News:Tech News
2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails
2016-11-21
This week, Mr. Boettcher found himself with an interesting conundrum concerning what happened when he converted a Windows DOCX file to a PDF using a popular #PDF converter software. We discuss what happened, how Software Restriction Policy in Windows kept him safe from a potential malware infection, and about the logging that occurred.
After that, we discuss some recent vulnerabilities, like the BlackNurse Resource Exhaustion vulnerability and how you can protect your infrastructure from a DDoS that can occur from someone sending your firewall 300 packets a second... which anyone can do.
We discuss Robert Graham's recent run-in with a new surveillance camera and how it was pwned in less time than you think. And learn about the 'buenoware' that has been released that 'patches' IoT and embedded devices... But does it do more harm than good, and is it legal?
All that and more this week on Brakeing Down Security Podcast!
Check out our official #Slack Channel! Sign up at https://brakesec.signup.team
Next Book Club session is 29 November 2016. Our current book for study is 'Software Security: Building Security In' by Dr. Gary McGraw https://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705 (ebook is available of Safari books online)
BlackNurse
https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/
http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/
http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack
Recent tweet from @boettcherpwned about infected docx with macros and we discuss why Foxit PDF runs the macros and open_document:
https://twitter.com/boettcherpwned/status/799726266693713920
Rob Graham @errataBob: new camera pwned by #Mirai botnet and others within 5 minutes:
https://twitter.com/newsyc200/status/799761390915424261
#BlackNurse
https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/
http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/
http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack
ICMP
Type 3, Code 3 (Destination Port unreachable) http://www.faqs.org/rfcs/rfc792.html
#SHA1 deprecated on website certs by Chrome on 1 January 2017
http://www.darkreading.com/operations/as-deadline-looms-35-percent-of-web-sites-still-rely-on-sha-1/d/d-id/1327522
#Benevolent #malware (buenoware)
https://isc.sans.edu/diary/Benevolent+malware%3F+reincarnaLinux.Wifatch/21703
#Atombombing
http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions
https://breakingmalware.com/injection-techniques/atombombing-cfg-protected-processes/
http://www.pandasecurity.com/mediacenter/malware/atombombing-windows-cybersecurity/
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-046-Black_Nurse_buenoware_IoT_pwnage.mp3
iTunes: https://itunes.apple.com/us/podcast/2016-046-blacknurse-buenoware/id799131292?i=1000378076060&mt=2
Youtube: https://www.youtube.com/watch?v=w-FEJuWGXaQ
#RSS: http://www.brakeingsecurity.com/rss
#Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
More Episodes
Get this podcast on your
phone, FREE
