The Culture Secretary Nicky Morgan said this all pointed towards foreign involvement: “I understand from what was being put on that website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference.”
Analysis by political correspondent Jonathan Blake
A bit like journalists never reveal their sources, Labour are quite happy to focus on what these documents say rather than where they come from.
If you look at where Reddit’s comments leave the discussion, it’s both helpful and slightly problematic for Labour.
On the one hand, people are asking “where exactly did you get those documents from?” Remember, they were online in their unredacted form for several weeks before Labour brought them to everyone’s attention.
But at the same time, we’re still talking about these documents and what Labour claims that they show – that the NHS is up for sale, in their words. Boris Johnson and the Conservatives flatly deny that.
So it’s a double-edged sword for Labour.
For the Conservatives, you’ve got this uneasiness around Russian interference in an election campaign – which isn’t good for them because attention will turn to the report by Parliament which the government hasn’t released.
And that’s not very helpful for the Tories either.
Speaking on Saturday, the Labour leader said the controversy surrounding the source of the documents was “nonsense” and accused Mr Johnson of wanting to “hide the issues and the truth” over the future of the NHS in trade deals.
Mr Johnson said the documents “didn’t prove what Jeremy Corbyn and the Labour party hoped it would prove” adding “it was just another distraction from the void at the heart of Labour’s policy on Brexit”.
Neither UK nor US governments have disputed the authenticity of the documents.
The BBC’s security correspondent Gordon Correra said crucial questions remained as to how the document circulating online originally appeared.
He said there would be a significant difference between a state-led operation from Moscow which hacked the material and then leaked it as opposed to someone who is based in Russia simply opportunistically using an already leaked document to cause mischief.
“That question is one that national security officials will be trying to answer.”
Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability DatabaseCVE-2020-15058 PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
Microsoft Office is no stranger to vulnerabilities and exploits. Most of those vulnerabilities led from Microsoft Office to Microsoft Windows, but it’s possible for an attacker to take an exploit path from Microsoft Office to macOS — a path that Patrick Wardle, principal security researcher at Jamf, discussed in his presentation on Wednesday at Black Hat USA.
Wardle began by pointing out that macros — executable code inserted into documents — have been exploited as attack vectors since at least 1999. In the last three or four years, Wardle said, more of these exploits have been aimed at macOS targets as Macs have become more attractive targets because of their increased use in business environments.
The Human Side In most of the macro-based attacks, human intervention on the part of the victim is required at least once, and usually twice, Wardle said. First, the victim must click on an email attachment or malicious link in order to download and open the infected document. Next, in most cases macros will not run on a system by default — they must be given explicit permission to run by the user.
Most macro-based attacks have two stages, Wardle explained. In the first — the stage given explicit permission to run by the victim — code executes that checks the system status, checks for the presence of anti-malware software, and then downloads the second stage. It’s the second stage payload that contains the “working” code of the attack, whether it’s skimming credentials, creating a bot, or encrypting the system’s data as part of a ransomware scheme.
Out of the (Sand)box Modern malware writers have an additional hurdle to overcome. Microsoft Office now executes all macros in a “sandbox,” a walled-off environment within the operating system that prevents code from gaining persistence or interacting with the system as a whole. The goal for malware writers is breaking out of the sandbox.
Wardle said that researchers Pieter Ceelen and Stan Hegt found ways to include SYLK files and XLM code that make macros execute whether or not they’re invoked or allowed. They still run within the sandbox. Wardle showed that it’s possible to create files through a macro — files that can be placed outside the macro and can be built to auto execute on system boot. That combination is the key to persistence, one of the golden tickets that attackers pursue in any campaign.
What kind of files can fit the twin bill? Wardle found that a ZIP file, dropped into the proper subdirectory, will be invoked automatically. While the latest macOS endpoint security framework should detect such a file’s creation, Wardle said that there’s room for research here.
Asked by an audience member how he decides on which areas to pursue in his research, Wardle said that he looks at common vulnerabilities and exposures and their patches — especially patches that are very specific — and wonders whether there can be ways around them. Also, he said, he keeps abreast of research and finds that other researchers are a constant source of inspiration.
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio