Issue 31

NotPetya aka GoldenEye ransomware infection

There's no getting around NotPetya/GoldenEye this week.
About 2000 organisations have been impacted, among which the container shipping company Mearsk, TNT/Fedex and pharma company Merck.

The amount of news on this is slightly overwhelming, so I tried to boil it down:

  • It's made to look like the 2016 malware Petya, and uses a few pieces of its code, but has a lot of differences.
  • The initial infections probably happened through phony updates of a Ukranian tax accounting software called MEDoc.
  • The malware uses the EternalBlue SMB exploit like WannaCry did, but also searches for admin credentials to try and spread laterally through network shares.
  • The ransomware aspect might be more of a ruse, in that the focus seems to be more on causing damage, making it more wiper than ransomware.
  • Once you paid you needed to e-mail a certain account to get your decryption keys. This account was closed by its vendor, Posteo, so even if you want to pay and decrypt you can't.
  • There are suggestions that you wouldn't be able to decrypt your files anyway because of an error in the malware's code. (source)
  • There is a 'vaccine' of sorts where you can prevent infection by creating a read-only file in your Windows drive called 'perfc'. (source)
  • If you want to read more, this article and this article do a pretty good job.

Dieter Van der Stock

Windows 10 internal builds and parts of private source code leaked online

The leaked source code is Microsoft's Shared Source Kit, which includes hardware drivers, Wifi stack, etc, making it a prime target to scour for exploits. It was uploaded to betaarchive.com, but they have since removed the sensitive material.

theregister.co.uk

Obama reportedly ordered implants to be deployed in key Russian networks

These implants were in response of Russia's meddling with the election process. They would be used should the situation escalate further.

arstechnica.com

Linux Foundation launches the Open Security Controller project

It describes itself as "centralized security policy management for multi-cloud environments'. 
I'm having a hard time breaking through the enterprise-level marketing-lingo, but if this is your cup of tea you might want to check it out.

opensecuritycontroller.org

China uses quantum satellite for transmission over 746 miles

It is seen as a huge step in creating a 'hack-proof' communications channel, based on the phenomenon of quantum entanglement.

csmonitor.com

Inside Apple’s global war on leakers

In-depth article on what lengths Apple goes through to prevent leaks to the press and competitors. Although, ironically, this information was learned through a leaked presentation.

theoutline.com

Looking at the effectiveness of Windows 10S security

This article takes a critical look at Windows 10 S, a version that promises higher security by, among other things, allowing only app installs through the Windows Store and disabling Powershell.

arstechnica.com

Password reset man-in-the-middle attack

Not a new attack at all, but a nice short write-up of how an attacker can entice someone to sign up for an account on his fake website, and abusing the signup process to proxy a password reset (including 2fa) on another website. Very hard to defend against.

helpnetsecurity.com

F⁠ingerprinting text document with steganograph

Interesting article on how to fingerprint text documents uniquely to every recipient so you can identify where a leak originated, including a tool to do just that.

fastforwardlabs.com

Why so many top hackers hail from Russia

Brian Krebs takes a look at why Russia seems to output more skilled hackers than any other area. It comes down to a higher level of IT education, starting in high school.

krebsonsecurity.com

Ether thief remains mystery one year after $55 million digital heist

A very long article, reading like fiction, about the $55 million Ether theft out of the DAO.

bloomberg.com

Using an e-cigarette as a USB-like exploit or covert storage device (Youtube)

Nice thinking outside of the box :-) BSides London talk by Ross Bevington.

youtube.com

Sponsorship

Full Stack Fest 2017: Barcelona, 4-8 Sept.

Week-long conference based in the amazing city of Barcelona that peeks into the web of tomorrow. Serverless, blockchain, WebVR, distributed web, progressive web apps, and more. Use the code SECNEWS for a 10% discount.

fullstackfest.com