Tentatively Secure

Mirai Has Returned

April 18, 2019

The cyber security firm, Palo Alto Networks, has discovered that Mirai Botnet malware has returned in early January, this time targeting enterprise wireless presentation and display systems. Mirai, which has become famous for perpetrating some of the biggest botnet attacks back in 2016. This time, it was found in routers, network storage devices, network video recorders, and IP cameras. This new variant uses 27 different exploits to spread, 11 of which are new to the Mirai malware. Ironically,...

Gustaff: Android Banking Beware

April 16, 2019

Group-IB, a cyber security company, discovered a new trojan in circulation by the name of Gustaff. This trojan utilizes android’s Accessibility Service to gain access to victims’ banking information for both fiat and cryptocurrencies. Gustaff spreads through SMS in the form of a hyperlink to an APK to install the Trojan. Once infected, Gustaff retrieves a list of contacts on the infected device to spread further in the same manner. The trojan targets over 100 different banking apps...

Saudis Hacked Bezos

April 11, 2019

An investigation recently found that the compromising texts and photos that the National Inquirer has on Jeff Bezos, the CEO of Amazon, was acquired by the Saudi government, who hacked Bezos’ personal phone. Soon after it was known to him that the National Enquirer had these materials, Bezos had his security consultant, Gavin de Becker, investigate how they got them. He concluded, “Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’...

Xiaomi Security Insecure

April 9, 2019

Researchers at Check Point Software Technologies found that the preinstalled app called Guard Provider exposes users to security vulnerabilities. The vulnerability is due to the extensive use of SDKs, with unsecured traffic to and from the app. This exposes the user to a man-in-the-middle attack on the user, since the traffic is not encrypted. The latency between requests from different SDKs exposes the app to code injection attacks. Since the app uses multiple SDKs from different sources using...

Georgia Tech: May Need Better Tech

April 4, 2019

Georgia Tech has had a data breach, where 1.3 million past and current students and staff have had their data compromised. This breach was due to their web app, from which names, addresses, and Social Security numbers of these students and staff became exposed. Georgia Tech actually has a previous record of data leaks. Last year in 2018, 8000 students had their information exposed through an email that was directed to the wrong person.

These data leaks are particularly interesting because...

Chinese Woman Arrested by Secret Service

April 3, 2019

A Chinese woman was arrested by the Secret Service at the Mar-a-lago in Palm Beach, who apparently had a USB drive with malware on it. She was found to have two passports, four cellphones, a laptop, and a USB thumb drive. According to the criminal complaint, she tricked the security staff to let her enter the Mar-a-lago resort by pretending not to speak English. She then entered a restricted area where she was stopped by the main reception. She claimed to be there for an event that did not exist....

Look out, Asus

March 29, 2019

There seems to be a targeted campaign against Asus computers. Over one million devices have found to have been backdoored by an Advanced Persistent Threat(APT) campaign. This campaign uses the Asus Live Update Utility, which is on most recent devices. The attackers used a validly signed certificate to install the backdoor automatically to Asus computers. While this was installed somewhat indiscriminately by the update utility, the malware uses a hard-coded list of MAC addresses, indicating that...

WinRAR Exploit: Now Open for Exploit

March 27, 2019

A few weeks ago, I wrote about the WinRAR exploit that was patched in one of the most recent WinRAR updates. This exploit let malicious actors force files to be extracted to whatever directory they want using a path-traversal vulnerability. This exploit is now actually being used. Since not everyone immediately updates their WinRAR software, hackers heard about the new patched exploit, and immediately got to work on malware to exploit it. In one case, the hackers impersonate a education accreditation...

Web Authentication API

March 21, 2019

On March 4th, the World Wide Web Consortium (W3C) approved a recommendation for a new API for authentication on the web. This API is built to make authentication on the web both easier for companies to implement well. This API gives a standard way for servers to authenticate clients. This API, in combination with the YUBI2 protocol allows authentication to be tied to a particular device, to a physical key like Yubikey, or to biometrics, removing the need for password-only authentication.

The...

Homomorphic Encryption

March 19, 2019

As users of today’s internet, we all have to cope with the question on what data we are okay with companies have. We know first, that the companies we use most, Google, Facebook, Amazon, and so on, collect massive amounts of data from us. Second, we know that they share parts of that data with third parties. In return, we get to use their products, which are often better and even cheaper than the alternatives. Most of the times, we are okay with this trade-off. We might not like it, but...