Weekly infosec news summary for 2016.10.02 – 2016.10.09

Top stories

This was an uneventful week for enterprise defense.

Business

• TalkTalk fined $500K over last year’s cyber attack: TalkTalk was hacked last year, causing its stock to drop (see my analysis from then here). It has finally been fined, receiving nearly the maximum fine possible.

Conference materials and publications

• Virus Bulletin: This conference occured in Denver this weekend. Slides are not yet up for all talks, but check out my summary here.
• BalCCon videos: The Balkan Computer Congress took place in Serbia in September.
• FloCon slides: This conference on large-scale network analytics took place in Florida in January.
• MacOS Hardening Guide: Jonathan Levin, author of “MacOS and iOS Internals, Volume III: Security & Insecurity” which will be released this coming week, has released his appendix, the MacOS Hardening Guide. This doesn’t provide a lot of actionable steps, but lays out some general thoughts on things that can be done, such as recompiling the kernel, which is open-source, and setting SECURE_KERNEL to 1.
• The Container Revolution: Reflections After the First Decade: This talk from the Hashiconf conference (focused on devops tools), discusses the three decades of containerization.
• Glitchy Descriptor Firmware Grab: Micah Elizabeth Scott has a number of hardware hacking videos. This one shows using glitching to extract firmware.

Tools

• OverSight: New macOS tool from Objective See presented at Virus Bulletin.
• Pafish for Office Macro: Tool to check malware detonation environments that detonate Office docs.

Newspaper news

• US accuses Russian Government of DNC hack: The DHS and ODNI (Office of the Director of National Intelligence) has formally accused the Russian government of the hacked e-mails on sites like DCLeaks.com and WikiLeaks and the Guccifer 2.0 online persona.
• Yahoo secretly scanned customer emails for U.S. intelligence: The summary of the story as presented in the news is that Yahoo execs complied with a court order to install some special government software to scan customer emails, which Alex Stamos, the CISO at the time, didn’t know about until his security team discovered it, causing him to quit. Privacy debates and surveillance laws aside, the important take-away here is ensuring you have policies and technical controls in place to identify changes to your production infrastructure, and being able to detect “inside threats” like this, which may even involve teams of people.

Other reads

• Zlib: Automated Security Assessment: Trail of Bits performed an automated assessment of zlib. The write-up shows what automated assessments like this are capable of finding.
• Just Too Much Administration – Breaking JEA, PowerShell’s New Security Barrier: scriptjunkie discusses problems with Microsoft’s new Just Enough Administration (JEA) for Windows 10/Server 2016 that creates granular least privilege policies for PowerShell commandlets and scripts.
• Chrome OS updated for persistent RCE: Someone won $100K for reporting a persistent RCE to Google for Chrome OS.

To receive a weekly email notification of this newsletter, email scott@summitroute.com