CAT | Security Breaches
Kaspersky recently announced the discovery of a new Advanced Persistent Threat (APT) that they are calling DarkHotel. This is in the fine tradition of giving all newly discovered hackers or vulnerabilities clever and evil sounding names. In this case they have found something quite interesting.
For the last 7 years a group has been systematically targeting executives and government officials staying at high end hotels. They hack their computers and grab their files, sniff their keyboards, and install virus that can then spread within the victim’s organization. (more…)
Security researcher Emil Kvarnhammar of TrueSec announced the discovery of a new vulnerability in Mac OS X from 10.8.5 though the current 10.10.
The attack is against a unix utility called “sudo” which allows commands to run as the “root” user (which has absolute power on the system). Normally a user with admin privileges needs to type in their password and approve the running of these tasks, but this attack bypasses the user authentication step.
They have not released details on the vulnerability to give Apple time to issue a fix. In the mean time, it looks like you can protect yourself by making your your normal account is not an admin account. (more…)
Two new attacks on Tor were recently announced.
A couple of months ago researcher Karsten Nohl demonstrated a security vulnerability that he called BadUSB. Basically it was a demonstration that an attacker could alter the firmware in a USB device to automatically attack anything it was plugged in to. At the recent DerbyCon, researchers Adam Caudill and Brandon Wilson demonstrated their version of the attack and released sample code for how to implement it. This really opens pandora’s box.
The problem here is that this is not actually a bug in USB. It is exactly how USB is designed to work (as insecure as that might be), and changing that behavior is likely to break a lot of other things. A good and effective fix for this vulnerability is probably years away.
In the mean time, take great care with USB devices. My suggestion is to never use another person’s USB device. Don’t use USB to transfer files, and make sure that any USB devices you do use are obtained directly in unopened packaging. There could still be exploits introduced in manufacturing, but at least you are as safe as reasonably possible.