Downclimb: Summit Route's Weekly Infosec News Recap
2014.09.12 – 2014.09.19: https://SummitRoute.com
Joe Security: First Automated Dynamic Analysis system to support Mac OS X
Apple's OS X is getting it's share of malware, and Joe Security, which competes with FireEye, LastLine, and others, has released the first automated analysis system for that platform.
Watering hole attack analysis
Thorough analysis from Bromium on an attack including many ways in which the attacker tries to avoid getting caught.
Android Browser Same Origin Bug
Mitigating Service Account Credential Theft on Windows
This paper is a joint work between Rapid7, Microsoft, and Palo Alto Networks. It is great to see that collaboration, and it shows in the paper, as a variety of solutions are identified, with a focus on free solutions and actionable steps.
Debian apt vulns
The package manager apt, used by Debian (and Ubuntu), has a variety of vulnerabilities due to failing to check for certain things.
Declassified TRANSCOM report
The Senate Armed Service Committie initiated an inquiry in April 2013 into how much was known of cyber intrusions into TRANSCOM and it's contractors. 50 successful cyber intrusions or other events (which the FBI determined a victim notification was required for) were identified that had occurred in the one year period up to June 2013. Of those, 20 were attributed to APT from China. Of those 20, TRANSCOM was only made aware of 2. Government documents like this are usually declassified in order to suit some political need. In this case, the purpose of the document seems largely to advocate (and ultimately enforce) greater information sharing.
- IDA Sploiter: New IDA plugin to aid exploit development through finding ROP gadgets and writable function pointers, along with other features. It leverages IDA's debugging functionality, so it's working on the real view of the programs in memory, not statically on files on disk.
- Windows 8.1 PatchGuard Analysis: http://blog.ptsecurity.com/2014/09/microsoft-windows-81-kernel-patch.html
- Paper from Carbon Black shows how you can use their tool to find malware that has infected your network: https://www.bit9.com/download/whitepapers/CB_Threat_Hunting_Interactive.pdf
- Rogue cell tower in China used for scamming: http://www.theverge.com/2014/9/18/6394391/phony-cell-towers-are-the-next-big-security-risk
- Vuln in Apple CoreGraphics library: http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html