Cybersecurity Newsletter, August 17 - 23
Qrator

Hello and welcome to the regular networking and cybersecurity newsletter brought to you every weekend! This time we are looking at the articles and materials published between August 17 and 23, 2020.

Notes from OARC 32b

"Much of the Internet operations and research world has gone virtual for 2020. Meetings continue to take place and while the level of interaction in these meetings is different, many of these meetings continue to engender useful conversations.

In my case, I’m interested in the infrastructure that binds the network together into a coherent whole, and I don’t think I’m alone in finding this topic fascinating. In the Internet’s namespace, the DNS-OARC meetings are a case where a concentrated burst of DNS tests the proposition that you just can’t have too much DNS!

OARC held its latest meeting (DNS OARC 32b) on the 11 August with four presentations. Here are my thoughts on the materials presented." - Geoff Huston.
 

Fritzfrog: a new generation of peer-to-peer botnets

"Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world." - ArsTechnica.
 

EuroIX Internet Exchange Points 2018-2019 report

"This report has been compiled by the European Internet Exchange Association (Euro-IX) to give an overview of the IXP situation in Europe including:
- The number of Internet Exchange Points (IXPs) currently operating in Europe
- Related statistics and trends that are appearing in the European IXP market and a general global view
- The evolution over the last couple of years."
 

Chromium’s impact on root DNS traffic

"The Google Chromium team's effort to detect when ISPs are trying to hijack domain name typos has led to a lot of network load: the browser's query response testing routine now accounts for about half of all DNS root server traffic according to a new study." - The Register.
 

FBI and CISA warn of major wave of vishing attacks targeting teleworkers

"The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic." - Krebs on Security.
 

Google fixes major Gmail bug seven hours after exploit details go public

"Due to missing verification when configuring mail routes, both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages. This is notably not the same as classic mail spoofing of yesteryear in which the From header is given an arbitrary value, a technique which is easily blocked by mail servers using the Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC). This issue is a bug unique to Google which allows an attacker to send mail as any other user or G Suite customer while still passing even the most restrictive SPF and DMARC rules." - Allison Husain.
 

Why you should always scan UDP ports, a story of two parts (/ 2) by Security Shenanigans

 

Chromium devs want the browser to talk to devices, computers directly via TCP, UDP. Obviously, nothing can't go wrong

"The Raw Sockets API, which may end up being renamed the Direct Sockets API, represents an attempt to give browser apps networking capabilities that aren't possible via data transport options like HTTP, WebSockets and WebRTC. It essentially allows the browser to talk directly to devices and other computers via the network."
 

Memory leak in IBM DB2 gives access to sensitive data, causes DoS

"A memory leak vulnerability in IBM Db2 relational database could allow an attacker to gain access to sensitive data or cause a denial-of-service (DoS) condition in the database."
 

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

"- Transnational network performance is fast and stable for most economies except for China and many in Africa.
- 79% of 400 measured in-bound transnational connections to China had throughput rates lower than 1Mbps.
- Packet loss occurs for only inbound traffic.
- Instances of slowdown can last almost all day and differ between receiver-sender economies." - Pengxiong Zhu.
 

"LKRG in a nutshell" slides from the OSTconf2020

 

Academic paper of the week - Everything Old is New Again: Binary Security of WebAssembly

 

Thanks for being an excellent subscriber!

For feedback, please write to us at cybersec@qrator.net.