*** The Security News Thread ***

[harrybarracuda]

The thing is HooHoo I could have said this:

"Some of the interesting techniques GoldenHelper uses include randomization of name whilst in transit, randomization of file system location, timestomping, IP-based DGA (Domain Generation Algorithm), UAC bypass and privilege escalation."

But you wouldn't understand any of it because you're not very bright.

[OhOh]

But you wouldn't understand any of it

Every business has it's own metalanguage and I didn't get past this:

Some of the interesting techniques GoldenHelper uses include ......... zzzzzzzzz

1. Issued a spec,
2. Review techies application,
3. If 2 < 1. Go 1 else go 4
4. Issue a internal comments doc.
5. Wait zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
6. If 2 < 1. Go 5 else go 1
5. Sell the App.
6. Spend bonus on frivolities

Impressive eh, or am I missing a critical loop?

Got to keep the recipe's a secret, lines 2. - 4. eh.

[harrybarracuda]

Impressive eh, or am I missing a critical loop?

Oh look, HooHoo's resorting to the waffle again.

Let's just repeat the story so it sinks in:

The chinkies planted malware and backdoors in a tax program that the chinkies had forced foreign companies to use.

So Hoohoo resorts to talking about KFC as if somehow this is more important.

[harrybarracuda]

I've met Alex half a dozen times over recent years. The last time I found him propping up the pool bar at the birthplace of the Pina Colada wearing an England footy shirt. With these two in charge the sloppy Solarwinds security team are about to experience a world of hurt, and I'm sure several will be headed for the exits.

SolarWinds has hired the former head of the US Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, in an effort to recover from last month’s cyber attack which left 18,000 customers exposed to what are believed to be Russian hackers.

Krebs was the first director of CISA, which was founded in 2018 as a part of US Homeland Security. He also led the effort to maintain the cyber safety of the 2020 US presidential election and was famously fired by President Trump after he proclaimed the election to be the most secure ever in US history.

SolarWinds has also taken on Facebook CSO Alex Stamos, who was previously hired by Zoom to help the video conferencing provider boost its security following incidents of ‘Zoom-bombing’, which led to numerous companies and institutions banning the use of the platform.

Krebs and Stamos have recently formed a security consulting business, of which expertise SolarWinds is now expected to benefit from.

SolarWinds hires former Trump cyber security chief | IT PRO

[TTraveler]

The Solarwinds security team needs a big shock right about now, and hopefully those two leaders can deliver it.

[harrybarracuda]

The Solarwinds security team needs a big shock right about now, and hopefully those two leaders can deliver it.

Stamos in particular is a big fan of red teaming!

[harrybarracuda]

Bejaysus what a mess.

Third malware strain discovered in SolarWinds supply chain attack

[TTraveler]

Bejaysus what a mess.

The good news: they found it.
But one must wonder how many more strains are in the system that haven't been found.

[harrybarracuda]

The good news: they found it.
But one must wonder how many more strains are in the system that haven't been found.

I got invited to an InfoBlox presentation yesterday. I sort of mentioned that spending six figures on a package that didn't detect shitloads of outbound DNS exfiltration wasn't really my thing.

[TTraveler]

Millions of Social Profiles Leaked by Chinese Data-Scrapers

More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet – including details for celebrities and social-media influencers in the U.S. and elsewhere.

The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.

The server was found to be publicly exposed without password protection or encryption during routine IP-address checks on potentially unsecured databases, researchers said. It contained more than 318 million records in total.

Millions of Social Profiles Leaked by Chinese Data-Scrapers | Threatpost

[harrybarracuda]

Built-in backdoors and vulnerabilities and straight away you think of one country...

Multiple backdoors and vulnerabilities discovered in FiberHome routers

At least 28 backdoor accounts found in FiberHome FTTH ONT routers.

At least 28 backdoor accounts and several other vulnerabilities have been discovered in the firmware of a popular FTTH ONT router, widely deployed across South America and Southeast Asia.


FTTH ONT stands for Fiber-to-the-Home Optical Network Terminal. These are special devices fitted at the end of optical fiber cables. Their role is to convert optical signals sent via fiber optics cables into classic Ethernet or wireless (WiFi) connections.


FTTH ONT routers are usually installed in apartment buildings or inside the homes or businesses that opt for gigabit-type subscriptions.


In a report published last week, security researcher Pierre Kim said he identified a large collection of security issues with FiberHome HG6245D and FiberHome RP2602, two FTTH ONT router models developed by Chinese company FiberHome Networks.


The report describes both positive and negative issues with the two router models and their firmware.

For example, the positive issues are that both devices do not expose their management panel via the IPv4 external interface, making attacks against its web panel impossible via the internet. Furthermore, the Telnet management feature, which is often abused by botnets, is also disabled by default.

However, Kim says that FiberHome engineers have apparently failed to activate these same protections for the routers' IPv6 interface. Kim notes that the device firewall is only active on the IPv4 interface and not on IPv6, allowing threat actors direct access to all of the router's internal services, as long as they know the IPv6 address to access the device.

Multiple backdoors and vulnerabilities discovered in FiberHome routers | ZDNet

[TTraveler]

Built-in backdoors and vulnerabilities and straight away you think of one country...

Couldn't possibly be the country that hoards its researchers and the vulnerabilities they discover...

They say you don't notice something good until it's gone. With China's decision to restrict its information security researchers from participating in global hacking competitions, we're about to see what that looks like on the global "zero day" stage.

For over a decade Pwn2Own ... brought together security talent from across the globe in a friendly hacking competition that is a cornerstone of research and advancement on par with Black Hat and Def Con.

China's hackers routinely win, sweeping the board -- notably, the Tencent and Keen teams. Pwn2Own is good-natured, and all in the name of researchers finding big bugs, nabbing great bounties and drawing attention to security holes and zero-days that need to be fixed.

But (since 2018), China is no longer allowing its researchers to compete.

https://www.engadget.com/2018-03-16-chinese-hackers-pwn2own-no-go.html

[harrybarracuda]

I bet you can't guess whose dodgy, backdoor-infested shit this is aimed at.

On January 20th President Biden signed an Executive Order that in part suspended the implementation of President Trump's May 1, 2020 order halting the use of components produced by hostile foreign states in the Bulk Power System:

Sec 7 (c) Executive Order 13920 of May 1, 2020 (Securing the United States Bulk-Power System), is hereby suspended for 90 days. The Secretary of Energy and the Director of OMB shall jointly consider whether to recommend that a replacement order be issued.