My Weekly RoundUp #82
Last week’s news?
A lot of Sci-Fi topics, a strange Chrome vulnerability and a totally unnecessary book!
The little handbook of Windows Memory Analysis
Just some thoughts about memory, Forensics and Volatility!
This handbook is dedicated to a deep dive on Microsoft Windows memory, starting from a brief description of memory management, moving on to an extended reference of Volatility Framework and coming to a list of acquisition and analysis workflows.
Thunderclap: modern computers are vulnerable to malicious peripheral devices
The Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data. Attacks exploiting these vulnerabilities can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine.https://www.securityweek.com/thunderclap-flaws-expose-computers-attacks-peripheral-devices
The Thunderclap platform is a hardware/software stack for research into the security of computer peripherals and their interaction with operating systems. It was used to discover the Thunderclap vulnerabilities and develop proof-of-concept exploits.
Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web Services (rest) module. Specifically, the vulnerability requires that the following preconditions are met:
– Drupal 8.6.x, < 8.6.10 OR Drupal < 8.5.11
– RESTful Web Services module is enabled
This vulnerability is specifically in the REST API, which includes a deserialization module. In particular, the LinkItem class (a subclass of the FieldItemBase class) defines the link field, which defines the structure of links and associated fields (descriptions, etc.). Inside the LinkItem class is a single line that performs deserialization of options supplied for the link property. The Shortcut class then makes use of the link property, which is what ultimately exposes the deserialization to user controlled data. In Drupal, a shortcut is a way of visually displaying a quick link to a frequently used page via a toolbar or menu item.https://blog.trendmicro.com/trendlabs-security-intelligence/drupal-vulnerability-cve-2019-6340-can-be-exploited-for-remote-code-execution/
0-day vulnerability allows tracking users who use Google Chrome as local PDF viewer
Since late December 2018, EdgeSpot has detected multiple PDF samples in the wild which exploit a Google Chrome zero-day flaw. The exploited vulnerability allows the sender of the PDF files to track the users and collect some user’s information when they use Google Chrome as a local PDF viewer.https://blog.edgespot.io/2019/02/edgespot-detects-pdf-zero-day-samples.html
The PDF was “phoning home” in the background when the user was viewing it.
According to the HTTP packet, following information of the user may be collected by the malicious sender:
– The public IP address of the user.
– OS, Chrome version etc (in HTTP POST header).
– The full path of the PDF file on user’s computer (in HTTP POST payload).
New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers
According to a paper published by the researchers, “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information,” the new attacks could allow remote attackers to bypass security protections implemented in 4G and 5G, re-enabling IMSI catching devices like “Stingrays” to intercept users’ phone calls and track their location.https://thehackernews.com/2019/02/location-tracking-imsi-catchers.html
DARK PHOENIX, In Theaters June 7, 2019
In DARK PHOENIX, the X-MEN face their most formidable and powerful foe: one of their own, Jean Grey. During a rescue mission in space, Jean is nearly killed when she is hit by a mysterious cosmic force. Once she returns home, this force not only makes her infinitely more powerful, but far more unstable. Wrestling with this entity inside her, Jean unleashes her powers in ways she can neither comprehend nor contain. With Jean spiraling out of control, and hurting the ones she loves most, she begins to unravel the very fabric that holds the X-Men together. Now, with this family falling apart, they must find a way to unite — not only to save Jean’s soul, but to save our very planet from aliens who wish to weaponize this force and rule the galaxy.https://www.youtube.com/watch?v=1-q8C_c-nlM