Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why?

www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

PHA Family Highlights: Bread (and Friends)

security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html In this edition of our PHA Family Highlights series we introduce Bread, a large-scale billing fraud family. We first started tracking Bread (also known as Joker) in early 2017, identifying apps designed solely for SMS fraud. As the Play Store has introduced new policies and Google Play Protect has scaled defenses, Bread apps were forced to continually iterate to search for gaps. They have at some . point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere. In this post, we show how Google Play Protect has defended against a well organized, persistent attacker and share examples of their techniques.

Valtio hämmentää tunnistautumisen markkinoita “aivan liian aikaista uudelle järjestelmälle

www.tivi.fi/uutiset/tv/4f86b33c-07e6-4732-a165-e940ac38d0a5 Valtio suunnittelee Suomeen uudenlaista mobiilihenkilökorttia. Kyseessä olisi mobiilisovellus, jota voitaisiin käyttää henkilöllisyyden todentamiseen ja sähköiseen tunnistamiseen. Tivi uutisoi asiasta ensimmäisen kerran syksyllä verkossa.

Senator unveils bill to stop the US from sharing intel with countries using Huawei 5G

www.zdnet.com/article/senator-unveils-bill-to-stop-the-us-from-sharing-intel-with-countries-using-huawei-5g/#ftag=RSSbaffb68 Sen. Tom Cotton, R-Ark., introduced legislation this week that would prohibit the US from sharing intelligence with any country allowing Huawei to operate 5G technologies within its borders. If such legislation passed, it would have a major impact on US foreign policy, as well as business for the Chinese telecom giant.

SHA-1 chosen prefix collisions and DNSSEC

www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html On the 7th January, a new more flexible and efficient collision attack against SHA-1 was announced: SHA-1 is a shambles. SHA-1 is deprecated but still used in DNSSEC, and this collision attack means that some attacks against DNSSEC are now merely logistically challenging rather than being cryptographically infeasible.

50+ orgs ask Google to take a stance against Android bloatware

www.zdnet.com/article/50-orgs-ask-google-to-take-a-stance-against-android-bloatware/#ftag=RSSbaffb68 In an open letter published yesterday, more than 50 organizations have asked Google to take action against Android smartphone vendors who ship devices with unremovable pre-installed apps, also known as bloatware.

Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html This is the first blog post in a three-part series that will detail how a vulnerability in iMessage can be exploited remotely without any user interaction on iOS 12.4 (fixed in iOS 12.4.1 in August 2019). It is essentially a more detailed version of my 36C3 talk from December 2019.

AT&T Alien Labs analysis of an active cryptomining worm

cybersecurity.att.com/blogs/labs-research/att-alien-labs-analysis-of-an-active-cryptomining-worm#When:14:00:00Z This blog post provides an overview of the AT&T Alien Labs technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence, and WebLogic servers. Upon exploitation, malicious implants are deployed on the compromised machine. While most of the attacks described below are historical, we at Alien Labs are continuing to see new attacks

The Bug That Exposed Your PayPal Password

medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9 This is the story of a high-severity bug affecting what is probably one of PayPals most visited pages: the login form.

Who is Mr Gu?

intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/ In our previous articles we identified thirteen companies that this blog knows are a front for APT activity in Hainan. Following further analysis, we noticed a close association between these Hainan front companies and the academic world. Multiple job adverts for the the companies are posted on university websites. Hainan Xiandun even appears to operate from the Hainan University Library!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.