Last Week In Blockchain and CyberSecurity News – February 26, 2019

Samsung Blockchain Wallet Will Tutor You To Store Your Bitcoin, Ethereum On Galaxy S10

In a press release last week Samsung confirmed that its Galaxy S10 device will allow users to securely store cryptocurrency private keys. The release stated: “Galaxy S10 is built with defense-grade Samsung Knox, as well as secure storage backed by hardware, which houses your private keys for Blockchain-enabled mobile services.” According to leaks and rumors, the Samsung Blockchain wallet features Bitcoin and Ethereum wallets combined with a simple, and sleek user interface. Videos posted on Twitter reveal many Blockchain tutorials are included in the wallet. The videos seem to be related to safe storage practices and common scams. Regarding the security of the crypto wallet, Samsung has integrated a technology called PUF into the Exynos 9820 Chip. PUF is used to store and secure encryption or private keys decreasing the possibility of theft. The Galaxy s10 devices also are said to feature the Snapdragon 855, which utilizes the Trusted Execution Environment. The Trusted Execution Environment separates the core operating system from trusted storage where sensitive data is held, effectively restricting hackers from accessing the keys held in the PUF or the TEE. (CCN)

Read more about the S10 Cryptocurrency Wallet here

New Attack Kit Combines Trojans and Tools to Spread Miners, Steal Data

A new malware-powered attack kit was found spreading itself over the Internet and local area networks. The kit combines two Trojans and a coinminer to mine for data and Monero.  The multi-stage infection process uses “what Trend Micro calls Trojan.Win32.INFOSTEAL.ADS to gain an initial foothold after successfully exploiting its victims” It will then use a “malware strain to connect to a command-and-control (C&C) server [and] send its masters info about the infected host”( Sergiu). The next infection stage utilizes a python-compiled variant of the MIMIKATZ trojan and executes it on the compromised system. Multiple other modules and Trojans(Radmin)  are executed as well, allowing the infection to collect and steal data. A final stage of the attack process involves the download and execution of an encrypted monero coinminer payload following a command sent by the malicious actors using the Radmin hacking tool that was downloaded in the previous stage.

Read more about the attack kit here

Technical analysis can be found here

Critical Bug In WINRAR Affects All Versions Released In The Last 19 Years

In the past week, 500 million users were found to be vulnerable to a 19-year-old arbitrary code execution vulnerability. The software flaw gives attackers the opportunity to completely take control of their targets’ system by tricking a user into opening a maliciously crafted archive. The flaw itself is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The specific issue affects a third party library called UNACEV2.DLL and how it handles the extractions of files compressed in ACE data format. WinRAR determines the file format by analyzing its content and not the extension, which means that an attacker can change the .ace extension to .rar extension and trick their victims. According to SecurityAffairs and the WinRaR Development team, the WinRAR development team lost the source code of the UNACEV2.dll library in 2005. WinRAR’s solution to the vulnerability was to stop using UNACEV2.dll and release a new WINRaR version 5.70 beta 1 that doesn’t support the ACE format instead.

Read more about the vulnerability here

A video demonstrating the PoC of gaining full control over a targeted system can be found here

2.7 Million Health-Related Calls, Sensitive Info Exposed For Six Years

It seems so simple, yet we have seen many companies fall victim to a simple mistake… not enabling a password for a server. In the past week, Swedish Healthcare Guide Service For Healthcare was found completely exposed to the internet with no user or password to protect it. Millions of call recordings were left open on a web server. Data on the server included conversations going back to 2013 and roughly 2.7 million calls amounting to 170,000 hours. The call recordings included information related to social security numbers, health information,  and telephone numbers. The server itself was running an Apache HTTP server 2.47(released during 2013) which is also vulnerable to roughly 23 vulnerabilities with CVE’s assigned between 2013 and 2018. Having an outdated and vulnerable server will further implicate the possibility of it being hacked in the near future. According to Dobos(the storage server where the health care information was being stored), new calls and information were being added in real time when the vulnerability was found.

You can read more about the unprotected server here

The original report was published here (In Swedish)

Ethereum Constantinople Hard Fork Set To Go Live This Week

The developers of Ethereum have confirmed that two hard forks (Constantinople and St. Petersburg) are scheduled to take place this week. Constantinople was supposed to go live last month, but due to vulnerability issues, it was forced to be postponed. Both hard forks are set to get executed at Ethereum’s block number 7,280,000, and the developers are expecting that the block will be mined on the 28th Feb. The Constantinople upgrade represents a massive step towards transitioning the Ethereum model from the proof-of-work (PoW) consensus to the proof-of-stake (PoS) model. Many individuals, along with the Ethereum development team believe that transferring to the PoS protocol will create a more viable and long-lasting Blockchain. Exchanges such as Coinbase, Kraken, Hyboi, and OKEx have announced they will be supporting the hard fork.

Get more information here