"They exposed weaknesses in the armor, illustrating that "we as scientists and engineers think we have a great solution and ha-ha moments, thinking Soldiers will love this" new piece of gear. Then the Red Team would show up and show all the weaknesses, she said, so "we started solving those problems." From that point on, anything deployed to small forward operating outposts of 300 people or less gets a Red Team going over from "the construct of the operational perspective, technology perspective, and how we could integrate it in such a way not to create inherent vulnerabilities. It's been very effective." - via David Vergun writing at the United States Army
'Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles.' - via Ars Technica's Dan Goodin
Going dark in 2014, the Equation Group's malware command and control servers have reportedly been migrated onto United States soil... This, after a nefariously successful run targeting thousands of victims in at least 40 countries. Focusing on vertical industry segments such as medical, telecom and aerospace sectors, including diplomatic missions, research institutions, military, governments, the Equation Groups' malware is apaprently fostering speculation as to connections between and betwixt US agencies.
"In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency." - via ArsTechnica's Dan Goodin
In a typically fascinating post, over at TrendLabs, written by Lambert Sun, Brooks Hong (Mobile Threat Analysts) and Feike Hacquebord (Senior Threat Researcher), we learn of a recently discovered iOS espionage tool. Ladies and Gentlemen, Girls and Boys, behold, the money quote:
"We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT. The obvious goal of the SEDNIT-related spyware is to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. As of this publishing, the C&C server contacted by the iOS malware is live." - via TrendMicro's TrendLabs blog authors Lambert Sun, Brooks Hong and Feike Hacquebord.
via Rapid7's HD Moore, comes news of the latest flaw in the Internet of Things realm, this time, focusing on the fueling infrastructure worldwide. Specifically, the gauges that meter and permit the dispensing of liquid and gaseous matériel... Evidently, these automated tank gauges (monikered ATGs) not only possess IP connectivity, but they also have tremendously flawed software componentry to boot. What Could Possibly Go Wrong.
What, really? Apparently, GoDaddy security has failed to measure up, yet again. via Swati Khandelwal writing at HackerNews, comes the sorry tale of failed code (in the form of XSRF vulnerabilities), obvious failed quality control, and on top of all of that, no security checks pre-deployment. Astounding.
Physikalisch Zugriff Nicht Erforderlich
More interesting security slap and tickle at the Chaos Computer Club confab in Germany... This time, apparently the lack of physical access was not an impediment in the second well publicized defeat of Apple Inc.'s [NasdaqGS: AAPL] TouchID. Jan Krissler, holding forth at the conference has detailed the steps taken to overcome the vaunted security of TouchID via a presentation entitled 'Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] '.
'Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.' - via Emil Protalinski writing at VentureBeat
In not-unsurprising-cruft-news, additional, vulnerability-laden, Unix and Unix-like (read Linux) utilities have been detected, requiring updates. The list, enumerated by HD Moore, the CTO of Rapid7 (and of Metasploit fame) includes wget, tnftp, symlink issues and others. Questions have arisen, as to why these utilities have not been scrutinized earlier...
' “wget versions prior to 1.16 are vulnerable to a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target,” said HD Moore, the chief research officer at Rapid7 who found the vulnerability, in a blog post Tuesday...' - via PCWorld's Lucian Constantin
Not to be undone by the well reported Bourne Again Shell vulnerability of two weeks past, now, via, Robert Lemos, writing at ArsTechnica, comes this sordid tale of poor punctuation coupled with input validation issues. In which, the vulnerability at hand, opens up a logical path within the Microsoft Corporation (NasdaqGS: MSFT) Windows in-built shell, where all the badness is vectored...
Evidently, seventeen thousand Apple Inc. (NasdaqGS: AAPL) MAC OS X machines (worldwide) have been corralled into a nefarious botnet. Discovered by a relative unknown in the burgeoning Russian anti-virus industry (nope, it wasn't Kapersky) this bot is probably the prettiest ever, eh Comrade? One bit of good news, Apple has released a new malware definitions update as of 11:00 AM yesterday.