Sunday, November 20, 2016

2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails


This week, Mr. Boettcher found himself with an interesting conundrum concerning what happened when he converted a Windows DOCX file to a PDF using a popular #PDF converter software. We discuss what happened, how Software Restriction Policy in Windows kept him safe from a potential malware infection, and about the logging that occurred.

After that, we discuss some recent vulnerabilities, like the BlackNurse Resource Exhaustion vulnerability and how you can protect your infrastructure from a DDoS that can occur from someone sending your firewall 300 packets a second... which anyone can do.

We discuss Robert Graham's recent run-in with a new surveillance camera and how it was pwned in less time than you think. And learn about the 'buenoware' that has been released that 'patches' IoT and embedded devices... But does it do more harm than good, and is it legal?

All that and more this week on Brakeing Down Security Podcast! 

Check out our official #Slack Channel! Sign up at https://brakesec.signup.team

Next Book Club session is 29 November 2016. Our current book for study is 'Software Security: Building Security In' by Dr. Gary McGraw  https://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705  (ebook is available of Safari books online)

 

BlackNurse

https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/

http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/

http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack

 

Recent tweet from @boettcherpwned about infected docx with macros and we discuss why Foxit PDF runs the macros and open_document:

https://twitter.com/boettcherpwned/status/799726266693713920

Brakesec Podcast about Software Restriction Policy and Application Whitelisting on Windows: http://traffic.libsyn.com/brakeingsecurity/2016-018-software_restriction_policy-applocker.mp3

Rob Graham @errataBob: new camera pwned by #Mirai botnet and others within 5 minutes:

https://twitter.com/newsyc200/status/799761390915424261

 

#BlackNurse

https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/

http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/

http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack

ICMP

Type 3, Code 3 (Destination Port unreachable)  http://www.faqs.org/rfcs/rfc792.html

#SHA1 deprecated on website certs by Chrome on 1 January 2017

http://www.darkreading.com/operations/as-deadline-looms-35-percent-of-web-sites-still-rely-on-sha-1/d/d-id/1327522

#Benevolent #malware (buenoware)

https://isc.sans.edu/diary/Benevolent+malware%3F+reincarnaLinux.Wifatch/21703

#Atombombing

http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions

https://breakingmalware.com/injection-techniques/atombombing-cfg-protected-processes/

http://www.pandasecurity.com/mediacenter/malware/atombombing-windows-cybersecurity/

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-046-Black_Nurse_buenoware_IoT_pwnage.mp3

iTunes:

Youtube:

 

#RSS: http://www.brakeingsecurity.com/rss

#Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582


Here is a new episode of Brakeing Down Security Podcast!

No comments: