Kernel Pwning with eBPF: a Love Story

At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.

Find the released local privilege escalation (LPE) Proof-of-Concept for CVE-2021-3490 here: https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490. It targets Ubuntu 20.10 (Groovy Gorilla) kernels 5.8.0-25.26 through 5.8.0-52.58. and Ubuntu 21.04 (Hirsute Hippo) 5.11.0-16.17.

This blog post is intended to give a detailed overview of eBPF from the perspective of an exploit developer.

https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story

#linux #kernel #pwning #ebpf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Meet Paragon: An American-Funded, Super-Secretive Israeli Surveillance Startup That ‘Hacks WhatsApp And Signal’

Paragon Solutions doesn’t have a website. There’s very little information at all about them online, even if the Tel Aviv-based smartphone surveillance startup’s employees are all over LinkedIn, more than 50 of them. That’s not a bad headcount for a company that’s still in stealth mode.

But it does have a cofounder, director and chief shareholder that will turn heads: Ehud Schneorson, the former commander of Israel’s NSA equivalent, known as Unit 8200. The other cofounders - CEO Idan Nurick, CTO Igor Bogudlov and vice president of research Liad Avraham - are ex-Israeli intelligence too. Also on the board is cofounding director and former Israeli prime minister Ehud Barak. They also have a significant American financial backer: Boston, Massachusetts-based Battery Ventures. According to two senior employees at companies in the Israeli surveillance industry, who spoke on the condition of anonymity, the venture capital business put in between $5 and $10 million, though Battery declined to comment on the nature of its investment, which is only mentioned in brief on the company’s website.

Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.

https://www.forbes.com/sites/thomasbrewster/2021/07/29/paragon-is-an-nso-competitor-and-an-american-funded-israeli-surveillance-startup-that-hacks-encrypted-apps-like-whatsapp-and-signal/

#paragon #hacking #surveillance #spyware #israel #usa #whatsapp #signal
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Fighting porch pirates with artificial intelligence (and flour)

I got a package stolen, so I did the only thing I know how to do - build an unnecessarily complicated and ethically ambiguous machine.

This is the story of how I built a machine to recognize if a package is being stolen from my porch, and respond accordingly. The project uses a combination of python, tensorflow, and the last of my sanity.

https://github.com/rydercalmdown/package_theft_preventor

https://www.youtube.com/watch?v=nPnOtm1Uadw

#ai #machinelearning #porchpirates #packagetheive #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

FakeTagger: Robust Safeguards against DeepFake Dissemination via Provenance Tracking

The system, entitled FakeTagger, uses an encoder/decoder process to embed visually indiscernible ID information into images at a low enough level that the injected information will be interpreted as essential facial characteristic data, and therefore passed through abstraction processes intact, in the same way, for instance, as eye or mouth data.

https://www.unite.ai/identifying-deepfake-data-sources-with-ai-based-tagging-faketagger/

https://xujuefei.com/felix_acmmm21_faketagger.pdf

#faketagger #deepfake #tracking #tagging #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

PwnedPiper vulnerabilities impact 80% of major hospitals in North America

Details have been published today about a collection of nine vulnerabilities known as PwnedPiper that impact a common type of medical equipment that’s installed in roughly 80% of all major hospitals in North America.

The TransLogic Pneumatic Tube Systems (PTS), from Swisslog Healthcare, is a complex system that uses compressed air to move medical supplies (lab samples, medicine, blood products, etc.) using tubes that connect different departments inside large hospitals.

Installed in more than 3,000 hospitals, TransLogic systems effectively work as the blood vessels of modern hospitals as they allow the movement of sensitive medical material while keeping nurses free to provide patient care.

In research published today, IoT security firm Armis said it discovered nine vulnerabilities in the Nexus Control Panel, the software that doctors and nurses use to control how medical material moves between hospital sections.

“These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital,” the Armis team said today.

“This type of control could enable sophisticated and worrisome ransomware attacks, as well as allow attackers to leak sensitive hospital information,” the company added.

While the vulnerabilities can be exploited only if an attacker can connect or has a foothold on the hospital’s internal network, the PwndPiper issues were deemed extremely severe due to the prevalence of TransLogic devices across North America and how easy they could be weaponized to impact a hospital’s ability to provide proper medical care.

The issues —listed at the bottom of this article— were discovered in May and reported to Swisslog Healthcare, Armis said.

“A software update for all but one of the vulnerabilities has been developed, and specific mitigation strategies for the remaining vulnerability are available for customers,” a Swisslog Healthcare spokesperson told The Record in an email.

The company has released today version 7.2.5.7 of the Nexus Control Panel, along with a blog post with additional information for its customers. It also said the issue is primarily restricted to hospitals in North America, where most of these tube systems are installed, and that a patch for the ninth issue is expected later this year.

https://therecord.media/pwnedpiper-vulnerabilities-impact-80-of-major-hospitals-in-north-america/

#PwnedPiper #vulnerabilities #hospitals #usa #swisslog
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

ProtonMail: User data for the USA thanks to good cooperation with authorities

ProtonMail, which claims to be a "secure e-mail service from Switzerland," supplies user data to security authorities. User data also goes to law enforcement agencies in the USA, as a current case shows.

The proceedings concern threats against, among others, the well-known immunologist Anthony Fauci. In a series of emails, the sender threatened, among other things, to kill Fauci and his family.

As the U.S. Department of Justice writes, the defendant used "an email account from a provider of secure, encrypted email services based in Switzerland."

According to the corresponding affidavit, this email service was ProtonMail. The relevant emails end accordingly with "Sent with ProtonMail Secure Email".

On the basis of data from ProtonMail, which was sent to the USA by way of legal assistance, it emerged that the defendant had used several user accounts at ProtonMail.

According to his own statements, the accused had switched to ProtonMail because he believed he was protected by Swiss data protection law and end-to-end encryption. Nevertheless, the sender could be identified in the interaction of data from ProtonMail as well as other online services.

https://steigerlegal.ch/2021/08/02/protonmail-daten-usa/

https://www.justice.gov/usao-md/press-release/file/1416926/download

#protonmail #usa #doj #userdata #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Shares slide after China brands online games 'electronic drugs'

Shares in two of China's biggest online gaming firms have slipped after a state media outlet called them "electronic drugs".

Tencent and NetEase shares fell more than 10% in early Hong Kong trade before regaining some of those losses.

Investors are increasingly concerned about Beijing cracking down on firms.

In recent months authorities have announced a series of measures to tighten their grip on technology and private education companies.

An article published by the state-run Economic Information Daily said many teenagers had become addicted to online gaming and it was having a negative impact on them. The news outlet is affiliated with the official Xinhua news agency.

The article cited Tencent's hugely popular game Honor of Kings, saying students were playing it for up to eight hours a day, and asked for more curbs on the industry.

"No industry, no sport, can be allowed to develop in a way that will destroy a generation," it said before going on to liken online games to "spiritual opium".

Tencent has said it would introduce measures to reduce children's access to and time spent on its Honor of Kings game. The company also said it plans to eventually roll out the policy to all of its games.`

The recovery in share prices came as Economic Information Daily deleted the article from its account on the Wechat social media platform.

Tencent also saw its shares fall last week after being ordered to end exclusive music licensing deals with record labels around the world.

The move was aimed at tackling the technology giant's dominance of online music streaming in the country - it currently controls more than 80% of China's exclusive music streaming rights after an acquisition in 2016.

Tencent is only one of a number of Chinese companies listed in the US, Hong Kong and mainland China to see shares fall sharply this year as Beijing clamps down on the country's technology and education industries.

Last week saw shares in Chinese online tutoring firms slump after they were stripped of the ability to make a profit from teaching core subjects in China.

The new guidelines also restricted foreign investment in the industry.

https://www.bbc.com/news/business-58066659

#china #online #gaming
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Blizzard Entertainment president steps down after workplace protests.

