Prisma/Channel

01 Oct 2020 10:36

So the recent leak of Windows source code is confirmed, in fact the sources were for Windows XP SP1 and Windows Server 2003. This is huge for the community and I believe will in the end be beneficial to Microsoft's OS business itself.

A twitter user https://twitter.com/ntdev_ published a youtube tutorial on how to compile it, which was shortly taken down by copyright claims from Microsoft.

The video however is available and could be downloaded via torrent using this magnet link: magnet:?xt=urn:btih:7c370b5e00b91b12fc02e97bacdca24306dc12b5

Prisma/Channel

07 Aug 2020 08:03

A massive data breach at Intel has leaked over 20GB of source codes, internal documents, images and other internal and confidential files.

Some of the files were stored in password-protected ZIP-archives with passwords intel123 and Intel123 🤦‍♂️

Most recent files in the dump are dated May 2020.

Prisma/Channel

27 Mar 2020 11:20

ProtonVPN found a bug in iOS implementation of VPN affecting iOS 13.3.1 and later. The issue is currently unpatched and causes some connections to bypass VPN. Stay safe!

https://www.bleepingcomputer.com/news/security/unpatched-ios-bug-blocks-vpns-from-encrypting-all-traffic/

Prisma/Channel

18 Mar 2020 09:38

This should have been a Friday post. German military laptop with classified information sold on eBay.

https://www.nytimes.com/2020/03/17/world/europe/germany-missile-laptop.html

Prisma/Channel

13 Mar 2020 09:42

Google started Project Nightingale to collect healthcare data on millions of people. What can go wrong?

https://edition.cnn.com/2019/11/12/tech/google-project-nightingale-federal-inquiry/index.html

Prisma/Channel

12 Mar 2020 07:09

⚠️ Major bug in Avast JS engine that allowed to execute arbitrary JS code with SYSTEM privileges as easy as just sending a malicious file to the victim in an email.

The patch is not ready yet (and no timeline given so far) but the compromised component is allegedly disabled in Avast installations.

Generally, for end-user machines with Windows 10, 3rd party AV software gives little to none advantage over the built-in Defender. Consider switching to Defender at least temporarily until the patch is ready.

More info: https://www.zdnet.com/article/avast-disables-javascript-engine-in-its-antivirus-following-major-bug/

Prisma/Channel

09 Mar 2020 12:45

Another day - another Intel CPU vulnerability. This time in Converged Security Management Engine CSME), which is the cryptographic foundation for such security features as DRM, TPM or Identity Protection. Source of weakness is in the boot ROM, which leaks control over generation of encryption keys, including the key used to certify code integrity. Citing Mark Ermolov of Positive Technologies, who is behind the discovery, "with this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform".

🔸 The Verge high-level overview of the issue: https://www.theverge.com/2020/3/6/21167782/intel-processor-flaw-root-of-trust-csme-security-vulnerability
🔸 Positive Technologies report: http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html

Hardware security bugs have a huge impact on applications hosted in public clouds (AWS, Azure, etc.). Application-level data encryption such as Prisma/DB can fully mitigate these risks.

Prisma/Channel

04 Mar 2020 11:07

Let's Encrypt had a bug with the system responsible for validating domain name ownership and are revoking slightly over 3,000,000 TLS/SSL certificates. That's 2.6% of the overall certs issued by them.

🔸 The bug: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591
🔸 Additional info: https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

🔸 Check if your domain was affected: https://checkhost.unboundtest.com/

Prisma/Channel

18 Nov 2019 08:05

Yahoo employee abused their access to user accounts and compromised 6000 users in search of explicit photos.

Insider threat is always present. And the bigger the organization, the higher is the risk. Proper encryption of sensitive data can mitigate these risks to a great extent.

https://www.businessinsider.com/engineer-admits-hacking-yahoo-accounts-searching-for-images-2019-10?IR=T

Prisma/Channel

02 Nov 2019 05:54

​​⚠️ Severe Chrome RCE vulnerabilities in the built-in PDF reader PDFium and in the audio subsystem. Both based on use-after-free. Exploits are known to be in the wild.

🔶 Update immediately! Fixes are available in the stable channel.

