[00:00:00] Hello folks. Welcome to security on the bayou It is Wednesday Wednesday. It’s not Wednesday. It’s Tuesday, May 14 20 19 and here’s security news and why it matters to you.
So if you’ve been living under a rock this morning you may not know that WhatsApp has a fairly severe vulnerability. Essentially what happens here is there’s a vulnerability in the VoIP stack that allows somebody to call your phone via that number right via WhatsApp and execute remote code execution. There’s a buffer overflow vulnerability here. So I’m not going to dig too much into what a buffer overflow is but go look it up. Essentially they’re able to call you create a buffer overflow and run remote code. That’s bad. That means they can essentially own your phone and what’s been happening is they’ve been using this to install malware on phones. So if you have what’s an app on your phone go update it. So you know what. Actually, at this point, you might as well just dial uninstall WhatsApp. I’m going to do bad radio right now I’m going to go to my phone. I’m going to find WhatsApp where you at WhatsApp you tell how often I use it’s updating so I can’t even actually delete it. But as soon as I’m done with this I’m gonna delete WhatsApp. I’m done. I’m over it. I’ll move. I’ve already moved pretty much the signal anyways. I am done with WhatsApp. I recommend you do the same thing if you listen to a couple of weeks ago we talked about how Facebook is integrating WhatsApp into the Messenger Platform. It’s just going to get worse folks. Get rid of it. Be done with it. Move on. It’s my official recommendation. This article is everywhere the one I’m looking at is from Naked Security. But if you go. But this one’s written by Mark starkly. But anywhere you go just Google what’s app today. You’re going to find it. All right.
Next from bit defender dot com FBI detects new surveillance malware linked to North Korean Lazarus group. So if you may remember last month or so there was some malware called hop light which targeted critical infrastructure. So we’re talking power generation high tech manufacturing the lights the water anything that is critical to the operations of the country in your daily life. It was called hop light. It was going after critical infrastructure. There’s a new one in and it’s called electric fish to surveillance weapons so essentially what this does is allows them to create a tunnel on the machine and run a proxy so they can actually trade data. And I assume push additional malware persistent malware to the endpoint. This is also not good. I mean if this is targeting critical infrastructure that’s never good. But you know we’re starting to see this more and more and more and all those ISIS PCM guys out there yelling right now saying Chris it’s been going on forever. Yes, I know but now it’s more in the limelight. People are starting to see it more and more we talked a few weeks ago about the issue that happened the detox while not a nation-state but it’s becoming more and more prevalent across the country in the world. It’s not going to stop. It’s not going to slow down. There’s a reason the critical infrastructure protection is in place at a government level.
All right next. This one from badpackets.net If you don’t follow bad packets on Twitter I highly recommend it. They release these really cool reports about the marine botnet about how many new machines are seen every once in a while. It’s pretty cool. But at the end of the day, they are all about IO T botnets network a boot abuse an emerging threat. So they do a lot of scanning and monitoring. And this one has entitled over 25000 links this smart Wi-Fi routers vulnerable to send for sensitive information disclosure flaw. So you’re thinking yourself what do you mean what is going on here. We all know that IoT devices routers are vulnerable right. Yes. But this is a bit different. This is a little bit easier than what you may be thinking of. So the steps are actually in here this is pretty simple and I recommend if you have a link to this router give this a shot. It’s pretty simple. You put the public IP address in the web browser you go and you open your head after 12. If you’re on like Chrome or something like that to get to the developer console you go to the network tab you look for a Jane app and you open it and it starts to leak out information such as where you go mac address Device name and operating system. So that’s how you would do it in the gooey fashion right. But then they’ve also got on here a one-liner that is pretty simple. I mean it’s shorter than a tweet. It’s not long at all x Tak Jaina attack action colon the ha the U R L and then that’s it. So now you’re able to grab a MAC address Device name an operating system of all the devices that are on that networks and not talk about just one or two. Right. We’re talking about a whole thing. So hold internal home network which is not necessarily in and of itself bad right. Well, this is bad right. This isn’t something that they can use directly to own your system or own your network but what it does is it enables them to do some recon on what’s on your network before they go after it. So they’re easy they can more tailor their attacks as opposed to just like a spray and pray method on the network of trying everything and anything. Now they know that you are running Windows 7 right. Let’s go find the easiest vulnerability I can for Windows 7 and start there. So once again make sure your firmware is up to date. They’re calling it shadow hammer. Let’s see is there a home that did it. Are there other ones. The specific models are listed here too. There’s maybe 35 or so. Where are they located? Here we go here’s a list of names. The United States has 11000. Where’s the issue is there good news. Oh, I didn’t know this. Over half the vulnerabilities linked to smart Wi-Fi routers currently, have automatic firmware updates enabled. That’s good. So if they push a new update you’ll be fixed. So go check and make sure that your router is up to date. Hopefully, there’s a new firmware for it. Hopefully, that fixes it if not just pray. There’s a lot you can do. This is where we start to rely on the vendors right. All right, folks, I think that does it. It is Tuesday, May 15th, 2019. This has been Security on The Bayou