November 2019 - rwth-security - lists.rwth-aachen.de

Facebook, Twitter profiles slurped by mobile apps using malicious SDKs
by Bernd Kohler 27 Nov '19

27 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Facebook, Twitter profiles slurped by mobile apps using malicious SDKs" "On Monday, Twitter and Facebook both claimed that bad apples in the app stores had been slurping hundreds of users’ profile data without permission ..." VG Bernd [0] https://nakedsecurity.sophos.com/2019/11/27/facebook-twitter-profiles-slurp… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

New Hot Spot 2.0 Wifi Evil Twin Attack
by Bernd Kohler 27 Nov '19

27 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Hot Spot 2.0 Wifi Evil Twin Attack" "... Hot Spot 2.0 misuse can guise a user to think a network is more secure when indeed it is a rogue access point ... " VG Bernd [0] https://medium.com/@adam.toscher/new-hot-spot-2-0-wifi-evil-twin-attack-2d6… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

Splunk - Timestamp recognition of dates with two-digit years fails beginning January 1, 2020
by Bernd Kohler 27 Nov '19

27 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Timestamp recognition of dates with two-digit years fails beginning January 1, 2020" "The issue that this page addresses is developing rapidly. Expect frequent near-term updates as more information becomes available. Consider bookmarking the page and checking back frequently to ensure that you have the latest updates ..." VG Bernd [0] https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetime… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

RIPlace – A new Evasion Technique that Let Ransomware to Encrypt Files Undetected
by Bernd Kohler 26 Nov '19

26 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "RIPlace – A new Evasion Technique that Let Ransomware to Encrypt Files Undetected" --> Research Paper [1] --> "... all antivirus products including Endpoint Detection and Response tested so far were completely blind to file operations using this technique, including encryption ..." VG Bernd [0] https://gbhackers.com/riplace-evasion-technique/ [1] https://www.nyotron.com/collateral/RIPlace-report_compressed-3.pdf -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

Zero trust architecture design principles
by Bernd Kohler 25 Nov '19

25 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Zero trust architecture design principles" --> Alpha release for the ZTA principles on GitHub [1] VG Bernd [0] https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles [1] https://github.com/ukncsc/zero-trust-architecture/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

CNAME Cloaking, the dangerous disguise of third-party trackers
by Bernd Kohler 25 Nov '19

25 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CNAME Cloaking, the dangerous disguise of third-party trackers" VG Bernd [0] https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-p… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
by Bernd Kohler 25 Nov '19

25 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool" VG Bernd [0] https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

ACBackdoor: Analysis of a New Multiplatform Backdoor
by Bernd Kohler 25 Nov '19

25 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "ACBackdoor: Analysis of a New Multiplatform Backdoor" VG Bernd [0] https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-bac… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

VNC remote access vulnerabilities - 37 vulnerabilities in four VNC implementation
by Bernd Kohler 25 Nov '19

25 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] (found via [1]) FYI "VNC remote access vulnerabilities" - LibVNC - TightVNC 1.X - TurboVNC - UltraVNC VG Bernd [0] https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/ [1] https://gbhackers.com/37-vulnerabilities-vnc/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0

flan - vulnerability scanner provided by cloudflare using nmap
by Bernd Kohler 22 Nov '19

22 Nov '19

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] bzw. [1] FYI "flan" 01. der Docker daemon sollte schon laufen (sofern der aktuelle Benutzer nicht in der Gruppe docker ist, alle relevanten Befehle mit sudo) systemctl status docker.service docker run hello-world 02. die Quellen beziehen git clone https://github.com/cloudflare/flan.git cloudfare_flan_vuln_scanner cd cloudfare_flan_vuln_scanner 03. die zu testende IP (aus dem LAN!) festlegen (es gehen auch mehrere) echo "$(dig -t a ${HOST_FQDN} +short)" > ./shared/ips.txt && cat ./shared/ips.txt 04. Bauen und schauen make build docker image ls | fgrep flan docker image inspect flan_scan 05. die Prüfung durchführen (empfohlene Anpassnung des Makefile unter Linux um die lokale Zeit in den Reports zu haben - genauer die "start:" Direktive "docker run --name $(container_name) -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v $(shell pwd)/shared:/shared flan_scan" ) make start 06. jetzt noch den schönen PDF-Report erstellen sudo apt install texlive-latex-extra texlive-fonts-extra cd ./shared/report pdflatex report_...text VG Bernd [0] https://github.com/cloudflare/flan -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de

1 0