Daily Archives: September 5, 2018

Snake Oilers 7 part 2: Assetnote.io launch, InQuest and Aiculus

On this edition of Snake Oilers we hear from three companies, and for one of them, it’s actually their product launch!

Assetnote is a cloud asset discovery and security scanning platform spun out of the bug bounty community. If you’re a CSO with any large public attack surface you’ll really want to hear about that one. This platform finds things you didn’t even know your company had online in cloud environments and then scans them for real, actual RCEs. The user interface is awesome, too.

Then we’re going to hear from Pedram Amini of InQuest – they make a box that reassembles files from network packets captured off the wire or funnelled in through ICAP and then rips them to bits looking for badness. They call it deep file inspection and it’s a great way to supplement client side detection, at scale. You can even pass these reassembled files on to multi-AV or cloud services and use this platform to do spot threat hunting. It’s very powerful stuff, and honestly that’s an interview that got me thinking in a new way about detection concepts.

And then finally we’re joined by Omaru Maruatona of Aiculus. Omaru has a PHD in applying machine learning to bank fraud that he obtained while working for one of the big four banks here in Australia. After that he moved on the PwC as a penetration tester and now he’s running Aiculus. Aiculus has developed an API proxy that uses machine learning to detect funky calls. If you’re not satisfied that your API gateway has you completely covered then yeah, you’ll want to listen to that one.

Why Manufacturing is an Attractive Industry for Cyberattacks

An estimated 48 percent of UK manufacturers have suffered a cyberattack at some point with half of them incurring financial losses or disruption to their business.


Leadership Insights

An estimated 48 percent of UK manufacturers have suffered a cyberattack at some point with half of them incurring financial losses or disruption to their business.

CVE-2018-16307 (xiaomi_miwifi_xiaomi_55dd_firmware)

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

CVE-2018-16145 (opsview)

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.

CVE-2018-16146 (opsview)

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.

CVE-2016-1000030 (linux_enterprise_server, pidgin)

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

NIST Issues Guidance for Medical IoT Device Security

As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More

The post NIST Issues Guidance for Medical IoT Device Security appeared first on .

Hacking smart buildings

You're settling into your cubicle with a hot cup of coffee when the haunting begins. The HVAC blows cold on your neck. That's weird, you think. You take a sip of your coffee but choke when the moaning starts. The pipes never sound like that. The lights flicker, go out. A hush, then panic sets in across the office.

To read this article in full, please click here