Security Alerts & News
by Tymoteusz A. Góral

History
#1344 Juniper acknowledges equation group targeted ScreenOS
Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump do indeed target its products.

“As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS,” said Derrick Scholl, director of security incident response at Juniper. “We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.”

“We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible,” Juniper’s Scholl said.
#1343 Northsec 2016 Conference - www.nsec.io (VIDEO)
NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike.

We are determined to create a high quality security forum composed of a two day single track conference by the brightest in their field of expertise, followed by an intense 48 hour on-site CTF contest.
#1342 Test: parental control apps for Android
With a smartphone, children also have the Internet in their pocket and are usually online 24 hours a day. Is security software for Android with parental control functions sufficient to protect our children or is it better to have a special parental control app? The team at AV-TEST examined this question and came up with a reliable answer.
#1341 Threat intelligence report for the telecommunications industry
The telecommunications industry keeps the world connected. Telecoms providers build, operate and manage the complex network infrastructures used for voice and data transmission – and they communicate and store vast amounts of sensitive data. This makes them a top target for cyber-attack.

According to PwC’s Global State of Information Security, 2016, IT security incidents in the telecoms sector increased 45% in 2015 compared to the year before. Telecoms providers need to arm themselves against this growing risk.

In this intelligence report, we cover the main IT security threats facing the telecommunications industry and illustrate these with recent examples.
#1340 Embedded hardware hacking 101 – the Belkin WeMo link
Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things (IoT) trend is on the rise and here to stay. This has the potential to make our lives much easier; however, the increasing sentience of once analog devices also enables adversaries to target them and potentially misuse them.

With the ubiquity of these Internet-connected devices, there is a surplus of “Things” to exploit. The main intent of this blog post is to generalize how an individual would reverse engineer an embedded device and the process for attempting to find vulnerabilities.

For this demonstration, we will be looking at the WeMo Link, which is a part of the Belkin WeMo LED Lighting Starter Set (http://www.belkin.com/us/p/P-F5Z0489/). There have been vulnerabilities identified in previous iterations of this device; however, these vulnerabilities were more focused on the web services component and not based on analyzing the built-in security of the physical components.
#1339 A 'Tor General Strike' wants to shut down the Tor network for a aay
Last month, the Tor Project announced that an internal investigation had confirmed allegations of sexual misconduct against high profile activist Jacob Appelbaum. Now, a few members of the community are calling for a “Tor general strike,” in part to protest how that investigation was handled.
#1338 Hancitor downloader shifts attack strategy
Researchers said a new variant of the Hancitor downloader has shifted tactics and adopted new dropper strategies and obfuscation techniques on infected PCs. Researchers at Palo Alto Networks are currently tracking the biggest push of the Hancitor family of malware since June that it says has shifted away from H1N1 downloader and now distributes the Pony and Vawtrak executables.

The variant uses native API calls within Visual Basic code to carve out and decrypt embedded malware from malicious Word documents.

“Lures were expected, until we started digging into the actual documents attached and saw an interesting method within the Visual Basic macros in the attached documents used for dropping the malware,” wrote Jeff White, senior threat researcher at Palo Alto Networks, in a report.
#1337 Obihai patches memory corruption, DoS, CSRF vulnerabilities in IP phones
Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes.

The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi devices. David Tomaschik, a member of Google’s security team, discovered the issues in ObiPhone during a black box security assessment earlier this spring.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12