2018, 06:33:26 PM »

Filip, thanks for your reply.

Many brands/models of home routers are vulnerable. If these routers become compromised, it is possible that they could be used for DDos attacks? At any rate, it seems that the compromised routers is used to steal data traveling thru them.

Asyn · « **Reply #2182 on:** May 29, 2018, 12:43:33 PM »

Quote from: Asyn on May 21, 2018, 07:58:45 AM

Quote from: Asyn on May 15, 2018, 06:43:42 AM
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/

In Apple Mail, There’s No Protecting PGP-Encrypted Messages
https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/

Asyn · « **Reply #2183 on:** May 30, 2018, 11:25:55 AM »

Z-Shave. Exploiting Z-Wave downgrade attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/

Asyn · « **Reply #2184 on:** May 31, 2018, 03:36:51 PM »

Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client

Asyn · « **Reply #2185 on:** June 01, 2018, 07:33:05 AM »

Quote from: Asyn on May 28, 2018, 06:18:50 AM

Quote from: Asyn on May 26, 2018, 06:46:23 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Did you reboot your router yet? Make sure to do so and soon.
https://blog.avast.com/dont-forget-to-reboot-your-router

Asyn · « **Reply #2186 on:** June 03, 2018, 11:22:28 AM »

Side-channel attacking browsers through CSS3 features
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/

Asyn · « **Reply #2187 on:** June 04, 2018, 12:19:07 PM »

Research shows 75% of ‘open’ Redis servers infected
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html

Asyn · « **Reply #2188 on:** June 05, 2018, 06:47:44 AM »

Fighting malware with machine learning
https://blog.avast.com/fighting-malware-with-machine-learning

Asyn · « **Reply #2189 on:** June 06, 2018, 06:54:53 AM »

Quote from: Asyn on May 09, 2018, 07:44:39 AM

Large cryptojacking campaign targeting vulnerable Drupal websites
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/

Over 100,000 Drupal websites vulnerable to Drupalgeddon 2 (CVE-2018-7600)
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/

Author Topic: Technical (Read 1488601 times)

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Gopher John

Re: Technical

Filip Braun

Re: Technical

Gopher John

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical