Press "Enter" to skip to content

Month: May 2019

Wednesday, May 22nd, 2019

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

https://github.com/SandboxEscaper/polarbearrepo

Learn to Hack Non-Competes & Sell 0-Days at Black Hat USA

Consumer IoT Devices Are Compromising Enterprise Networks

Transcripts:

Hello folks it is Wednesday May 22nd twenty nineteen and this security on the bayou. security news and why it matters to you. Happy hump day. It’s almost Friday that three day weekend is calling my name I can hear it now.

All right we’ve got a couple three articles today two from Dark Reading one from the hacker news from the Hacker News dot.com. If this is something you don’t follow Hacker News You should title the article PSC exploit for unpacked Windows 10 zero day flaw. Published online. This one was fun I enjoyed it and an anonymous hacker named sandbox escapes or released a posse of new zero day vulnerability affecting Windows 10. This is his slash her fifth publicly disclosed windows zero day exploit. In less than a year. That’s impressive. Five windows explains pieces. This newest one takes advantage of the task scheduler in Windows essentially based on some permissions for some DL ls they’re able to write a new task to the task scheduler to execute with system level permissions. Obviously this is bad so you do have to have physical not physically but you have to have access to the machine. So at some point you already have to have owned this machine or have physical access but this is something that it looks like probably could be used for persistence fairly easily. It’s a this is fairly significant task scheduler or something I use all the time on Windows Server. It looks like its effects Windows 10. Where was that list 10 32 bit 64 bit along with Server 2016 and 2019. So if your enterprise is up to date you’re most likely using all of these things. If you’re somehow behind this works out for you which which is rare. I mean there’s a lot of other things that don’t work out for you if you’re that far behind. So this person also claims to have four additional zero day bugs in Windows. So three of which lead to local privilege escalation and a fourth one lets attackers back bipod excuse me lets attackers bypass sandbox security. So if you’re not familiar with San boxing essentially applications are allowed to run in their own little sandbox just like when you’re a little kid and their parents would hover around you and you say no don’t come out of the sandbox. So that is what a sandbox is for applications like Google Chrome is sandbox. It’s a lot of things their sandbox is a great technology so anything that can circumvent sandbox thing is a pretty damn big deal because it’s used very very widely. This is a this is a fun one. This is kind of stuff I get giddy over I’ll also post the link to the get hub of this person. I was digging around in the get hub and I found something sort of interesting so there is a nother repo in here that is only two hours old and it is called Angry polar bear bug too so I haven’t had a chance to dig in or read all of it yet but it seems to me there might be a can I. I perused it really quickly. It seems to me that this might be an additional zero day so I’ll dig into that some more but interesting they may have released to within the span of Lucy less than 24 hours. The one this one we’re talking about now was released 19 hours ago. So big day there. Interesting especially since everything that’s going on with the windows update patches and all the Eevee. I mean this is you know is sort of the perfect storm here. All right let’s move on. I’ve already spent enough time on that so we’ll we’ll move these next to pretty quick next from Dark Reading dot com by the Black Hat event staff. I’m not a huge black hat guy. It’s it’s fun it’s enjoyable. I’m probably not going this sharply going to def comment not black. But here’s the article title of the article. Learn to hack non competes and sell 0 days at Black Hat USA. So essentially black out is there pushing all the ones have sound really really interesting which good for them they should be. This is what the this is their job. Also the first one is titled selling 0 days to governments and offensive security companies. Hey we just talked about zero days. I don’t know what that. I don’t know what the value of that window’s zero day. This guy dropped it but my guess is that it’s worth a lot of money probably more than a lot of people make in a year. So next how to hack your non compete. Ah excuse me hacking your non compete. Yeah. Non compete sock right. So anyway you can get around those. You know I think there’s a certain level of people that pay should not have non competes actually read an article the other day at 1 in 7 people that make less than forty thousand dollars a year have a non compete which is ridiculous if you ask me. And that’s not just information security that’s nationwide. In the United States the next one making big things better the Dead Cow way. So if you attended Def Con last year the CDC got up and you know they had a whole board and it was a lot of fun it was a really good time. It’s fun to ask these guys some questions some you know the original sort of hacker group a lot of it inspired a lot of people over the years so it looks like they’re making a comeback of it at Black Hat. I bet you’d probably be a little bit more organized this time. Not that it wasn’t last time but once again that should be that should be a fun one. What’s this in the current oh so as you may know Betto O’Rourke the presidential candidate was part of the cult of the Dead Cow back in the day so I’m sure that will come up now because that wasn’t public information last year next. Also from Dark Reading by Erica Chico Tchaikovsky Erica. Welcome back to the podcast. Consumer I.T. devices are compromising enterprise networks. Yeah no kidding. Yep. All joking aside yes they are. They’re everywhere everywhere you look there’s IO T devices right. And you know try not to get too focused on the on the term IO T right Internet of Things is something that is small not well not necessarily something that is plugged into your network that has a specific purpose that has an internet connection that’s been around for years. Right we’ve just branded it IO T. But here’s what they found. Researchers from Z killer Z scalar and threat labs. Ninety one and a half percent of IO T transactions are conducted over plain text bad no good bad. Stop it. Next 18 percent of IO T devices running that use SSL exclusively communicate. This is terribly sentence terribly written 18 percent of devices use SSL within an enterprise environment. That is also bad. That should be way higher. Those numbers should be flipped that should be the end goal here. Let’s flip those numbers and we’re in good shape. If you want some more details on this study she starts to break it down a little bit more. Forty nine percent of enterprises do not regularly scan for IO T devices bad once again only 8 percent say have the capability to do so. That’s somewhat understandable I get that this is still new. How are you scanning for it. That’s an interesting question. I’ll do some research on myself because I don’t know that I have the answer for that although I would think a lot of your vulnerability scanners would be able to pick a lot of that up anyway. So there’s some good information in here about this report. I recommend you go over there and read it. All right. What a day. No easy news today sort of disappointing Baltimore. No no update on Baltimore either. We’ll get there. We’ll find something something new will come out on that. Anyways it’s Wednesday May 22nd twenty nineteen and this has been security on the bayou. Thank you for joining me. And we will talk again tomorrow. Everybody have a wonderful week.

Tuesday, May 21st, 2019

Linux variant of Winnti malware spotted in wild

Windows 10’s May patches are borking McAfee and Sophos software

Ransomware Cyberattacks Knock Baltimore’s City Services Offline

Transcript:

May 21st Raw.mp3

 It’s Tuesday May 21st 2019 and this is security on the bayou. Today security news and why it matters to you. So today’s can be fun day. We’ve got a couple of really good ones too. Two they’re going to sort of follow ups one that’s pretty technical but this I’m pretty excited about today it is Tuesday.

All right first one from a SC magazine dot com written by Robert Abell Linux variant of win NTI malware spotted in wild. So normally I wouldn’t bring up something so technical but the reason I do here is because of who found it. This was found by Google’s chronicle security team which we’ve heard a lot about they had a big sort of deal at RSA about their new sim that they’re building you know in its Google anything Google touches tends to turn to gold security touch anything security people touch turn to gold. This is just a match made in heaven having Google and security so this is one of the first truly technical things I think I’ve seen from them. I found out today they have a blog. Of course they is why when they have a blog. But this is specific to that win A.I. malware malware has been a popular tool used by Beijing hackers over the last decade or so. Last used on a German pharmaceutical company in April of 2019. So essentially this this malware which most malware is written for Windows or Mac is typically the two you see attack the most more and more over the past four or five years we’ve seen them sort of take these tools if used in the past and start to adapt them for Linux start looking around the world. Linux is run everywhere in the U.S. Azure it’s all based on Linux right. So if you can compromise the big bad servers you have more power to do things so Chronicle has found how many versions of it where to go. I want to say there was five different versions that they found of the of when A.I. ported to Linux.

So next let’s move on. We’re moving to the Inquirer dot net. This is a update from what we talked about yesterday. So if you remember we’ve been having all this stuff with evey every vendor. So yesterday we discovered that Sophos was telling users to roll back their Windows patches because it was causing boot up issues with machines that were running Sophos. Well today gets even better from the inquired dot net windows tens may patches are balking. That’s a great great use of boarding McAfee and Sophos software. This is by Chris Merriam Mary Merryman at Chris the D.J. on Twitter. He’s got a pretty cool profile picture on here. Go click this link and read this and look at that picture. It’s worth it. So not only is Sophos having issues with the May security patch updates from Microsoft but apparently McAfee is and a vast in a virus in aka bit. So I mean most people are via and archive but I’ve never heard of. Well they’re out there they do Avey. You see a lot of virus total but it’s probably not widely used but a vast for sure. McAfee and so far she kidney that they’re all over the place. So this is an interesting. This is not near as bad as Sophos McAfee is having issues with their hips and their virus scan enterprise slowness on startup or may become unresponsive at restart after installing the update. McAfee doesn’t say anything about when they’re going to fix it just like cell phones I’m sure it’s a we’ll fix it soon we’ll get there. Right. Elise McAfee is not saying to uninstall patches right. I said this I want to caution people this could very quickly turn in to a blame Microsoft game. I don’t I don’t necessarily see it that way. So just remember that my remarks that Microsoft Windows is the underlying operating system here. So that’s the most important part right. You can get another Avey. You can’t typically get another operating system there’s only so many options so if you have McAfee or Sophos or vast or virus or Arca bed or or even we start looking at Symantec from the previous weeks or trend there’s other ones out there I highly recommend Malware bytes go grab them if you’d like try other ones there free ones out there although I don’t always recommend using free Avey for obvious reasons but in a subscription is fairly cheap in the long run it’s going to save you a lot of money in time and frustration over the years.

All right next let’s move on to another update. So this one was written by NPR not a typical source for us. The title is ransomware cyberattacks not Baltimore city services offline by Emily Sullivan. So this is we know this right. So first I saw the article was like well why are they sending you to know why are they writing this article on May 21st when this has been going on for two weeks. I didn’t know the title didn’t exactly allude to any new information. Well here we go. I found the new information today this morning the hackers have demanded 13 bitcoins. About one hundred grand. So they went from 72 grand or whatever it was from 16 all the way up to 100k and they still haven’t paid it. The FBI and Secret Service are on this. And at this point you just gotta pay the damn ransom move on right. So you’re going to the there are two or three options here. Here there’s three. Three ways this thing could go one. You had to wipe all your systems and you lose your data too. You pay the ransom they don’t give you the key yet to wipe all your systems and lose your data. Three you pay the ransom. They give you the key you unlock and you get all your data back. So I know two of those involve paying the ransom you tell me. So in here’s where my really form that opinion from. Let me go find this. This quote. Essentially what they said is that all the cryptic cryptographers in the world and the country the smartest MFA is out there have all said that this is an unbreakable algorithm. There is nothing technologically available that can break this algorithm which says to me that you just got to pay the ransom. If the FBI the Secret Service I’m sure everybody’s involved in this on the government side in all these really smart mathematicians and cryptographers are saying this can’t be broken. It’s time you just got to scream uncle and pay the ransom and move on. So it’s been an interesting day. Tuesday what a day to updates Baltimore a city of Baltimore I feel bad. That’s tough. I mean they’re having issues with medical staff processing home loans processing you know title transfers medical records. It’s just essentially everything that you would ever file with the city is just been it’s been encrypted. And then I’m sure the people it sucks right they’re going to pay it’s going to come out of their pocket at the end of the day. But at some point somebody is going to tell you the hard truth of things. You’ve got to pay it and hope it works out for the best. All right folks it is Tuesday May 21st 2019 and the security on the bayou. Thank you for listening. Hope everybody has a wonderful day. It’s almost hump day. We will talk again tomorrow.

Monday, May 20th, 2019

Sophos tells users to roll back Microsoft’s Patch Tuesday run if they want PC to boot

Slack Bug Allows Remote File Hijacking, Malware Injection

TeamViewer Confirms It Was Hacked in 2016

Transcript:

Hello, Friends, it is Monday, May 20th. Twenty nineteen in here’s today’s security news first off from the registered echo that UK Sophos tells users to roll back Microsoft patch Tuesday run if they want to. P.S. If they want their P.C. to boot this is written by Gareth Corfield. So Sophos has released a statement that says hey if you’re using our product and you want to use your computer you had to roll back the Microsoft patches. That seems like a bad idea if you ask me. So not just like one patch all of the patches the full patch Tuesday kit they want you to roll it back. And to top things off when asked if they had a plan or what’s going to how are they going to update what’s going on. They said Sophos is working diligently on determining the issue and will provide ongoing customer guidance. Not that we will have an update for you in a week. Give us three days just hey we’re working on it. So if this was any other regular Patch Tuesday for Microsoft I wouldn’t be too concerned with it. But this was a pretty big deal there from where we talked about this that one of the vulnerabilities is worm rule just like they used in want to cry one encrypt whatever you want to call it. So it’s a pretty big deal and it affects all it all the way down to Windows XP. Even released patches for Windows XP. So this isn’t just some run of the mill AII right remote cold vulnerability. This is a pretty big deal. So interesting I hope Sophos fixes this quickly. It’s been a bad couple of weeks in general for every provider with everything that happened with Matt McAfee and trend and Symantec last week with their source code and now this was Sophos it’s tough to be in a vendor right now.

All right. Next from the threat post dot com slack bug allows remote file hijacking malware injections. So a researcher from tenable David Wells. I apologize. This article is written by terrorists seals a researcher from tenable named David Wells discovered a bug in Slack desktop version 3 2 3 7 4 Windows only that essentially allows an attacker to post a link into a slap or a link into us. Slack channel that is used to download a document in essentially in that protocol it allows them to change the destination of where that file is located to a local SMB share, therefore, downloading something other than intended. So somebody could put in a link to a Google Doc and all of a sudden that link now turns into an SMB file sharing your downloaded good piece of malware. So there’s erm it’s remote exploitation both authenticated and unaffected users malware and more. I mean so it goes into detail here. And as you know slack is pretty large. So the this is mitigated currently by upgrading to the next version to three top to zero. So I highly I mean this is obviously already been fixed. So go upgrade your Slack client on windows if you’re using it. Interesting that we don’t see a ton of slack stuff. So next from security Wycombe by Edward Kovacs team view confirms it was hacked in 2016.

This should not come as a surprise as many issues as Team viewers had over the years. One more thing for them. So apparently they were targeted in 2016 by a piece of Chinese malware we’ll just call it that for now. Or let me rephrase that a piece of malware that is commonly used by the Chinese they go on to talk about how they did their full you know they did the research they did the forensics and everything and nothing was stolen. So the direct quote independent experts conducted a thorough investigation using all I.T. forensic resources available and found no evidence that the security of our users or their I.T. systems was affected in any way. Yeah, I took those with a grain of salt right. I know there’s a lot of good forensics people out there everywhere you go. I just sometimes you just wonder right. Is there things that you didn’t see. There probably is. So we’ll take that statement with a grain of salt. Once again team view confirms it was hacked in 2016. All right, folks, that’s it for Monday, May 20th. Twenty nineteen everybody has a wonderful week. Hey, it’s a three day weekend for those in the United States coming up so just finish strong right and if you’re taking off Friday Whew boy a four day weekend so everybody finishes strong. Have a good week and we’ll talk tomorrow.

Thursday, May 16th, 2019

GOOGLE WILL REPLACE TITAN SECURITY KEY OVER A BLUETOOTH FLAW

‘GozNym’ Banking Malware Gang Dismantled by International Law Enforcement

Russian government sites leak passport and personal data for 2.25 million users

Transcript:

 Welcome to security on the bayou. It is Thursday, May 16th, 2019. And here’s today’s security news and why it matters to you.

‘First off big news of the day this articles on wired one thing in this article you could google and find almost anywhere probably be on your local news Google replace tighten security key over a Bluetooth flaw. This is written by Lily Hay Newman. Essentially there is a flaw in the Titan key with the BLT that could allow an actor to intercept and relay signals including credentials so while there is a flaw or a misconfiguration in this piece of hardware. In reality, this attack would be extremely difficult to pull off. You’re going to have to be within 30 feet of someone using a key. You’re also gonna have to already know their username and password. But if you have both those things and you’re able to pull this off you can get access to the user’s machine and their account locally. So it is dangerous. The fact that you could do this you know increases the danger associated with this account or with this attack. And you know according to you know one of the things they point out in this article is that those people that are using this type of thing are probably extremely security conscious and really really worried about this. So a good part on Google is they’re going to replace it with a new version that does not have this issue it’s going to have a three on the back. I take it back anything as T1 or teal it to on the back they will replace. So if you’ve got one go get it replaced. And also good for you for using something like this.

Next from the hacker news by Moet Kumar goes Nim. Jose and why am banking malware gang dismantled by international law enforcement. So this was a multinational group from Bulgaria Germany Georgia Moldova Ukraine United States Euro justice and Euro pull. They were able to bring down this big banking malware Trojan group cybercrime network whatever you want to call it a bunch of bad guys with the malware stealing money. They’re responsible for stealing nearly a hundred million dollars from 41000 victims across the globe. Anytime I see one of these I get excited. This is good stuff. I mean any cooperation between multiple countries multiple law enforcement. This is just good for the world in general for people. You know it’s one less thing you have to worry about there’s already enough going on in this world that you have to worry about your money get stolen less than you want is your money stolen while you’re on the Internet. So they were able to get these guys one of them has green hair which is an interesting sort of fitting the other one’s wearing a black beanie. I mean if there are hackers these are them right. Proof super hackers one of them’s got some me if she’s going to it’s perfect. It fits the profile exactly how they didn’t catch him earlier.

Next from Xena Russian government sites leaked passport and personal art. Let me try again. Russian government sites leak passport and personal data for 2.5 million users. Written by Caitlin Sim poncho for zero-day. So this is an interesting article. This researcher found that he was able to collect P.I. is what I would call it for Russian folks. Employees government employees citizens and high ranking politicians from all these different sites that have passport information or an S and ISIS which is the equivalent to a social security number here in the United States. So he did the responsible thing. He found all this he wrote and reported it to the Russian government and the Russian government said no it’s all good. It’s supposed to be public information. And then he went to the press. And now they’ve gotten a hold of the story obviously. So it’s interesting a couple of times they’ve come back and said No no no it’s all good. This is supposed to be out there. Which makes you wonder what is the Russian government you know defying P.I. eyes in my mind if the U.S. government said no. Everybody can have your passport information in your social security number. It’s ok we would lose our collective minds. So I don’t you know I don’t know if this is just a misstatement by the Russian government or if somebody really just doesn’t know what’s going on over there. So they were notified eight months ago. So plenty of time to fix it. I think you know this guy did his due diligence right. He’s you know he alerted all the right people and they chose to do nothing about it. So that is your security news for the day. This is security on the bayou and it is Thursday, May 16th, 2019. Everybody have a wonderful day we’ll talk tomorrow.

Wednesday, May 15th, 2019

Baltimore Ransomware Attack Takes Strange Twist

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

Israeli TV’s Eurovision webcast hijacked by hackers. Hamas blamed

Transcript:

Hello friends welcome to security on the bayou It is Wednesday May 15th 20 19 and here’s your security news for the day.

First things first from Sophos The Naked Security blog. You know this is one of my favorites. Title is update now. Critical remote work Mobile Windows vulnerability so normally I would just skip right over Patch Tuesday because it’s everywhere all the time. It’s not even patched choosey anymore what do we even call anymore windows update day. I don’t know. Anyways this is written by Mark starkly. And the reason I’m calling this out today is because there is a vulnerability in the remote desktop services that is warming bill. So the reason this is important is because Whirlpool essentially means that it can spread throughout the network. This is the same type of thing that happened with want to cry that the ransomware. So this is actually a pretty big vulnerability they’re all big right. But this one has a large impact across the environment. This isn’t something that will just cause you’re a single remote code execution in a browser or something like that an isolated incident. This could potentially affect the entire network of your enterprise. So if you haven’t patched yet. Go ahead go through the cycle I know most large enterprises it’s not a day of right you get a good test and it’s going to be a month to a quarter. But this is one of those that you want to put a high priority on and push through change control probably as quick as you can get tested get it get it out in the next week or so protect your network.