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html

Prisma/Channel

31 Oct 2019 08:05

​​A short and a bit nostalgic story of how SSH came to be on port 22. Conveniently augmented with a refresher on some SSH tips and tricks!

https://www.ssh.com/ssh/port

Prisma/Channel

30 Oct 2019 06:53

⚠️ A severe buffer overflow bug in the PHP FastCGI module FPM causes RCE. Affected PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11.

➖ http://cve.circl.lu/cve/CVE-2019-11043
➖ https://bugs.php.net/bug.php?id=78599

Exploit: https://github.com/neex/phuip-fpizdam

Prisma/Channel

28 Oct 2019 08:05

A change of tactics by ransomware hacking groups. City of Johannesburg IT infra was hacked but instead of encrypting the data, they threaten to make it public.

https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/

Prisma/Channel

22 Mar 2019 08:00

https://twitter.com/aleffert/status/1108130062199676934

#FridaySecurity

Prisma/Channel

15 Mar 2019 11:47

https://twitter.com/lopp/status/1105857421648510978

#FridaySecurity

Prisma/Channel

25 Sep 2020 11:42

🔥 The rumor has it, Windows XP source code was leaked today in a 43 GB archive.

Prisma/Channel

02 Apr 2020 11:40

Marriott had a breach again, leaking info on 5.2M customers. Database security can't be neglected, this events will happen more and more, on a larger scale and with more expensive consequences.

https://www.zdnet.com/article/marriott-discloses-new-data-breach-impacting-5-2-million-hotel-guests/

Prisma/Channel

19 Mar 2020 11:20

Socially responsible hackers claim to cease all ransomware attacks on medical organizations during the virus outbreak and promise to provide free decryption if any of them still get hit by ransomware.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/

Prisma/Channel

14 Mar 2020 09:35

HSBC is switching from paper trail to a blockcahin-based custody platform to track $20 billion (sic!) worth of assets. This is the biggest single use of blockchain tech in the industry.

https://www.reuters.com/article/us-hsbc-hldg-blockchain/hsbc-swaps-paper-records-for-blockchain-to-track-20-billion-worth-of-assets-idUSKBN1Y11X2

Prisma/Channel

12 Mar 2020 09:45

Some good ol' data leaks that happened recently:

🔸 140GB of contact data (49M records) — Israel marketing company left ElasticSearch creds in plaintext on one of the domains: https://www.databreachtoday.com/israeli-marketing-company-exposes-contacts-database-a-13785
🔸 6.5M records of Israeli voters leaked: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
🔸 250M records of Microsoft customers leaked in yet another ElasticSearch misconfiguration: https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/
🔸 29K records of Facebook employees' financial data lost as unencrypted drives are stolen: https://www.bloomberg.com/news/articles/2019-12-13/thief-stole-payroll-data-for-thousands-of-facebook-employees
🔸 21M account records from a music service Mixcloud leaked; owners learn about breach after seeing the data being sold for 0.5BTC: https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice/
🔸 4B (!) accounts of 1.2B (!) people in a 4TB (!) misconfigured ElasticSearch leak: https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
🔸 1.19B confidential x-ray and other medical images leak: https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/

Prisma/Channel

11 Mar 2020 10:20

Yay! Some more security issues in hardware to keep Intel some company! Well, actually, most are for Intel again.

🔸 AMD side-channel attacks: https://www.tomshardware.com/uk/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
🔸 Intel SGX leaks data from secure enclave: https://www.theregister.co.uk/2019/02/12/intel_sgx_hacked/
🔸 TRRespass — the return of the Rowhammer: https://www.vusec.net/projects/trrespass/?utm_source=telegram.me&utm_medium=social&utm_campaign=yay!-some-more-security-issues-in-hardwa
🔸 Snoop-assisted L1 Data Sampling — extraction of data from L1 cache: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
🔸 L1D Eviction Sampling — another way to leak L1 cache values: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling🔸 Vector Register Sampling — leaking data from CPU registers under certain conditons: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling

Prisma/Channel

05 Mar 2020 11:03

Adobe has leaked 7+ million Creative Cloud user records with emails, account info and list of Adobe software. Leak was done through a misconfigured database (ElasticSearch in this instance). Database misconfiguration is a major contributor to the pool of data leaks, so consider using strong encryption for your DBs (such as 🔼Prisma/DB)!

