Security Roundup - 2018-02-23

Posted on  by

Sean is on a well earned vacation this week- so I will be filling in!


Trusting Third Party SDKs- If you know about the traditional MitM attacks, than this idea is a an evolutionary step- MitM the SDK and let the resulting binaries do the dirty work for you! Expect the numbers in this article to continue to drop as we head toward a more encrypted Internet.

Malware Gets Better Support than Hardware- An evolved variant of ‘Mirai’, called ‘Satori’, has been infecting home routers from Huawei, RealTek, and Dasan, at an alarming rate. It even gets updates, which is more than can be said for the hardware that it’s exploiting. Whereas Mirai could be avoided by changing the default password of the hardware, Satori is using firmware vulnerabilities to exploit devices.

Responding to Vulnerabilities in an Open Source World- This article focuses on how to quickly respond to vulnerabilities in open source software that are used in building your products. There is a heavy emphasis on tooling and automation, which is critical in getting updated done in a quick and efficient manner.

Linux Malware Using Raw Sockets- Another malware variant, this time from ‘sebd’, called ‘Chaos’ is making the round on linux servers. The use of raw sockets prevents blocking if a service is already on a port, which would allow for very stealthy listener.

NK Reaper Campaign- A full PDF from FireEye on the APT37/Reaper team that’s using malware to further North Korea’s interests in the world. They are targeting multiple CVEs with multiple malware packages.

hardware apt development