All right. Next. This is also once a man ransomware is everywhere. Maybe I’m seeing it maybe I’m obsessed with it. I don’t know. But we’re going to keep talking about it. So if you didn’t hear last week Baltimore the city city of Baltimore had a ransomware attack. And normally I would just gloss over it move on right. Because it’s just another city with another ransomware attack. Well this one gets a little bit more interesting today because on the old tweet box somebody posted a tweet that essentially is dark pictures of documents that would have been from the city so not only is there ransomware here but it appears that there was a fairly large data breach. So this is significant because the hacker is acting asking for about 76000 dollars and they’re saying that after 10 days they will no longer pass them the decryption keys. So after 10 days theoretically all these systems could get wiped out. Which is interesting. So they have 10 days. You know I my guess would be that if they don’t get paid they’re going to wipe all the systems and they’re probably going to dump all these documents. Now if you have nothing to be afraid of. Well that’s not the raw. That’s not the right mentality. This is just not good in general for the city of Baltimore. So one of the things when I was reading this article is like we know where all this is happening. How many other cities or municipalities or counties or whatever. And so actually in this article this person she read my mind Kelly Jackson Higgins. She read my mind and listed all of the other places it happened so I’m one of 22 against state local government entities so far in 2019. So I’ll read them off Washington Pennsylvania Amarillo Texas Cleveland airport Cleveland Ohio I guess the city center Augusta Maine. Stuart Florida Imperial County California. Garfield County Utah. Greenville North Carolina Albany New York. Jackson County Georgia school system of Taos New Mexico. Del Rio Texas Atlanta Georgia in Leominster Massachusetts just to name a few. So it’s happening it’s out there and that’s all just in 2019 and it’s only May. So these are going to keep going up. I imagine that you’ll probably see there’s a lot of cities right. They’re going to keep going after these guys especially if you’re on patched.

All right. Next the from Graham Cooley which is a great blog. Well my favorite probably seen his name wrong. Right. I don’t know if that’s right or not anyway. Israeli TV Eurovision webcasts hijacked by hackers. Hamas is blamed. So I’m not going to dig into this too much I just find it interesting this is like something you’d see on Mr. Robot right there took over the broadcast in Israel and played their own message. What that message is less here. Oh it was essentially a it’s a warning symbol says risk of missile attack. Please take shelter. Israel. Israel is not safe. You will see. So you know taking advantage of the fear in people so interesting that they would do this. I mean that continues to escalate over there with everything going on. Not that it’s ever going to de-escalate anytime soon I’m afraid. All right. So that is Wednesday May 15 20 19 everybody have a good week it is Wednesday we’re almost to the weekend keep pushing forward get those patches out get rid of the ransomware already what are we doing. All right everybody have a good week. We’ll talk tomorrow.

Tuesday, May 14th, 2019

Update WhatsApp now! One call could give spies access to your phone

Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw.

FBI Detects New Surveillance Malware Linked to North Korea’s Lazarus Group

Transcript:

 [00:00:00] Hello folks. Welcome to security on the bayou It is Wednesday Wednesday. It’s not Wednesday. It’s Tuesday, May 14 20 19 and here’s security news and why it matters to you.

So if you’ve been living under a rock this morning you may not know that WhatsApp has a fairly severe vulnerability. Essentially what happens here is there’s a vulnerability in the VoIP stack that allows somebody to call your phone via that number right via WhatsApp and execute remote code execution. There’s a buffer overflow vulnerability here. So I’m not going to dig too much into what a buffer overflow is but go look it up. Essentially they’re able to call you create a buffer overflow and run remote code. That’s bad. That means they can essentially own your phone and what’s been happening is they’ve been using this to install malware on phones. So if you have what’s an app on your phone go update it. So you know what. Actually, at this point, you might as well just dial uninstall WhatsApp. I’m going to do bad radio right now I’m going to go to my phone. I’m going to find WhatsApp where you at WhatsApp you tell how often I use it’s updating so I can’t even actually delete it. But as soon as I’m done with this I’m gonna delete WhatsApp. I’m done. I’m over it. I’ll move. I’ve already moved pretty much the signal anyways. I am done with WhatsApp. I recommend you do the same thing if you listen to a couple of weeks ago we talked about how Facebook is integrating WhatsApp into the Messenger Platform. It’s just going to get worse folks. Get rid of it. Be done with it. Move on. It’s my official recommendation. This article is everywhere the one I’m looking at is from Naked Security. But if you go. But this one’s written by Mark starkly. But anywhere you go just Google what’s app today. You’re going to find it. All right.

Next from bit defender dot com FBI detects new surveillance malware linked to North Korean Lazarus group. So if you may remember last month or so there was some malware called hop light which targeted critical infrastructure. So we’re talking power generation high tech manufacturing the lights the water anything that is critical to the operations of the country in your daily life. It was called hop light. It was going after critical infrastructure. There’s a new one in and it’s called electric fish to surveillance weapons so essentially what this does is allows them to create a tunnel on the machine and run a proxy so they can actually trade data. And I assume push additional malware persistent malware to the endpoint. This is also not good. I mean if this is targeting critical infrastructure that’s never good. But you know we’re starting to see this more and more and more and all those ISIS PCM guys out there yelling right now saying Chris it’s been going on forever. Yes, I know but now it’s more in the limelight. People are starting to see it more and more we talked a few weeks ago about the issue that happened the detox while not a nation-state but it’s becoming more and more prevalent across the country in the world. It’s not going to stop. It’s not going to slow down. There’s a reason the critical infrastructure protection is in place at a government level.

All right next. This one from badpackets.net If you don’t follow bad packets on Twitter I highly recommend it. They release these really cool reports about the marine botnet about how many new machines are seen every once in a while. It’s pretty cool. But at the end of the day, they are all about IO T botnets network a boot abuse an emerging threat. So they do a lot of scanning and monitoring. And this one has entitled over 25000 links this smart Wi-Fi routers vulnerable to send for sensitive information disclosure flaw. So you’re thinking yourself what do you mean what is going on here. We all know that IoT devices routers are vulnerable right. Yes. But this is a bit different. This is a little bit easier than what you may be thinking of. So the steps are actually in here this is pretty simple and I recommend if you have a link to this router give this a shot. It’s pretty simple. You put the public IP address in the web browser you go and you open your head after 12. If you’re on like Chrome or something like that to get to the developer console you go to the network tab you look for a Jane app and you open it and it starts to leak out information such as where you go mac address Device name and operating system. So that’s how you would do it in the gooey fashion right. But then they’ve also got on here a one-liner that is pretty simple. I mean it’s shorter than a tweet. It’s not long at all x Tak Jaina attack action colon the ha the U R L and then that’s it. So now you’re able to grab a MAC address Device name an operating system of all the devices that are on that networks and not talk about just one or two. Right. We’re talking about a whole thing. So hold internal home network which is not necessarily in and of itself bad right. Well, this is bad right. This isn’t something that they can use directly to own your system or own your network but what it does is it enables them to do some recon on what’s on your network before they go after it. So they’re easy they can more tailor their attacks as opposed to just like a spray and pray method on the network of trying everything and anything. Now they know that you are running Windows 7 right. Let’s go find the easiest vulnerability I can for Windows 7 and start there. So once again make sure your firmware is up to date. They’re calling it shadow hammer. Let’s see is there a home that did it. Are there other ones. The specific models are listed here too. There’s maybe 35 or so. Where are they located? Here we go here’s a list of names. The United States has 11000. Where’s the issue is there good news. Oh, I didn’t know this. Over half the vulnerabilities linked to smart Wi-Fi routers currently, have automatic firmware updates enabled. That’s good. So if they push a new update you’ll be fixed. So go check and make sure that your router is up to date. Hopefully, there’s a new firmware for it. Hopefully, that fixes it if not just pray. There’s a lot you can do. This is where we start to rely on the vendors right. All right, folks, I think that does it. It is Tuesday, May 15th, 2019. This has been Security on The Bayou