Security Alerts & News
by Tymoteusz A. Góral

History
#1066 Lenovo scrambling to get a fix for BIOS vulnerability
Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection.

If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.”

The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.
#1065 A Chinese ad firm is using malware to get more clicks
Advertising agencies go to great lengths to spread their clients’ messages. Now, researchers have uncovered a new approach: malware.

This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business.

Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts.

But Check Point's report claims that part of the company—the “Development Team for Overseas Platform,” which employs a staff of 25 people—is responsible for malware it has dubbed “HummingBad.”
#1064 Espionage toolkit targeting central and eastern Europe uncovered
Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe. ESET’s SBDH findings were presented during the Copenhagen Cybercrime Conference 2016 by researchers Tomáš Gardoň and Robert Lipovský.

This toolkit – actually only its initial part – was spreading as an executable with a double extension attached to a phishing email (counting on Windows’ default behavior of hiding an extension). To further increase its chances of being run by the receiver, it uses legitimate looking icons of several Microsoft applications or a Word document.
#1063 Google Project Zero: A year of Windows kernel font fuzzing #2: the techniques
As a software testing technique, fuzzing has a very low entry bar and may be used to achieve satisfying results with little expertise or invested effort. However, it is still not a silver bullet in vulnerability hunting, and there are many stages which may require careful configuration or individual tailoring for a specific target or file format, especially for non-trivial targets such as closed-source operating system kernels. In this post, we have demonstrated how we attempted to enhance the process of Windows kernel font fuzzing to the maximum extent within the available time resources. We especially put a lot of energy into mutating, generating and exercising the inputs in a decently effective way, and into scaling the fuzzing process to thousands of machines, through the development of a dedicated Bochs instrumentation and aggressive optimization of the operating system. The outcome of the work, in the form of 16 high-severity vulnerabilities, has shown that the techniques were effective and improved upon previous work.

Considering how much potential fuzzing has and how broad the subject is, we look forward to seeing it grow further and be used to accomplish even more impressive effects, while ceasing to be perceived as a voodoo technique which "just works" regardless of the technical details behind it. In the upcoming weeks and months, we are also planning to share more of our experience and thoughts in this field.
#1062 How China took center stage in Bitcoin’s civil war
A delegation of American executives flew to Beijing in April for a secret meeting just blocks from Tiananmen Square. They had come to court the new kingmakers in one of the strangest experiments in money the world has seen: the virtual currency known as Bitcoin.

Against long odds, and despite an abstruse structure, in which supercomputers “mine” the currency via mathematical formulas, Bitcoin has become a multibillion-dollar industry. It has attracted major investments from Silicon Valley and a significant following on Wall Street.

Yet Bitcoin, which is both a new kind of digital money and an unusual financial network, is having something of an identity crisis. Like so many technologies before it, the virtual currency is coming up against the inevitable push and pull between commercial growth and the purity of its original ambitions.

In its early conception, Bitcoin was to exist beyond the control of any single government or country. It would be based everywhere and nowhere.

Yet despite the talk of a borderless currency, a handful of Chinese companies have effectively assumed majority control of the Bitcoin network. They have done so through canny investments and vast farms of computer servers dispersed around the country. The American delegation flew to Beijing because that was where much of the Bitcoin power was concentrated.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12