Activision Blizzard, the video game maker, said on Tuesday that the president of its Blizzard Entertainment studio was stepping down immediately, as the company grapples with the fallout from allegations of workplace harassment and discrimination.

Activision, known for Call of Duty and other popular gaming franchises, has been under pressure following a lawsuit filed on July 20 by the state of California. The lawsuit accused the company of fostering a “frat boy workplace culture” in which men joked about rape and women were routinely harassed and paid less than their male colleagues.

Many of the misconduct accusations in the lawsuit focused on the Blizzard division, with which Activision merged through a 2008 deal with Vivendi Games.

The departing executive, J. Allen Brack, will be replaced by two Blizzard executives, Jen Oneal and Mike Ybarra, who will be co-leaders of the studio, Activision said in a statement. Mr. Brack was mentioned in the lawsuit as an executive who had failed to take “effective remedial measures” when sexual harassment and discrimination complaints were brought to him.

Bobby Kotick, Activision’s chief executive, initially stumbled in his response to the lawsuit but has since moved aggressively to contain employee discontent. Activision was at first dismissive of the allegations, and more than 1,500 employees last week staged a walkout to protest the response and to urge executives to take the issues seriously.

On the eve of the walkout, Mr. Kotick apologized and said Activision would improve its culture and hire the law firm WilmerHale to review the company’s policies. “I am sorry that we did not provide the right empathy and understanding,” he told employees at the time. Activision is set to report earnings later on Tuesday, when Mr. Kotick is expected to speak.

https://www.nytimes.com/2021/08/03/business/blizzard-entertainment-activision.html

#blizzard
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Gap analysis and recommendations for deploying technical solutions to tackle the terrorist use of the Internet

https://cdn-132.bayfiles.com/H187o3Acu0/c92ca5dd-1628020715/GIFCT-TAWG-2021.pdf

#analysis #terrorists #internet #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Your Facebook Account Was Hacked. Getting Help May Take Weeks — Or $299

Angela McNamara's first hint that her Facebook account had been hacked was an early-morning email warning that someone was trying to log into her account.

"If this is not you, don't worry, we're keeping your account safe," she recalls the email from Facebook saying. But her relief only lasted a minute, when another email arrived, saying her password had been changed. Then another, notifying her that a two-factor authentication — an extra layer of security — had been set up for her account.

"And then from there I'm just like, 'OK, it is gone,' " said McNamara, who lives outside Toronto. She tried Facebook's automated process to recover her account: getting a backup code, resetting her password. But nothing worked.

https://www.npr.org/2021/08/02/1023801277/your-facebook-account-was-hacked-getting-help-may-take-weeks-or-299

#facebook #hacked #DeleteFacebook
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.

The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.

https://www.theregister.com/2021/08/03/russia_cybercrime_laws/

https://www.kommersant.ru/docs/2021/RF_28_July_2021_-_E.pdf

#russia #un #cybercrime #backdoors #censorship #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

‘Master Faces’ That Can Bypass Over 40% Of Facial ID Authentication Systems

Researchers from Israel have developed a neural network capable of generating ‘master’ faces – facial images that are each capable of impersonating multiple IDs. The work suggests that it’s possible to generate such ‘master keys’ for more than 40% of the population using only 9 faces synthesized by the StyleGAN Generative Adversarial Network (GAN), via three leading face recognition systems.

The paper is a collaboration between the Blavatnik School of Computer Science and the school of Electrical Engineering, both at Tel Aviv.

https://www.unite.ai/master-faces-that-can-bypass-over-40-of-facial-id-authentication-systems/

https://arxiv.org/pdf/2108.01077.pdf

#bypass #facial #id #authentication #GAN #StyleGAN #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 98: Zero Day Brokers

Zero day brokers are people who make or sell malware that’s sold to people who will use that malware to exploit people. It’s a strange and mysterious world that not many people know a lot about. Nicole Perlroth, who is a cybersecurity reporter for the NY Times, dove in head first which resulted in her writing a whole book on it.

https://darknetdiaries.com/episode/98/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Apple plans to scan US iPhones for child abuse imagery

Security researchers raise alarm over potential surveillance of personal devices

Apple intends to install software on American iPhones to scan for child abuse imagery, according to people briefed on its plans, raising alarm among security researchers who warn that it could open the door to surveillance of millions of people’s personal devices.

Apple detailed its proposed system — known as “neuralMatch” — to some US academics earlier this week, according to two security researchers briefed on the virtual meeting. The plans could be publicised more widely as soon as this week, they said.

The automated system would proactively alert a team of human reviewers if it believes illegal imagery is detected, who would then contact law enforcement if the material can be verified. The scheme will initially roll out only in the US.

Apple declined to comment.

(Paywall)
https://www.ft.com/content/14440f81-d405-452f-97e2-a81458f5411f

#usa #apple #iphones #childabuse #surveillance
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Operating Systems: Timeline and Family Tree

Includes over 830 operating systems so far

In this post you'll find a family tree and timeline of operating systems. I have tried to include all operating systems, no matter how old or obscure. Of course, a complete list is virtually impossible, as there is no way to catalogue all the tiny hobby and embedded systems that may exist somewhere.

Please also note that I only included a few selected Linux/BSD/Solaris distributions (it is arguable whether these should count as an OS on their own or not).

Currently, the family tree includes between 800 and 900 different operating systems. Tip: use Ctrl+F (Cmd+F on Mac) to search for a system.

https://eylenburg.github.io/os_familytree.htm

#os #familytree
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Intolerance Network

Today, 5th August 2021, WikiLeaks publishes "The Intolerance Network" over 17,000 documents from internationally active right wing campaigning organisations HazteOir and CitizenGO. The documents date from 2001 to 2017 and cover the founding of CitizenGO and early activities of both organisations. The documents are from their internal systems and cover things like: spreadsheets of donors and members, strategy and planning documents, letters, financial charts and legal and training documents.

HazteOir was first founded in 2001 in Spain to campaign for right wing values, in 2013 it founded CitizenGO to spread its work beyond Spanish speaking countries. This dataset includes the founding of CitizenGo, and documents from HazteOir organising, along with US based The Howard Center for Family, Religion and Society, the 2012 World Congress for Families (WCF) in Madrid. The WCF brings together right wing organisations that promote opposition to LGBTQI+ and reproductive rights, it has been labeled as a hate group by the Southern Poverty Law Center and a 2014 Human Rights Campaign report stated "The World Congress of Families (WCF) is one of the most influential American organizations involved in the export of hate".

Tying all these organisations together is Ignacio Arsuaga, founder of HazteOir and on the board of CitizenGo and was awarded the 2013 WCF "Man of the Year Award". The WCF President, Brian Brown - an American campaigner against LGBTQI+ rights, is also on the board of CitizenGo. Both HazteOir and CitizenGo are part of a larger global network of right wing organisations that work together to push their values in grassroots and political spheres.

CitizenGo partners to push campaigns with a number of organisations, for example it ran a petition with the Population Research Institute "Abortion is NOT a Human Right!". They work to mobilize grassroot support, and are keen to stress this is their base, however it is clear through the dataset that they aim to raise large funds and influence policy at a high level. A 2019 undercover investigation by OpenDemocracy confirmed ties between Spanish HazteOir and CitizenGo with right wing political parties across Europe in Spain, Italy and Hungary. There have also been reports regarding ties to El Yunque, a secret militant Mexican Group, a tie which HazteOir has tried to rid itself of.

https://nitter.snopyta.org/YourAnonOnline/status/1423594689249386497

https://wikileaks.org/intolerancenetwork/press-release

#CitizenGo #spain #italy #hungary #intolerancenetwork #WCF #HazteOir #OpenDemocracy #hatespeach #wikileaks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Capture Wi-Fi Passwords From Smartphones with a Half-Handshake Attack

In this episode, we show how hackers can abuse convenience features of Wi-Fi to extract passwords from nearby smartphones belonging to Wi-Fi networks they've connected to in the past.

https://www.youtube.com/watch?v=5guDKTc6Hak

#hak5 #video #wifi #passwords #smartphones
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

"Incognito Mode is not a great method of ensuring privacy, because it's still very easy to track what you're doing online."

