Information Security News
Facebook flashes its One Tool To Rule Them All in security threat analysis
The social network's engineers said the utility, imaginatively dubbed ThreatData, collects software nasties shared by researchers and also throws in intelligence gathered by Facebook plus information it buys from infosec firms. Unfortunately, these ...
SANS Institute to Hold Security Leadership Summit in Boston
SYS-CON Media (press release)
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security ...
Security provider RSA endowed its BSAFE cryptography toolkit with a second NSA-influenced random number generator (RNG) that's so weak it makes it easier for eavesdroppers to decrypt protected communications, Reuters reported Monday.
Citing soon-to-be-published research from several universities, Reuters said the Extended Random extension for secure websites allows attackers to work tens of thousands of times faster when breaking cryptography that uses the Dual EC_DRBG algorithm to generate the random numbers that populate a specific cryptographic key. Dual EC_DRBG is a pseudo-random number generator that was developed by cryptographers from the National Security Agency and was the default RNG in BSAFE even after researchers demonstrated weaknesses so severe that many suspected they were introduced intentionally so the US spy agency could exploit them to crack encrypted communications of people it wanted to monitor. In December, Reuters reported that the NSA paid RSA $10 million to give Dual EC_DRBG its favored position in BSAFE.
Extended Random was a second RNG that would presumably make cryptographic keys more robust by adding a second source of randomness. In theory, the additional RNG should increase the entropy used when constructing a new key. In reality, the algorithm made protected communications even easier for attackers to decrypt by reducing the time it takes to predict the random numbers generated by Dual EC_DRBG, which is short for Dual Elliptic Curve, Reuters reported Monday.
Daily Maily אנשים ומחשבים
הפורמט החדש של InfoSec מבוסס על חוכמת ההמונים
Daily Maily אנשים ומחשבים
תחום אבטחת המידע היה מאז ומעולם נושא שהעסיק את אנשי מערכות מידע מהיום שהומצא המחשב. בשנים האחרונות מאז פרוץ הסייבר, עומעם מעט מעמדו של תחום זה, ויחד איתו אלו שממלאים את התפקיד בפועל הם מנהלי האבטחה (CISO). כעת אנחנו מצויים על סף עידן חדש, שבו כולם מבינים כי ...
Update: Just found what looks like a bitcoin miner on the infected DVR. There are two more binaries. D72BNr, the bitcoin miner (according to the usage info based on strings) and mzkk8g, which looksl ike a simplar http agent, maybe to download additional tools easily (similar to curl/wget which isn't installed on this DVR by default). I will add these two files to https://isc.sans.edu/diaryimages/hikvision.zip shortly.
Last week, we reported that some of the hosts scanning for port 5000 are DVRs (to be more precise: Hikvision DVRs, commonly used to record video from surveillance cameras  ).
Today, we were able to recover the malware responsible. You can download the malware here https://isc.sans.edu/diaryimages/hikvision.zip (password: infected) .
The malware resides in /dev/cmd.so . A number of additional suspect files where located in the /dev directory which we still need to recover / analyze from the test system. The compromisse of the DVR likely happened via an exposed telnet port and a default root password (12345).
Analysis of the malware is still ongoing, and any help is appreciated (see link to malware above). Here are some initial findings:
- The malware is an ARM binary, indicating that it is targeting devices, not your typical x86 Linux server.
- The malware scans for Synology devices exposed on port 5000. The http request sent by the malware:
McAfee CSO article stirs up the whitehat infosec community
medium_2906633775 An article published by Security Magazine online by McAfee Chief Security Officer Brent Conran earlier this month has created a storm of controversy in the infosec community. Posted under the category 'Cyber Safety' and entitled 'Why ...