Security Bulletin #133 – 22 June 2017
Cisco Talos releases the BASS open source malware signature generator
BASS is an automated signature synthesizer, it is able to automatically create signatures from the analysis of a malicious code that belongs to previously generated clusters. The BASS tool aims to simplify malware analysis and its main goals are to improve resource usage and make malware analysis easier. BASS is designed to reduce the resource usage of Cisco ClamAV open source antivirus engine, it aims to generate more pattern-based signatures instead of hash-based signatures. BASS is written in Python framework implemented as a cluster of Docker containers. It is scalable and implements web services that allow it interacting other tools. The BASS framework is able to import malware clusters from various sources. Once the malware cluster is filtered to check that the files correspond to the input expected by BASS framework, the binaries are disassembled using IDA Pro or other disassemblers, then BASS searches the samples for common code that can be used to generate the signature.
Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak
Honda stated that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware. Honda had halted production for one day after finding samples of the WannaCrypt ransomware in its computer network. Hours after the original highly virulent WannaCrypt outbreak, security researcher Marcus Hutchins registered a domain found in the code that acted as a kill-switch and stopped the original ransomware spreading any further. It could be that Honda has blocked access to this domain internally, some experts have speculated. It's not immediately clear if the original WannaCrypt, which hobbled systems at multiple NHS trusts and numerous enterprises worldwide last month, or one of many subsequent variants lies behind Honda's problem. Security experts said that as long as the underlying fault remains unresolved, then WannaCrypt variants will remain an issue.
NSA Opens Github Account — Lists 32 Projects Developed by the Agency
The National Security Agency (NSA) — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page. The NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are 'coming soon.' According to the agency, the NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. Some of the NSA's open source projects are: Certificate Authority Situational Awareness (CASA)-Identifies unexpected and prohibited certificate authority certificates on Windows systems, Control Flow Integrity- A hardware-based technique to prevent memory corruption exploitations., GRASSMARLIN- It provides IP network situational awareness of ICS and SCADA networks to support network security., Open Attestation- remotely retrieve and verify system integrity using Trusted Platform Module (TPM), RedhawkSDR-a framework that provides tools to develop, deploy, and manage software radio applications in real-time., OZONE Widget Framework (OWF)- a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.
CERTFR-2017-AVI-190: Multiples vulnerabilities in Xen (21 June 2017)
CERTFR-2017-AVI-189: Vulnerability in SCADA Siemens SIMATIC CP 44x-1 RNA modules (21 June 2017)