News Bytes
- 2. Overview Key Reinstallation Attack (KRACK) Dynamic Data Exchange (DDE) Exploit Dangerous Malware Allows to Empty ATMs Bad Rabbit :Ransomware Attack XSS vulnerability found in keystoneJS
- 4. Hacking Wi-Fi :Key Reinstallation attack (KRACK) • WPA2 is a secure Wi-Fi connections . • Wi-Fi Protected Access II (WPA2) protocol could allow an attacker to hack into your Wi-Fi network • Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected.
- 5. This attack is local and active in nature. active MiTM is required and can only be done in physical proximity
- 6. KRACK—Key Reinstallation Attack—Team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. The KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol for encrypting traffic.
- 7. KRACK attack does not help attackers recover the targeted Wi-Fi's password It allows them to decrypt Wi-Fi users' data without cracking or knowing the actual password. Attacker needs to trick a victim into re-installing an already-in-use key. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection.
- 8. The communication over HTTPS is secure (But not 100% secure) and can’t be decrypted using the KRACK attack. Use a secure VPN service—which encrypts all your Internet traffic whether it’s HTTPS or HTTP. Key Reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher.
- 9. KRACK Attack Protection and Prevention Update the firmware of all of your Wi-Fi devices with official fixes. Update the passwords and firmware of all of your Wi- Fi access points and routers. Browse secure HTTPS websites which leverage encryption Disable Temporal Key Integrity Protocol (TKIP).
- 10. Bad Rabbit is a strain of ransomware
- 11. Bad Rabbit: New Ransomware Attack It is spreading like wildfire around Europe It affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few days Demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. Distributed via drive-by download attacks, using fake Adobe Flash players. No exploits were used. Bad Rabbit ransomware uses DiskCryptor.
- 13. In some of the companies, the work has been completely paralysed - servers and workstations are encrypted,head of Russian cyber-security Two of the affected sites are Interfax and Fontanka.ru. It affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
- 16. How to Protect Yourself from Ransomware Attacks? oDisable WMI(Windows Management Instrumentation) service to prevent. oMost ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs. oAlways exercise caution when opening uninvited documents oNever download any app from third-party sources o Keep a good backup routine. o Run a good and effective anti-virus security suite on your system, and keep it up-to-date.
- 17. Unpatched Microsoft Word Dynamic Data Exchange (DDE ) Exploit Unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. DDE protocol ,allow two running applications to share the same data.
- 19. The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic . One-time data transfers and for continuous exchanges for sending updates to one another. The DDE exploitation technique displays no "security" warnings to victims, over 6 million infected computers worldwide and sends millions of emails—to distribute Locky ransomware and TrickBot banking trojan using Word documents that leverage the newly discovered DDE attack technique
- 20. How to Protect Yourself From Word DDE Attacks? Open Word → Select File → Options → Advanced and scroll down to General and then uncheck "Up date Automatic links at Open."
- 22. Dangerous Malware Allows to Empty ATM’s
- 23. •Hacking ATM is now easier than ever before. •Anyone can simply buy a malware to steal millions in cash from ATMs. •Hackers are selling ready-made ATM malware, anybody can simply buy for around $5000 •Advertising the malware, as Cutlet Maker.
- 24. The list of crimeware contains in the toolkit includes: Cutlet Maker—ATM malware which is the primary element of the toolkit Stimulator—an application to gather cash cassette statuses of a targeted ATM codecalc—a simple terminal-based application to generate a password for the malware.
- 25. •Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface. •The advertisement was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.
- 27. Cross-Site Scripting(XSS) found in KeystoneJS How to perform this attack: 1. Navigate to Contact Us page 2. Fill in the details needed and enter the below payload in message field and send <a onmouseover=alert(document.cookie)>XSS link</a> 3. Now login as admin and navigate to the above new record created in the enquiries. 4. Move the cursor on the text “XSS link”
- 28. Solution: • The issues have been fixed and the vendor has released the patches Mitigation: • The application accepts input from normal user without any validation and renders it without output encoding. • Therefore it is recommended to perform input validation or html output encoding to avoid such kind of attacks.
- 30. References https://thehackernews.com/2017/10/wpa2-krack- wifi-hacking.html https://thehackernews.com/2017/10/ms-office- dde-malware-exploit.html https://thehackernews.com/2017/10/atm- malware-hacking.html https://www.exploit-db.com/exploits/43054/ http://www.bbc.com/news/technology-41740768
- 31. ANY QUESTIONs...