Security Week 39: An Evening of Delightful Stories on How Business Can't Care About Security

This time the news from our digest contains a self-evident moral: many companies do not care about the safety of their customers, as long as it does not cause direct financial damage. Fortunately, this does not apply to all companies, but this week was particularly rich in such shameful stories.

Barely had time to get a new version of MacOS (a week has not passed), as the researcher from Synack Patrick Wardle published a smart post about High Sierra. It turns out that Keychain is a protected container for credentials, PIN codes, bank card numbers and other important data - in fact, version three doesn’t protect anything. That is, in fact, Keychain is a place where you can steal it all at once.

Comrade Wardle said that an application, even if it was signed, even if it was not signed, could dump the entire contents of Keychain in an open, unencrypted form. Strictly speaking, applications quite officially have access to Keychain, but only to their data - and here it seems to be all. An important caveat: the exploit works only with the unlocked Keychain, but by default it is unlocked when logging into the system.

Immediately after the publication, Patrick was shoved with comments in the spirit of “what are you such a reptile, not in Apple reported, but in a blog you publish”, and that he simply lacks the attention of others. But the poor fellow actually informed the office, and even the exploit was sent ready, just the office dismissed it! Motivated notably - they say, there is nothing to put the software from hopeless sources, and put only from the MacAppStore, and read the security warnings from macOS. That is, in principle, this is a template response to reports of all locally-exploited vulnerabilities. Who puts the left software - that is to blame. By the way, the reward program for vulnerabilities in Apple products does not apply to MacOS.
')
Wardle still did not publish the exploit and did not disclose even the technical details of the vulnerability. But, if you take his word for it, the vulnerability found greatly expands the capabilities of the malware. It is worth picking up a practical Trojan somewhere (and there are more of them for MacOS), and all your account and payment details flow into the wrong hands. Not good.

According to the researcher, he tested the vulnerability on versions of High Sierra and Sierra, and sees no reason why she should not be on El Capitan. You can protect yourself from this at the cost of a small amount of convenience - it is enough to set the Keychain lock so that when you try to access it, a password is requested. Well, yes, if possible, avoid installing applications from left sources.

Dozens of vulnerabilities found in mobile applications for stock trading

News Research The words "investor" and "trader" even sound somehow rich. On the little things, these guys are not exchanged in order to at least achieve something on the stock exchange, we need serious money. But the situation on the fund market is changing so quickly that they need the ability to make deals anytime, anywhere. That is, through a mobile phone.

Accordingly, there are a lot of mobile applications for trading. It is clear that their vendors must carefully build a security system, even to the detriment of convenience - money at stake is big. But in actual fact everything turned out to be wrong. Researchers from IOActive took 21 applications from the top (for both iOS and Android) and found there many fun holes. Lots of. Up to storing passwords in clear text and transferring data over HTTP.

And this time, the researchers demonstrated a responsible approach to the disclosure of vulnerabilities and turned to 13 brokerage companies that supply these applications. What do you think? Only two answered. There is no time for the rest - it is necessary to trade, and here they stick to vulnerabilities. Alejandro Hernandez of IOActive expressed his reaction to what happened like this: “Gentlemen, I think it's frustrated! I worked as an auditor and I know how tightly regulated the financial sector is. And it is very strange that we are faced with such problems. ”

Deloitte assures that the cyber attack affected only a few clients.

News The Big Four auditors have always been considered an example of good business practices and policies. It is clear that in cyber security it is difficult to spread straw everywhere where there is a chance to fall, but in this area there are rules that you should not break if you do not want to substitute your customers. And so on you! Distinguished Deloitte, one of the pillars of the business community.

According to the Guardian, the office was hacked in the fall of 2016, and it was discovered only in March. Most likely, the attack went through the credentials of the mail server admin. There was no two-factor authentication - the password was either otbrutforsili, or lured from the admin by any method of social engineering.

Deloitte mail leakage in its consequences can be disastrous, because the company, when conducting an audit, deals with the most sensitive business data of customers. However, the reaction of Deloitte itself discourages: the company says that the attack did not affect the clients' business in any way. And in general, “cyber security in the company is ensured at the highest level”. It sounds like a bad joke, considering that it is unknown who read their mail for half a year, and they didn’t notice it.

Antiquities

"ZipEater 1984"

Uses stealth function when calling DOS functions FindFirst and FindNext. Very dangerous - sometimes it deletes files that have the sum of the characters of the name extension (for example, for .COM files: 'C' + 'O' + 'M') in ASCII-encoding is 100h, D6h, F3h, E2h or DFh. Such files include .TXT, .STY, .BAS, .DOC ,. ZIP, .EXE and .COM files.

Quote from the book "Computer viruses in MS-DOS" Eugene Kaspersky. 1992 Page 36.

Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.