Downclimb: Summit Route’s Weekly Cyber News Recap
2015.08.02 – 2015.08.09: https://SummitRoute.com

Quotes

“it’s the cicada defense. Predator satiation!” Dan Kaminsky on how media is passed from stagefright to LG’s own parsers resulting in a greater attack surface

Top stories

Puush update server hacked

The auto-update server for an application called Puush was hacked and distributed malware. The attackers tried to hide their activities from the developers by putting in a GeoIP based redirect so users in the developer’s region would not receive the malicious update.

• http://puushstatus.tumblr.com/post/115160990852/detailed-analysis-of-events-2015-03-30

Firefox exploit retrieving files

A malicious ad site was found that was using a Firefox exploit involving the PDF viewer to read files from the user’s system for Windows and Linux. It was focused on developer related files (subversion, s3browser, and Filezilla configs, plus more). Although some reports disregard this vuln because it doesn’t provide RCE, it should be noted that it doesn’t need to, since it can steal nearly everything an attacker would want anyway.

• https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

Newspaper News

• Ubiquiti Suffers $46M Cyberheist: This maker of networking technology disclosed in it’s quarterly financial report that it had been a victim of a fraud that resulted in losses of $46.7M.
• 2012 Aramco hack: One of the most destructive hacks in history was the Saudi Aramco hack of 2012 where 35,000 computers were partially or totally wiped. An interesting new detail of the story is that to get the corporate giant back on it’s feet, it flew representatives directly to Southeast Asia to buy 50,000 new hard-drives at once.

Conference materials and publications

• Black Hat USA: Slides
• Defcon: Slides
• BSidesLV: Videos
• Shakacon: Slides for conference in Hawaii in mid-July
• Isolated User Mode in Windows 10: Microsoft lecture

Tools

• xpwntool: Tool for decrypting IMG3 firmware files which ships with iOS firmware.
• TaskExplorer, BlockBlock, and Dynamic Hijack Scanner: Free security tools from Objective-See (led by Patrick Wardle) for Macs.

Other reads

• Extension security: The main point behind this post is understanding that the browser extensions you install have access to all the of the data (and keys typed) on the websites you browse.
• Is Extended Random A Malicious NSA Plot?: Discussion of a TLS proposal called Extended Random and a theory that it is being introduced to allow decryption of the traffic.
• FIPS 202: This NIST announcement officially approves Keccak for SHA-3, and for it’s uses whenever a secure hash is needed. The Keccak hashing algorithm had already won NIST’s SHA-3 competition back in 2012, but this approves it’s use as a Federal Information Processing Standard (FIPS). Read more about Keccak here.