Friday, 10 August 2018

Snapchat Source Code Leaked and Posted to GitHub

GitHub is often the go-to place for hackers or researchers to archive interesting code or data dumps. But sometimes affected companies do their best to remove exposed data from the code repository site.
Earlier this year, Snap—the company behind social media network Snapchat—exposed some of the source code of the network’s iOS app, Snap confirmed to Motherboard on Tuesday. After someone archived that exposed code on GitHub, Snap told GitHub to remove the data with a copyright act request, Snap told Motherboard.
“An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately,” a Snap spokesperson told Motherboard in an email. “We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community.”
The independent security researcher known as x0rz tweeted about the takedown on Tuesday, pointing to a copy of the request itself.
“What would be the best solution for the alleged infringement? Are there specific changes the other person can make other than removal?” one section reads.
“NO, THIS SHOULD BE REMOVED BECAUSE IT IS ALL LEAKED SOURCE CODE,” the reply, from a Snap employee, reads.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on, or email
The takedown was enforced under the Digital Millennium Copyright Act (DMCA), a law businesses often use to protect their intellectual property. In February, Apple used a DMCA request to remove some of its own code from GitHub.
One of the GitHub repos previously hosting the Snapchat code now says “We have disabled public access to the repository.”
It appears some researchers are trading the data privately, however.
“Yeah I got it. DM me,” one Twitter user wrote on Tuesday.

WhatsApp security snafu allows sneaky 'message manipulation'

Researchers claim to have uncovered weaknesses in WhatsApp that can be exploited to manipulate messages in private and group conversations.
Eggheads at Israeli security firm Check Point this week described how, with some social engineering trickery and custom extensions for popular network-packet-twiddling toolkit Burp Suite, they can:
  1. Alter the text of someone's reply on their phone, essentially putting words in the other person's mouth.
  2. Use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
  3. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
Basically, you can tamper with messages received and stored on your device, quote them back to your mark, and sow the seeds of all sorts of confusion. All the techniques involve social engineering tactics to hoodwink marks, as well as obtaining your public-private key pair from WhatsApp, as explained at some length in a blog post by Check Point's Dikla Barda, Roman Zaikin, and Oded Vanunu right here.
There's also a video illustrating the approach, as embedded below.

CoinHive Miner Virus Outbreak Has Infected 170,000 Routers

The Coinhive Miner virus has infected hundreds of thousands MikroTik routers. The malware has now reportedly installed a JavaScript miner to over 170,000 devices and this recent outbreak is believed to be getting bigger and bigger.
The first hint of attacks was discovered by researcher who goes by the nickname MalwareHunterBR and who tweeted, that the miner has started to spread at an alarming rate. In addition to this, news have also broken out that the first stages of the attack compromised about 70 thousand routers alone.

What is Behind Coinhive’s Infection Success

What is believed is that the hacker may have used one of the exploits for MikroTik devices to perform a zero-day type of attack through one device and then in the device drop a copy of the Coinhive library. This library is also in all of the pages which are displayed by the router, making all of the devices connected to it vulnerable.
And furthermore, since the zero day has been exploited by using only one Coinhive key for all of the injections performed by cooinhive via the past week, it is belived that only one attacker is behind the attack.
In addition, researchers also claim that non-MikroTik users were also among the victims, because some of the Internet Service providers have used MikroTik devices via their main network and since the hacker has injected the JavaScript code, this attack has spread to all of the devices that are logically connected to the MikroTik routers that are compromised.
The injection has worked with a tremendous success because of the fact how the attack is done and the fact that the infection process has succeeded in obtaining incomingand outgoing traffic control successfully.

US Department of Justice creates software blacklist to prevent foreign attacks

The US Department of Justice wants to educate its contractors and military software buyers about malicious software that could infiltrate the country’s infrastructure.
For fear of nation state attacks and cyberespionage attempts, the Pentagon has released a “Do Not Buy” software list that has been in development for approximately six months, writes Defense One. The list includes all software that is not according to “national security standards,” said Ellen Lord, defense undersecretary for acquisition and sustainment, and looks at companies with suspicious links to Russia and China.
US intelligence and officials from the Department of Justice have been working together to detect “certain companies that do not operate in a way consistent with what we have for defense standard.”
“We had specific issues … that caused us to focus on this,” Lord said in an interview.
“What we are doing is making sure that we do not buy software that’s Russian or Chinese provenance,” she said. “Quite often that’s difficult to tell at first glance because of holding companies.”
To ensure the list is as accurate as possible, the US Department of Justice is closely working with the Aerospace Industries Association, National Defense Industrial Association and Professional Services Council.
The names of the companies on the list has not been released, however Kaspersky Labs and ZTE have already been placed on a ban list.
According to a report from the National Counterintelligence and Security Center, foreign governments have asked access to software source code US companies want to sell abroad, which may lead to vulnerability exploits.
“Recent Chinese laws—including laws on national security and cybersecurity—provide Beijing a legal basis to compel technology companies operating in China to cooperate with Chinese security services,” reads the report.

UK government worried Huawei software could facilitate cyberespionage