News briefs, September 2015
»Following Hacking Team's major data breach, the company's secrets demonstrated various ways to hack into nearly all mobile devices, including iOS. Despite initial reports that iOS devices must be jailbroken before compromise, researchers found other ways to install the company's spyware. Hacking Team held an Apple enterprise certificate that allowed apps signed with it to be installed on any iOS device. This led to Hacking Team being able to slip its surveillance software into iPhone devices' pre-installed Newsstand app.
»A pair of researchers discovered an exploit in Uconnect-enabled Fiat Chrysler vehicles that allows an attacker to take control of the vehicle. Fiat issued a voluntary recall following the exploit exposure. It impacts nearly 1.4 million Dodge, Chrysler, and Jeep vehicles in the U.S. The update to the software will “block remote access to certain vehicle systems and were fully tested and implemented within the cellular network.”
» ERPScan identified 549 Oracle PeopleSoft systems that are accessible via the internet and then found that 231 of those systems are vulnerable to a critical attack. The TokenChpoken attack can ultimately be used to login under any registered account and gain full access to the PeopleSoft system, and it additionally opens the door for attacks against other systems and third-party data stores.
» Israeli researchers detailed a new attack that can steal data from air-gapped computers, which are often seen as relatively safe. GSMem malware, as the researchers call it, exploits electromagnetic radiation (EMR) emissions and forces a computer's memory bus to function similarly to an antenna in order to wirelessly transmit data to a phone over cellular frequencies.
» United Airlines reportedly experienced a breach by a Chinese hacker group believed to be behind breaches at OPM and Anthem. The United breach occurred around the same time as the other two high-profile compromises, and it is believed that these attackers are amassing a major database of Americans' information. Details on the breach are scarce and more should be revealed in the coming months.
» FireEye identified the new HAMMERTOSS malware that is often used by APT groups as a last effort, or the big gun, when other tools cease working. Its two variants rely on multiple tactics to remain hidden and successful, including using Twitter as well as covert webpages with instrucutions embedded in the site's images.
» A flaw in the Bind DNS server software that affects versions of BIND 9 (from BIND 9.1.0 to BIND 9.10.2-P2), could be exploited to crash DNS servers running the software following a DoS attack. The flaw is critical as it could lead to attacks on both authoritative and recursive DNS servers using just a single packet. That DNS query packet would trigger a REQUIRE assertion failure, causing BIND to exit. The packet is said to be very easy to create.