Home > Uncategorized > Security News #0x66: The Mask

Security News #0x66: The Mask

  • Metasploit announced a module that attacks Android WebView, up through 4.2. Now you can pwn a phone with a QR code. I would love to say that I have tried it, but my Kali has only been updating for two hours, grabbing a whopping 20 KB/s of update joy. Perhaps next week I’ll have some time to try it out.
  • The other new Metasploit module I want to try is Windows TrackPopupMenuEx Win32k NULL Page. This is a privilege escalation attack based on CVE 2013-3881 and patched in MS13-081. It (apparently) affects Windows 7 SP0 and SP1. Sigh. The Kali update says it should finish in 3 more hours.
Learning More
  • Kahu Security discusses various techniques to redirect web pages, with a special emphasis on techniques that store the redirect script in images.
  • Raphael Mudge shows how to modify the source for one of the modules within Metasploit; in particular he updated the reverse_http stager to allow for a non-blank User-Agent string.
Industry News
  • A new piece of malware, called "The Mask" has been detected. Threatpost calls it a nation-state level attack, and says that the targets were primarily in Spanish speaking countries. Dark Reading reports some 380 victims among some 1,000 IP addresses. ZDNet reports that malicious links to the Washington Post and the Guardian were used in the attacks.
  • Cloudflare has provided some of the technical details behind the NTP amplification DDoS attack that hit them last week. This was a big attack, as they were hit with some 400 Gbps of traffic.
  • Ars Technica reports that a number of Asus routers can be remotely attacked. Update your firmware!
  • And if you think the problem is restricted to Asus, well, there also appears to be a currently propagating worm called "TheMoon" that is infecting Linksys Routers.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: