Security Briefing 12.6.16
HDDCryptor disrupted travel in San Francisco over the holiday weekend, affecting 2,100+ machines and allowing travelers free transit on Saturday. Bounty was set at 100 bitcoins (~$72,000) to decrypt; it’s unclear up to now if they’ve paid. Affected everything from servers to workstations to terminals for customers, encrypted the disks and rebooted to a screen that simply stated “You hacked, ALL data encrypted. Contact for Key (email@example.com) ID:681”
UberCENTRAL, a portal Uber started during the summer, could have leaked sensitive data. Over September and October, a white-hat hacker found a few vulnerabilities in the system which allowed him to enumerate sensitive data. The caveat of these things is that you would have to be an admin to actually see the enumerated data. Uber has since said they’ve fixed the exploits.
In a surprising twist, a new type of encryption ransomware, ironically titled Vindows Locker, encrypts files and pushes the user to pay $349 (in USD, not BitCoin or LyteCoin) to a ‘Microsoft Technician’ based out of India. Spoiler alert, they actually can’t decrypt the files. However, Malwarebytes has already created a decryptor for this particular system.
One of the oldest codebases around, Network Time Protocol (NTP), is literally maintained by one person. Harlan Stenn – he’s been doing it for 30 years. He is running out of money and the workload is quickly becoming too much for him to handle. Specifically, a vulnerability was active and he was aware of it for more than 100 days over the summer before it was taken care of. NTP is used on nearly everything that digitally displays a clock now-a-days.
A Siemens CCTV camera has been diagnosed vulnerable to hacks and require an urgent firmware patch. This vulnerability affects some models listed on the site that came from a June 2015 product line. It allows hackers to get admin credentials from the camera via a malformed HTTP packet.
(technical) An Irish researcher has discovered a vulnerability affecting Microsoft’s Azure and Amazon Web Services via Red Hat services: Red Hat Update Infrastructure (RHUI), Red Hat Enterprise Linux (RHEL). There was a flaw in the way that RHEL images were created, in that the Red Hat Package Manager (RPM) had client configuration files for each region, which allowed him to gain access to all servers exposing their REST APIs over HTTPS, which allowed him to dig further and he noticed logs and configuration files, including SSL certificates, that could be used to gain full admin access to Red Hat Update Appliances. It goes deeper than this, however the researcher reported the issues to Microsoft and they confirmed the flaw is patched.
Modified Raspberry Pi can gain access to sensitive data over a strict USB connection, with no user interaction required. Even if you have 2FA. It can also intercept network traffic and re-route requests. It works by tricking the host PC into thinking it is a network adapter and, once it has system-level privileges, it does whatever it wants. Video on the page!
Amazon gift card scam fires up just in time for the holidays. You purchase an item from the Amazon marketplace, then you’re instructed to email the seller before placing the order (mistake #1), then you get an email with a fake ‘e-payment’ links and Amazon branding on emails that take you to a fake site to purchase the gift card for the amount of your transaction and put in the redemption code on the fake website. Amazon has no trace and you have no recourse. Be careful how you shop this season!