Information Security *

Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.

Android has always been on the top of the hustle when you think about mobile application development. Android’s smartphone OS Market Share now hovers around 85%. Furthermore, volumes are expected to grow at a five-year CAGR of 2.4%, with shipments approaching 1.41 billion in 2022.

Source: Google Images

But before you took the plunge in exploring and riding on the waves of changes or hire an android app developer to develop an app, it is important to understand the trends and its implications on the android application development ecosystem.

Here is the translated Russian version of this interview.

The company of speakers at Moscow Python Conf++ 2020 is great, and it's not a good luck but thorough Program Committee's work. But who cares about achievements, it's much more interesting what the speaker thinks about our own questions. Conferences suits good to find it out, get insider information or advice from an experienced developer. But I got an advantage of being in Program Committee so I already asked our speaker Kushal Das some questions.

A unique feature of Kushal's speeches is that he often unveils «secret» ways to break Python code and then shows how to write code so that the NSA can't hack it. At our conference Kushal will tell you how to safely develop and deploy Python code. Of course I asked him about security.

The explosion of open source and issues related to it

The amount of open source or other third party code used in a software project is estimated as 60-90% of a codebase. Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defences and enable a range of possible attacks and impacts.



Conclusion: even if you perform constant security code reviews, you still might be vulnerable because of third-party components.

Some have tried to do this manually, but the sheer amount of work and data is growing and is time consuming, difficult, and error prone to manage. It would require several full time employees and skilled security analysts to constantly monitor all sources to stay on top.

This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.

I frequently hear questions like "How to implement authentication in an Android app?", "Where to store a PIN?", "Hey man, will I be secure if I implement an authentication feature in such a way?" and a lot of the kind. I got really tired answering these questions so I decided to write all my thoughts about it once to share with all questioners.

A couple of reader alerts:

In order to (somewhat) simplify the description process and tighten the volume of the article we are going to write, it is essential to make a significant remark and state the primary constraint right away — everything we are going to tell you today on the practical side of the problematics is viable only in terms of TLS 1.3. Meaning that while your ECDSA certificate would still work in TLS 1.2 if you wish it worked, providing backwards compatibility, the description of the actual handshake process, cipher suits and client-server benchmarks covers TLS 1.3 only. Of course, this does not relate to the mathematical description of algorithms behind modern encryption systems.

This article was written by neither a mathematician nor an engineer — although those helped to find a way around scary math and reviewed this article. Many thanks to Qrator Labs employees.

(Elliptic Curve) Diffie-Hellman (Ephemeral)

The Diffie–Hellman legacy in the 21 century

Of course, this has started with neither Diffie nor Hellman. But to provide a correct timeline, we need to point out main dates and events.

There were several major personas in the development of modern cryptography. Most notably, Alan Turing and Claud Shannon both laid an incredible amount of work over the field of theory of computation and information theory as well as general cryptanalysis, and both Diffie and Hellman, are officially credited for coming up with the idea of public-key (or so-called asymmetric) cryptography (although it is known that in the UK there were made serious advances in cryptography that stayed under secrecy for a very long time), making those two gentlemen pioneers.

In what exactly?

The practical means of applying public key cryptography to secure network communications were introduced by Loren Kohnfelder in his MIT S.B. (BSCSE) thesis written in May 1978. After that, the public key infrastructure (PKI) has gone through several iterations of changes and updates, but it still preserves its traditional methodology. PKI requires implicit trust from a single entity or entities chain called a certificate authority (CA). This approach has led to a breakdown in confidence. However, through the years, having one root entity to control the way public key certificates are issued has shown that it can cause major complications with transparency and security.

In this article, we will once again dive deeper into the problems of PKI and consider the solutions being developed that can overcome existing shortcomings.

Most likely you've already heard about the famous exploit checkm8, which uses an unfixable vulnerability in the BootROM of most iDevices, including iPhone X. In this article, we'll provide a technical analysis of this exploit and figure out what causes the vulnerability.

Recently I've received the Announcing Windows 10 Insider Preview Build 18999 including an update for «Your Phone» app, and my first thing was — is there something useful for digital forensics?

So, I've immediately installed this app on my test workstation and connected it with my Android phone. On the same time I was checking for all system activities with Process Monitor to understand where all Your Phone app files are stored.

Hello again, guys!

After I published my article about Telegram IM-based RAT, I've received some messages with one common point — what additional evidences can be found if a workstation being infected with Telegram IM-based RAT?

Ok, I thought, let's continue this investigation, moreover the theme had attracted such interest.

In previous article we told a lot about security of ERP systems. Now we want to talk about ways to protect them.

Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies.



Cybersecurity experts at Positive Technologies and Hack In The Box are inviting red and blue team security specialists to test their skills attacking and defending a full-scale modern city at The Standoff Cyberbattle held during HITB+ CyberWeek. This mock digital metropolis with full IT and OT infrastructure including traffic systems, electrical plants, and transportation networks will feature all the latest technologies used in actual critical infrastructure installations, allowing players to expose security issues and the impact they might have on the real world.

Did you know that Telegram IM becomes more and more popular as a toolkit to make some illegal do's?
There are a lot of hidden channels and bots with different illegal and piracy content. I can suggest you an article where some of these points are described deeply.

But my point of interest is using Telegram as Remote Access Toolkit (RAT).

To illustrate typical attack, and architecture issues, we will provide examples of SAP ERP solution, as it’s the most widespread one installed in 85% of Fortune 2000 companies.

Digital certificates are one of the most commonly known auxiliary tools that help protect data across public networks. However, the key disadvantage of this technology is also commonly known: users are forced to implicitly trust certification authorities which issue digital certificates. Andrey Chmora, Technology and Innovations Director at ENCRY, suggested a new approach for building a Public Key Infrastructure (PKI) to eliminate the existing disadvantages using the distributed ledger (blockchain) technology.
Let's begin with the basics.

ERPs and other enterprise business applications play a significant role in a company’s architecture and business processes. Unfortunately, these systems may easily fall victim to cyberattacks.

Description

The WS-Routing Protocol is a protocol for exchanging SOAP messages from an initial message sender to receiver, typically via a set of intermediaries. The WS-Routing protocol is implemented as a SOAP extension, and is embedded in the SOAP Header. «WS-Routing» is often used to provide a way to direct XML traffic through complex environments and transactions by allowing interim way stations in the XML path to assign routing instructions to an XML document.

Taking a minimalist approach, WS-Routing encapsulates a message path within a SOAP message, so that the message contains enough information to be sent across the Internet using transports like TCP and UDP while supporting:

• The SOAP message path model,
• Full-duplex, one-way message patterns,
• Full-duplex, request-response message patterns, and
• Message correlation.

Routing Detours are a type of «Man in the Middle» attack where Intermediaries can be injected or «hijacked» to route sensitive messages to an outside location. Routing information (either in the HTTP header or in WS-Routing header) can be modified en route and traces of the routing can be removed from the header and message such that the receiving application none the wiser that a routing detour has occurred. 

Image credit: Unsplash

Virtual Private Networks (VPNs) are very good tools for online enhancement, censorship avoidance, anonymous file sharing, and more. But nowadays there are literally hundreds of such services, so it may be a bit tricky to pick the one that will suit you. Today we will share three practical tips that will help to solve this task.

Surely you've heard the expression «bug hunting» many times. I dare to assume, you won't mind earning one or two hundred (or even thousand) dollars by finding a potential vulnerability in someone's program. In this article, I'll tell you about a trick that will help analyzing open source projects in order to find such vulnerabilities.