Yep. Want real browsing privacy and tracking protection?

It's possible with Tor Browser. 👉🏽 https://torproject.org/download.

https://nitter.pussthecat.org/torproject/status/1423688216184426496

via Twitter

💡 Read as well:
Your Google and Safari Incognito mode is EXPOSING you online – here’s how
https://www.the-sun.com/tech/3410416/google-chrome-incognito-mode-safari-exposing-data-online/

#online #privacy #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Connect-app (CDU) Version: 3.8 - Cross Site Scripting

app: connect-app (cdu) (version: 3.8)

cross-site scripting in the registration form name variables. Remote attackers can inject js payloads as name variables to exploit the frontend in the profile view and potentially execute in the backend via the preview. Uncertainty in validating object names in outbound emails, causing the context to be validated insecurely. This allows reflected execution in the message body of the email where the name variable is visible. You can see in the main validation how the developers have tried to parse and encode the content with backslashes and other characters. In this way, the type of validation can easily be bypassed by using simple frames with a source that points to a external link.

We have tested this in the portal where the code is executed, we have tested it in the outgoing service emails that insert the name variably in the email body, and we have also tested the stored content that was submitted via the API. All contents was transmitted insecurely and can be manipulated to trigger simple cross-site scripting payloads, hijack user session credentials or manipulate outbound emails with reflected malicious content on the application side.

We decided to bring the issue directly to the public after the CDU opened a court case to criminalise a German hacker following a Whitehat report. Normally we wanted to report the vulnerabilities directly via Responsible Disclosure, but were deterred by incidents mentioned above. These did not stop us but we therefore chose another way to make noise.

👉🏽 ref: https://www.golem.de/news/connect-app-cdu-verklagt-offenbar-hackerin-nach-melden-von-luecken-2108-158647.html

👉🏽 ref: https://www.golem.de/news/connect-app-cdu-nimmt-wahlkampf-app-nach-datenleck-offline-2105-156471.html

greetz to cdu
by team smackback

https://seclists.org/fulldisclosure/2021/Aug/4

#cdu #germany #disclosure
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

No matter how well-intentioned, @Apple is rolling out mass surveillance to the entire world with this. Make no mistake: if they can scan for kiddie porn today, they can scan for anything tomorrow.

They turned a trillion dollars of devices into iNarcs—*without asking.*

https://nitter.pussthecat.org/Snowden/status/1423469854347169798

via Twitter

#usa #apple #iphones #childabuse #surveillance #snowden
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How to keep your smartphone safe from spying

This post discusses four personas, the technical threats to them and their information via their smartphone, and some theory on how to defend against an increasingly capable and focused threat actors.

If you find yourself matching one of these personas, following the recommendations below may serve you well if you feel that is proportionate to your individual threat profile.

If you provide IT or cybersecurity services to other people who may fit these personas, double check that what you offer and how you offer it is proportionate to the threats you’re helping to protect them from. Hopefully you have all of our recommendations covered!

💡 This is definitely not an exhaustive guide and is developed based on article(s) linked and our combined years working in technology and cyber security.

👉🏽 Greg, your average internet user using a modern smartphone for online banking, internet browsing and social media

👉🏽 Jane, an IT consultant, worried about keeping their client/organisational information safe

👉🏽 Emma, a management consultant who travels regularly for work. Emma’s company works with governments and large financial institutions

👉🏽 Roberto, an investigative journalist working on a big negative story about a nation state and it’s top leadership

The capability of threat actors and the probability of targeting varies enormously from indiscriminate sms/email phishing through to individual targeting using commercial spyware such as NSO Group’s Pegasus, ‘zero day’ exploits and physical tampering of the device. The level of effort and complexity rapidly increases, as do the inconveniences of trying to deter, defend and limit the impact of such attacks.

https://joelgsamuel.medium.com/how-to-keep-your-smartphone-safe-from-spying-d7d50fbed817

#smartphone #security
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv