The Friday Tech Takeaway - 17.11.17
A clever use of NTFS file system links
The Windows NTFS file system has a feature known as "Directory Junctions" which are similar to Unix symbolic links. This abuse of directory junctions can cause the quarantine directory to appear in the system's DLL search path... which will cause the system to load the malicious software -- named as a DLL -- in preference to the actual DLL it is searching for. https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
Vault 8: WikiLeaks releases source code for Hive - CIA's malware control system
WikiLeaks has released the source code for what appears to be a command-and-control system used by the CIA for managing remotely located surveillance implants. It is known, somewhat dramatically, as "the Hive" and consists of a system for hiding the communications of CIA implants in plain sight. https://wikileaks.org/vault8/
OnePlus left a backdoor that allows root access without unlocking Bootloader
Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. https://thehackernews.com/2017/11/oneplus-root-exploit.html
17-year-old MS Office flaw lets hackers install malware without user interaction
The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Office 365, and works against all versions of the Windows operating system, including the latest Microsoft Windows 10 Creators Update.
Forever 21 warns shoppers of payment card breach
American clothes retailer Forever 21 has announced that the company has suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations. The Los Angeles based company, which operates over 815 stores in 57 countries, didn't say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected. https://newsroom.forever21.com/releases/notice-of-payment-card-security-incident
Bluetooth hack affects 20 million Amazon Echo and Google home devices
A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne. BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks. https://www.youtube.com/watch?v=g6ivGislWWo&feature=youtu.be
Death of the Tier 1 SOC analyst
The job of the so-called Tier 1 or Level 1 security operations centre (SOC) analyst is on track for extinction. A combination of emerging technologies, alert overload, and fallout from the cybersecurity talent shortage is starting to gradually squeeze out the entry-level SOC position.
Cisco issues security advisory warning of flaw in Cisco Voice Operating System software
Tech giant Cisco issued a security advisory warning of a vulnerability in the Cisco Voice Operating System software platform. It can be triggered by an unauthenticated, remote hacker to gain unauthorized and elevated access to vulnerable devices. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
Russia's "Irrefutable Evidence" that US aided ISIS is video game screengrab
The Russian Defense Ministry has posted “irrefutable evidence” on Twitter and Facebook that the US aided ISIS, which has turned out to be screengrabs from a well-known video game and a video published online by the Iraqi military in 2016.
Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub for years
The private SSL key was found sitting in a public DJI-owned GitHub repo by Kevin Finisterre, a researcher who focuses on DJI products. AWS account credentials and firmware AES encryption keys were also left exposed, along with highly sensitive personal information in poorly configured public-facing AWS S3 buckets, which he summarized as a “full infrastructure compromise. https://www.theregister.co.uk/2017/11/16/dji_private_keys_left_github/