🔸 Adobe disclosure: https://theblog.adobe.com/security-update/
🔸 Details of the leak: https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/

Prisma/Channel

20 Nov 2019 06:41

🕐 Timing attacks are not new. But the relatively recent discoveries of such vulnerabilties as Meltdown, Spectre, and alike have really breathed new life into researching that direction. Anything that has cache in any way or form was scrutinized and broken.

As a consequence, browsers are now going away from shared cache and implement segregated cache storages for every website. This will definitely lead to lower performance of the web as a whole as well as increase costs for smaller websites.

https://www.jefftk.com/p/shared-cache-is-going-away

Prisma/Channel

05 Nov 2019 09:45

​​🎙 Researchers from University of Michigan, US and The University of Electro-Communications, Japan have used photoacoustics (basically, generation of sound using light/laser) to inject commands into voice assistant systems (Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri) from a distance of up to 75m.

Unexpected attack vectors often are the most fruitful! And I am also quite surprised that domain name LightCommands was available... :)

https://lightcommands.com/

Prisma/Channel

01 Nov 2019 08:05

​​📸 Australian government is considering using face recognition for age verification on porn sites. What can possibly go wrong?

Some time ago there was a huge wave of spam emails claiming to have recorded target users through webcam when they visited porn sites. Spammers therefore demanded ransom in exchange for deleting the data. Might have been a source of inspiration for Australian law-makers.

https://arstechnica.com/tech-policy/2019/10/australia-wants-to-use-face-recognition-for-porn-age-verification/

#FridaySecurity

Prisma/Channel

30 Oct 2019 08:05

​​🔓 A very well-known VPN provider NordVPN was breached around March 2018. Adversaries used the DC provider's IPMI (server remote control system) to access the server. NordVPN refers to their zero-logs policy (not storing any logs) to ensure customers that nothing has leaked.

https://nordvpn.com/blog/official-response-datacenter-breach/
https://twitter.com/hexdefined/status/1186106695073726466?s=21
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

However... it seems like their private keys (albeit expired) were leaked through the breach. Also, their response to the incident make it seem like there are very weak cyber security processes in the company:

https://twitter.com/chronic/status/1186324353249492993

Prisma/Channel

29 Oct 2019 08:05

​​Database server misconfigurations are inevitable. This will happen as long as people are involved in configuring them. That happened with the two cashback websites PoringPounds and CashKaro that exposed 2TB (!!!) of sensitive data about 3.5m (!!!) users through a misconfigured database server.

This is why it is paramount to employ database security solutions, from vulnerability scanners to full end-to-end encryption solutions (such as Prisma/DB 😉).

https://www.infosecurity-magazine.com/news/cashback-websites-double-breach/

Prisma/Channel

27 Oct 2019 15:28

​​Not a particularly big data breach, but the method makes it noteworthy. Data of 260k Allianz insurance company customers in Netherlands, including names, addresses and vehicle information was stolen... on a back-up hard drive from a safe!

https://www.security.nl/posting/628900/Verzekeraar+Allianz+informeert+klanten+over+datalek (in Dutch, use the translator)

Prisma/Channel

22 Mar 2019 05:54

🤦‍♂️ Facebook strikes again. And every time it just gets worse.

This time it turned out that they were storing millions of login-password pairs in plaintext, available to a wide range of internal staff. If there is one rule of developing an internet service it's never store passwords in plaintext.

Not much information is released, but most likely the passwords were written to system logs, in line with similar bugs noticed in Twitter and GitHub last year.

⚠️ Change your password ASAP!

https://www.wired.com/story/facebook-passwords-plaintext-change-yours/

Prisma/Channel

09 Mar 2019 06:33

🌏 Some updates regarding the Chrome vulnerability:
➖ The issue was in a use-after-free bug in FileReader API.
➖ The exploit that is spotted in the wild uses the Chrome vulnerability in conjunction with a Windows 7 privilege escalation vulnerability.
➖ This vulnerability is not present in other versions of Windows or other OSes, and according to experts, it is unlikely that the Chrome vulnerability could be exploited anywhere except Windows 7.