TechToday News

#Vulnerability #Router #Linux #Report OpenWRT remote code execution via MITM due to bug in package manager

DESCRIPTION:

A bug in the package list parse logic of OpenWrt's opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts. The bug has been introduced with commit https://git.openwrt.org/54cc7e3 which failed to advance the proper string pointer when skipping the leading white- space portition of the checksum string, causing the subsequent hex decoding loop to return early with a zero length checksum. Due to the fact that opkg on OpenWrt runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged .ipk packages with malicious payload. CVE-2020-7982 has been assigned to this issue. https://lists.infradead.org/pipermail/openwrt-devel/2020-January/021544.html

A Public Notice About the TON Blockchain and Grams https://telegram.org/blog/ton-gram-notice

#Malware #IOS #Reverse_Engineering #Article Mass Surveillance, is an (un)Complicated Business — triaging a massively popular iOS application, with a dark side Recently, I was approached by the New York Times (NYT) to assist with the investigation into a massively popular iOS application, ToTok. Apparently “American officials familiar with a classified intelligence” had determined that ToTok, was actually a spying tool. The main goal of this blog post is to provide the technical details, about how one may go about triaging an iOS application, using ToTok as a “case-study” That is say, the aim is simply to discuss our analysis procedure and binary analysis, and note some (interesting) observations. https://objective-see.com/blog/blog_0x52.html

#Reverse_Engineering #Article Here Be Dragons: Reverse Engineering with Ghidra - Part 1 [Data, Functions & Scripts] Welcome to the second part in a series on reverse engineering Windows binaries with Ghidra! In this post, we’ll be building on the concepts we learned in Part 0 and introduce some new topics including converting/applying data types, function call trees/graphs, the script manager and memory map. Along the way, we’ll apply what we learned by reversing some more CrackMe binaries and a CTF challenge binary from this year’s Flare-On 6. I’ve placed all the binaries we’ll be reversing in this repo here, so you can import them into Ghidra and you should be ready to go! https://www.shogunlab.com/blog/2019/12/22/here-be-dragons-ghidra-1.html

#Security #Network #Article Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception In this talk, we will provide an overview of the various forms of HTTPS interception, the development of an open-source HTTPS interception detection tool, along with the insights we observed and want to share with the security community. By: Luke Valenta and Gabriele Fisher https://youtu.be/EpGewXz7tLw https://www.blackhat.com/us-19/briefings/schedule/#monsters-in-the-middleboxes-building-tools-for-detecting-https-interception-16617 http://i.blackhat.com/USA-19/Wednesday/us-19-Valenta-Monsters-In-The-Middleboxes-Building-Tools-For-Detecting-HTTPS-Interception.pdf

#Vulnerability #Linux #Article Linux 4.6 introduced unpriviledged user namespaces http://man7.org/conf/meetup/understanding-user-namespaces--Google-Munich-Kerrisk-2019-10-25.pdf

#Vulnerability #Linux #Android #iOS #MacOS #Report New Linux Bug Lets Attackers Hijack Encrypted VPN Connections The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed. This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim's network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted. Ubuntu 19.10 (systemd) Fedora (systemd) Debian 10.2 (systemd) Arch 2019.05 (systemd) Manjaro 18.1.1 (systemd) Devuan (sysV init) MX Linux 19 (Mepis+antiX) Void Linux (runit) Slackware 14.2 (rc.d) Deepin (rc.d) FreeBSD (rc.d) OpenBSD (rc.d) https://thehackernews.com/2019/12/linux-vpn-hacking.html https://seclists.org/oss-sec/2019/q4/122

#Vulnerability #iOS #Android #Windows #Report New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows. According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are as follows: 🔸 Android versions before 2.19.274 🔸 iOS versions before 2.19.100 🔸 Enterprise Client versions before 2.25.3 🔸 Windows Phone versions before and including 2.18.368 🔸 Business for Android versions before 2.19.104 🔸 Business for iOS versions before 2.19.100 https://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html https://www.facebook.com/security/advisories/cve-2019-11931

Buying new Android but already with pre-installed vulnerabilities Android Firmware Vulnerabilities - November 2019 https://www.kryptowire.com/android-firmware-2019/

#Vulnerability #Exploit #Hack #Article CVE-2018-11529 — Remote Code Execution Vulnerability in VLC VideoLAN VLC Media Player 2.2.x is prone to a use-after-free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely cause VLC to crash. Use-After-Free is a memory corruption flaw that is triggered when a program references memory after it has been freed. This can cause a program to crash, use unexpected values, or execute arbitrary code. A hacker can potentially leverage this vulnerability to execute shellcode or even achieve remote code execution capability [1]. This vulnerability was reported in CVE-2018-11529 which has not been listed in VLC security advisories. But other vendors have detected it. https://www.opswat.com/blog/remote-code-execution-vulnerability-in-vlc-detection-remediation-with-opswat