1.
News Bytes
March 2020

2.
A glimpse of the past month
• Scammers are Exploiting Coronavirus Fears
• Chrome Extensions caught Stealing Data
• Microsoft defender on Linux
• The Wifi Encryption Vulnerability
• CPI Ransomware Attack
• Ultrasonic waves to control Audio devices
• AMD Processors vulnerable to 2 new side-channel attacks
• Intel Chip flaw is unfixable
• Necurs Takedown

3.
Scammers exploiting Coronavirus
Just check out the links, both are clearly fake

4.
Chrome extensions stealing data
• 500 apps were taken down
• One of the weaker links of a browser is an extension, it allows for data access to
the extension and can be misused. That happened.
• These apps used a C2 (Command and Control) server – (A C2 server is basically a
machine that allows to send and receive commands or data).
• These C2 servers are used for ad-fraud and maladvertising.
• Research done using CRXcavator (https://crxcavator.io/)

5.
Microsoft defender on Linux

6.
WiFi encryption Vulnerability
• Kr00k
• https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
• A really bad short explanation is:
– It uses an all zero key. So, there is something called as a nonce, its purpose is to avoid
any old communication to be reused.
– If the key and nonce end up being identical, and if a counter is used to generate the
keystream (a keystream is basically what will encrypt a message, a key is the tool that
creates a keystream)
– Now, we have everything as an attacker and can basically decrypt all communication
without needing the wifi password

7.
CPI Ransomware Attack
• Communications & Power Industries (CPI) makes components for military
devices and equipment, like radar, missile seekers and electronic warfare
technology. The company counts the U.S. Department of Defense and its
advanced research unit DARPA as customers.
• They were hacked, 500,000 USD Ransom
• According to sources:
– domain-admin clicked a malicious link triggering file-encrypting malware
– 150 computers were still using Windows XP – retired 2014
– Hope we can grasp the rest…

8.
Ultrasonic waves to control Audio Devices
• So, sound needs a medium to be transmitted.
• This leverages the very same. It uses the acoustic properties of solids (like tables).
• Piezoelectric transmitters – They use ultrasonic waves
• Basically attackers send data to the MEMS recievers and with any eavesdropping
tech can easily extract info.
MEMS (microelectro-mechanical systems)

9.
AMD Processors vulnerable to 2 side channel
attacks
• Just like Meltdown and Spectre? But less serious (lesser information is
compromised)
• Name of Take-a-way leak

10.
Intel Chip Flaw is unfixable
• The problem lies in the Converged Security and Management Engine (CSME).
• There are no active exploits and exploitation is difficult.

11.
Necurs Takedown

12.
Necurs Takedown
• MSFT broke the domain generation algorithm (DGA)
• Were able to accurately predict over six million unique domains that would be
created in the next 25 months

13.
Sources
Scammers are Exploiting Coronavirus Fears
• https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams
• https://www.kaspersky.com/blog/coronavirus-phishing/32395/
Chrome Extensions caught Stealing Data
• https://thehackernews.com/2020/02/chrome-extension-malware.html
Microsoft Bitdefender on Linux
• https://www.av-test.org/en/antivirus/home-windows/
The Wifi Encryption Vulnerability
• https://www.eset.com/int/kr00k/
• https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
• https://crypto.stackexchange.com/questions/54897/how-can-an-all-zero-encryption-key-result-in-
plaintext

14.
Sources
CPI Ransomware Attack
• https://techcrunch.com/2020/03/05/cpi-ransomware-defense-contractor/
Ultrasonic waves to control Audio devices
• https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
• https://www.edn.com/basic-principles-of-mems-microphones/
AMD Processors vulnerable to 2 new side-channel attacks
• https://www.engadget.com/2020/03/08/amd-cpu-take-a-way-data-leak-security-flaw/
Intel Chip flaw is unfixable
• https://www.sans.org/newsletters/newsbites/xxii/19
Necurs Takedown
• https://thehackernews.com/2020/03/necurs-botnet-takedown.html

15.
Thank You