Many of you are probably already familiar with what Responder does. It takes advantages of protocols such as LLMNR to spoof responses to Windows auto proxy discovery. Black Hills Information Security has just published a blog post on how to disable LLMNR. This protocol has no security, is a broadcast layer 2 protocol and was designed to be used for DNS resolution when there is no DNS server in the network. Nice right? It is also how Windows performs it’s proxy discovery since Windows Vista and it can be spoofed from any node on the broadcast domain. This has been used by hackers to send the user to a proxy server they control to steal user credentials for websites such as online banking and also exploit the browser itself.
BHIS Blog Post: http://bit.ly/2RHtBAZ
A hacker with the Twitter handle axi0mX recently announced on Twitter that they have found an “epic” flaw in all modern day iOS devices. It affects the iPhone 4-iPhone X. Since it’s a flaw in the hardware it’s impossible to patch without revising the hardware as well. The flaw is in the boot loader’s code.
Independent Security Evaluators, or ISE for short, have done a new study of IoT devices and they found over 125 new flaws in them which can be used to gain unauthorized access to a device and even gain execution in some cases. Most of these are consumer level devices. You should check to see if anything you have on your home network is on their list.
This article goes into detail regarding how you can attack Wi-Fi networks using the open source tool called Bettercap. This is an improved method that doesn’t require a deauth packet to be sent.
Google’s Project Zero just release information regarding an exploit chain targeting iOS devices. The exploit chains were used as a part of a watering hole campaign that would exploit an iOS device that was viewing it. Watering hole campaigns involve websites where the site has either been hacked into or stood up such that anyone viewing it will be potentially exploited. What’s interesting about the implant that the complex exploit chains installs is that is very unsophisticated and uses clear text protocols for data exfiltration.
Talos security recently announced several serious bugs in the Nest Cam IQ camera, which is their most advanced IoT offering on the market. The vulnerabilities range in severity from a simple DoS to RCE. The bugs were all found in one of their communication protocols they use called Weave (the Net Cam IQ also supports TCP, UDP, Bluetooth and 6lowpan).
Google Project Zero recently announced a 20 year old local privilege exploit (LPE) affecting all versions of Windows both server and client versions from Windows Server 2003 through Windows Server 2019 and Windows XP all the way through Windows 10. It takes advantage of the “ctfmon.exe” process which is a shared service for processing text input. This process doesn’t have access controls which means a malicious request to it will allow an unprivileged user to gain SYSTEM privileges. Microsoft has release a patch in their August updates.
Earlier this week the same researchers that found the original set of vulnerabilities in the Dragonfly handshake for WPA3 have found two more. I thought WPA3 would be less vulnerable than WPA2 but it seems the WiFi Alliance continues to struggle with coming up with a secure algorithm to prevent unauthorized access. The WiFi Alliance recently announced WPA3.1 which will not be vulnerable to these attacks but that’s also at the expense of backward comparability. If you are in the market now for a WPA3 enabled router I would suggest waiting a little bit longer for WPA3.1 to come out.
You may want to upgrade to iOS 12.4 which patches four out of five vulnerabilities. The remaining one hasn’t been disclosed to Apple so there’s a possibility they will be release an update to iOS which will patch it.
This was just in a SANS AtRisk email that I’m subscribed to. If you are using this VPN appliance please be aware of this format string vulnerability. It’s both pre-auth and also capable of remote code execution (RCE). Palo Alto was already aware of this vulnerability internally and they patched the vulnerability, begining with PAN-OS v9.0, which is now shipping with this appliance. However the appliance bought before the patch was made are most likely still running a vulnerable version of PAN-OS so please update to the latest version of PAN-OS: