WHOIS, OS X Malware, NetBSD, and Kaspersky – Hack Naked News #146
October 24, 2017
Kaspersky has “nothing to hide”, the internet wants YOU, OS X malware runs rampant, WHOIS database slip-ups, and more. Jason Wood discusses an attack on critical US infrastructure on this episode of Hack Naked News!
'We've nothing to hide': Kaspersky Lab offers to open up source code - Following damaging news that Russian hackers used Kaspersky to spy on an NSA contractor An independent review of the company's source code by Q1 2018 will be followed by similar audits of its software updates and threat detection rules. Kaspersky states: With this initiative, Kaspersky Lab will engage the broader information security community and other stakeholders in validating and verifying the trustworthiness of its products, internal processes, and business operations, as well as introducing additional accountability mechanisms by which the company can further demonstrate that it addresses any security issues promptly and thoroughly. Clearly Kaspersky is attempting to repair its damaged reputation in the industry, and while the US Government may no longer use their products, they may have a chance to win back some US customers, though only time will tell.
WHOIS embarrassed about security? APNIC, after database leaks - Asia's internet numbers registry APNIC has apologized to network owners after a slip in its WHOIS database config leaked credentials, including weakly-hashed passwords. The breach affected those in the regional registry's Maintainer and Incident Response Team (IRT) database objects. During a June 2017 upgrade, those details were included in downloadable WHOIS data.
The Internet Wants You: Consider a Career in Cybersecurity - According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. It is critical that today’s students graduate ready to enter the workforce and are open to learning more about the growing field of cybersecurity. The US-CERT encourages interested candidates to review some resources for information on employment opportunities, a link to these resources can be found on our show notes page at wiki.securityweekly.com.
US-CERT Warns of Active Attacks Against Industrial Control Systems - US-CERT issued a technical alert advisory on Oct.21 warning of advanced persistent threat activity targeting energy and other critical infrastructure sectors across the U.S. The technical alert was compiled with information provided from both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). According to the analysis, energy, nuclear, water, aviation and critical manufacturing sectors are at risk from an ongoing cyber-attack. Among the guidelines are Indicators of Compromise (IOCs), IP addresses, domain names as well as IPS signatures to help detect potentially malicious activity.
OSX Malware Spread Via Compromised Software Downloads - Elmedia Player by software developer Eltima boasts over one million users, some of whom have may have also unwittingly installed Proton, a Remote Access Trojan which specifically targets Macs for the purposes of spying and theft. Attackers also managed to compromise a second Eltima product - Folx - with the same malware. This seems to be a trend when attack OS X, embedded yourself inside software already trusted by the user. Not sure if I would trust software from Eltima any longer... Apple, of course, has colorful and insightful commentary on security issues, as an Apple spokesperson told ZDNet the company "at this stage we have nothing to add". It would be beneficial to Apple users to 1) acknowledge security issues and 2) create a plan to offer enhanced security features to OS X users, such as some built-in malware detection and prevention. Hey, a man can dream can't he?
NetBSD, OpenBSD Improve Kernel Security, Randomly - The folks at NetBSD have released their first cut of code to implement kernel ASLR – Address Space Layout Randomisation – for 64-bit AMD processors.The OpenBSD project offered its first look at a similar approach back in June, referred to as KARL (kernel address randomised links). That effort became mainstream early this month in OpenBSD 6.2.In 2001 the term ASLR was first introduced as a patch to the Linux kernel.Ref