InfoSec News Highlights - Juniper Shadowbroker Exploit, Eddie Bauer Breach, and Mechanical Phish Code Open-Sourced
Juniper joins Cisco and Fortigate in identifying that it has been part of the Equation Group dump from the Shadowbrokers. In Juniper’s case though it appears to be implant code that targets the boot loader of NetScreen Devices running ScreenOS, rather than an actual exploit. This sounds like something that would be used in a supply chain attack to target a specific organization. We are also starting to see the many exploits from the dump appear on exploitDB. If you are running any of the many targeted platforms in the dump I highly suggest you take a second look at the configurations and patch levels of all your devices. There has also been further collaboration that the dump is from the NSA if there was anyone that was doubting at this point. The Snowden files reference an exploit named SECONDDATE that performs a man-in-the-middle attack against a target browser and uses a unique identification string. An exploit by the same name, with the same functionality, and same unique string was also in the Equation Group dump. This entire dump is very reminiscent of the Hacking Team dump from last year.
All of the retail store Eddie Bauer’s point of sale systems in its US and Canada stores were infected by malware between January 2, 2016 to July 17, 2016. It appears that this infection wasn’t identified by the retailer itself, but rather by Brain Krebs after he had gotten several reports from his sources and then reached out to the retailer. Giving more credence to the saying “Krebs is my IDS”. The company is reporting that all of the malware has been removed and that online purchases were not affected. If you’ve bought anything at Eddie Bauer this year and your bank hasn’t already canceled your card for you, I suggest you cancel it yourself now.
You may recall the recent DARPA Cyber Grand Challenge that ran at DEFCON where computers competed in a no humans CTF, and had to expose and patch bugs. Well, the third place team Mechanical Phish has open sourced their code on GitHub. The code is extremely complicated and lacks documentation, but regardless it is awesome seeing one of the teams release their work and provide the ground work for any future teams looking to compete in these challenges.