Issue 55

Hackers behind Mirai botnet & DYN DDoS attacks plead guilty

Paras Jha and two accomplices pleaded guilty for these attacks. This article adds some more details.


NiceHash cryptomining exchange hacked; everything’s gone

Over 4700 bitcoins were stolen, currently worth around $80 million. At this time NiceHash is still down. Their website shows a message saying they'll be back soon and are working with law enforcement to track down the attackers.


Keylogger found in Synaptics driver on HP laptops

It was a big news item but there is no malicious intent here that anyone can see, the keylogger is actually a debugging tool left in there by accident. It was off by default but an attacker could switch it on and use it to record all keystrokes stealthily, so updating is advised.


1.4 billion unencrypted credentials found in interactive database

It's not a new breach, but an aggregate of 252 previous breaches. The dump includes search tools to comb through the data. The author isn't selling it, instead just making it available and accepting donations.


Process Doppelgänging: inject malicious code that can't be stopped by AV

A fascinating technique that uses NTFS transactions, essentially locking a valid .exe in a transaction, which keeps it out of reach of AV, modifying and executing it, and then rolling back. The modifications never get written to disk.


Tech support scammers invade Spotify forums to rank in search engines

The Spotify forums tend to rank well in SEO. Apparently some attackers figured this out and started streaming spam messages on the forums, boosting their tech scam phone numbers in the listings.


Security enhancements for (enterprise) Chrome

The latest Chrome includes some interesting features: restrict extension installs based on permission requests, TLS 1.3 (for Gmail only initially), and site isolation, a feature where each open website runs in a separate process, more isolated from other websites than is now the default. More on the latter here.


Update all the things \o/

  • Microsoft's latest update batch fixed 30 vulnerabilities, including 2 remote code execution bugs found in the Malware Protection Engine: link
  • The previous link also discusses the new Adobe update fixing one medium security-related bug (yes, just one).
  • Chrome has been brought to version 63, including a set of security and feature updates : link


Extended Validation (EV) certificates abused to create very believable phishing sites

Great article discussing some ways that EV certs can be misused, like using fake identities to set up fake EV companies, or using the same name as well-known companies in your EV since those don't have to be unique. Good reminder to all that even the "padlock + green company name" is not phishing-safe.


A look at the improvements that TLS 1.3 brings

An easy to read explanation of the differences between TLS 1.2 and 1.3.


MoneyTaker hacker group steals millions from US and Russian targets

Interesting article describing the operation of MoneyTaker, a Russian-speaking hacker group who have thus far compromised 14 US banks, 3 Russian banks and other targets.



Automated vulnerability scans of web applications in the SDLC

Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.