CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin
https://www.imperva.com/blog/2017/09/cve-2017-9805-analysis-of-apache-struts-rce-vulnerability-in-rest-plugin/
The September 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review
Chrome’s Plan to Distrust Symantec Certificates
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites
https://www.wordfence.com/blog/2017/09/display-widgets-malware/
https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/
Ayuda! (Help!) Equifax Has My Data!
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
Kromtech Discovers Massive ElasticSearch Infected Malware Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
Cryptocurrency web mining: In union there is profit
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
High Sierra’s ‘Secure Kernel Extension Loading’ is Broken
https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/
New FinFisher surveillance campaigns: Are internet providers involved?
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
http://blog.trendmicro.com/trendlabs-security-intelligence/ixintpwn-yjsnpi-abuses-ioss-config-profile-can-crash-devices/
Dear Asyn and others that follow this thread,
In the light of the recent attacks against CCleaner with redirection to controlled C2 servers by sophisticated state hackers, known as Group 72, we should also consider the following insights:
The recent actions againgst Asian C2 servers: https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html (translate to English using Google translate).
Because of collision issues we can no longer profoundly trust MD5 or SHA1 hashes. NIST recently removed a weakened NSA-algorithm
and NSA has difficulty getting two new weakened distrusted algoritms approved: http://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV
But then after the Snowden reports, who can trust a “burglar that sells locks”?
Another issue: Dual EC DRBG is a “cryptographically secure pseudorandom number generator”, something that generatess streeams of bits, that are quasi-random, and one cannot tell the difference with real randomness. As such a tool in that is not an encryption algorithm, but it should have a place inside the crytographer’s toolchest. Well this one should be quarantained, as it does more wrong than it is worthless as such.
And despite of that RSA Security (the firm by that name*) has Dual EC DRBG installed as per default, while there are much better choices available. Is not that a coincidence? Why anyone should ever now believe NIT anymore?
Wanna have a go at it: download LCPT_gcc.cc program from directory: wuala.com/FreemoveQuantumExchange/Aspects/Randomness/Theory/Berlekamp-Massey
source code is there as well.
When you start to test files s01.dat and s.02.dat using the LCPT_gcc.cc program, it appears complexity halts at 19937
and does not go further, which is the complexity of a Mersenne-Twister. Whenever using Mersenne
to be found inside mentioned directory generate pseudo-random files and test those you will find the compexity is 4*19937.
This is why per output (of 32bits) 4 bits are being sampled. In the same way one can test the output of the Microsoft PRNG,
see that same dir. One would find similar results.
Now we see why with CCleaner the 32-bit versions were compromised. We know the trick now that the l33t hacker(s) used.
Is it not kind of weird that security organizations and state agents wanna undermine everyone’s security with this kind of nonsense/crap?
So you can create backdoors when you alone own the secret key. Sort of similar to a normal public key scheme.
polonus (volunteer website security analyst and website error-hunter).
P.S. It should be a concern that the Microsoft Windows certificate store (you find it inside the registry) identifies certifivcates 'uniquely" on basis of their SHA1 hash - collision can not be avoided under all circumstances. SHA1 is unsafe
It’s been unsafe for a very long time: https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
Optionsbleed - HTTP OPTIONS method can leak Apache’s server memory
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html