newsbytes given in null meet bhopal on 24-09-2017

1. Security
News Bytes
Security
News Bytes
By Chetan Thakre
null - The Open Security Community

2. Something about me :-
• A cyber-sec enthusiast
• A budding programmer
• A dancer
• Co-moderator of null Bhopal chapter
• And the founder of Neo’s foundation.

3. Overview :-
• Blueborne : a new attack vector
• Expensivewall : an android malware
• Zerodium offering $1m for tor browser zero day’s.
• Bashware
• Second wave of locky ransomware
• Red Alert 2.0 : a new android banking trojan

4. Blueborne : a new attack vector
• An attack vector by which hacker can leverage
Bluetooth and can take complete control over
targeted devices.
• Eight more zero day vulnerabilities are disclosed
by armis labs.

5. 1.Linux kernel RCE vulnerability - CVE-017-1000251
2.Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
3.Android information Leak vulnerability - CVE-2017-0785
4.Android RCE vulnerability #1 – CVE-2017-0781
5.Android RCE vulnerability #2 - CVE-2017-0782
6.The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
7.The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
8.Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315
Vulnerabilities :-

6. What is the risk?
• Currently 8.2 billion active Bluetooth devices in world.
• Its malware behavior
• May result in a botnet bigger then mirai botnet.

7. • Founded in an app named “lovely wallpaper”
• Over 50+ apps had been removed which are affected by it.
• Uses a obfuscation technique called “ Packed “ .
Expensive-wall : an android malware

8. What is the risk?
• This malware family has been downloaded between 5 million to
21 million times
●
a similar malware could be easily modified to use the same
infrastructure in order to capture pictures, record audio, and
even steal sensitive data and send the data to a command and
control (C&C) server

9. Zerodium offering $1 Million
• Zerodium is a hacking company that sells exploits to governments
around the world.
• Zerodium says the Tor bounty is designed to help its government
customers track criminals who use the anonymous browser.

10. Bashware :-
●
This discrepancy abuses what is essentially the foundation of
WSL—“Pico processes”, which are containers that allow the
use of Linux’s Executable and Linkable Format (ELF) binaries
on the Windows 10 OS.

11. Second wave of locky :-
●
The wave has been discovered by security researchers from
AppRiver.
●
they have seen over 23 million messages (including Locky
ransomware) sent in this attack, making it one of the largest
malware campaigns that they have seen in the second half of
2017.

12. Red Alert 2.0 :-
●
The capabilities of the malware are similar to those of other
Android banking Trojans, such as the use of overlays to steal
login credentials, or SMS control and contact list harvesting.
●
The malware can block and log incoming calls of banks, which
could affect the process of fraud operation departments at
financials that are calling victims on their infected
smartphone about a possible malicious activity.

13. Resources :-
• https://www.armis.com/blueborne/#foobox-3/0/U7mWeKhd_-A
• https://www.armis.com/blueborne/
• https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-
play-will-hit-wallet/
• https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/bash
ware-attack-targets-windows-system-for-linux-wsl
• https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-
solutions/
• https://blog.appriver.com/2017/08/locky-ransomware-attacks-increase/
• https://latesthackingnews.com/2017/08/31/the-second-wave-of-the-locky-ransomware-ha
s-been-started/
• https://latesthackingnews.com/2017/09/19/new-android-banking-trojan-discovered/

14. Thank you for your
attention
Thank you for your
attention