Squeeze Volume 3 - $5M Bounty, Great Cannon DDoS, Linux CVE, a BeerCon in a pear tree
Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.
Welcome to the third edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Chad Calease and Miguel Calles.
BeerConOne
The Beer Farmers are running a virtual conference called Beer Con One (or #BC1 for short). This will include guests from all over the globe, from many different areas of the information security community and cover different time zones.
The event is being run with the support of The Many Hats Club and is being held from Saturday, 7 December at 8pm (GMT) for 24 hours through to Sunday, 8 December 2019 on https://www.twitch.tv/themanyhatsclub
#BC1 is raising money for two charities the security community holds close to its heart; the Electronic Frontier Foundation (EFF) and Mental Health Hackers. All funds raised go to both of these charities.
Donate at https://www.gofundme.com/f/beerconone
US Offers $5M Bounty for Russian Hackers
For the last 10 years or so the criminal collective known as "Evil Corp" have developed and used malware to steal tens of millions of dollars. This past Thursday the FBI issued the largest bounty in history for its leader: Maksim V. Yakubets, also known as “aqua.”
CVE-2019-14899: New *nix vuln!
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.
The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more.
Carriers Mobile Bills Exposed on Open Web
Hundreds of thousands of mobile phone bills for AT&T, Verizon, and T-Mobile subscribers have been publicly exposed due to a misconfiguration of an AWS S3 bucket by a contractor working with Sprint. Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.
According to an investigation, the contractor misconfigured a cloud storage bucket on Amazon Web Services (AWS), in which more than 261,300 documents were stored – mainly cell phone bills from Sprint customers who switched from other carriers.
Man-in-the-Middle Attack Steals $1M from Startup
Hacker successfully stole $1M from a Chinese venture capital (VC) firm and an Israeli startup. They used spoofed emails and bogus domains in their exploit. A carefully planned attack managed to steal seed money the VC firm was planning to send to the startup. The hackers quickly setup domains that looked very similar to the target domain and sent spoofed emails to the VC pretending to be the startup's CEO. Neither side noticed anything suspicious. Several emails later, both the VC and the startup the wire transfer was executing, but the money did not reach the intended recipients. Moral: Verify with whom you're communicating (maybe pickup a phone before wiring money).
https://threatpost.com/ultimate-mitm-attack-steals-1m-from-israeli-startup/150840/
https://www.vice.com/en_us/article/mbmmaq/hackers-trick-venture-capital-firm-into-sending-them-dollar1-million
"Great Cannon" Distributed Denial of Service (DDoS) Tool Used Against Hong Kong Protestors
AT&T Cybersecurity discovered a DDoS attack against Hong Kong LIHKG pro-democracy protestors. The Great Cannon is a Chinese goverment backed DDoS tool. It was used against the LIHKG web site and social media platform. The tool highjacks unencrypted JavaScript resources in its attack. The tool was created about four years ago.
https://www.bleepingcomputer.com/news/security/the-great-cannon-ddos-tool-used-against-hong-kong-protestors-forum/
https://www.infosecurity-magazine.com/news/chinas-great-cannon-fires-on-hong/
The rad gif used in this post is called A Partridge in a Pear Tree by Harvey Leversha