2024.08.20.News You Should Know
CISA warns of Jenkins RCE bug exploited in ransomware attacks (bleepingcomputer.com) - Jenkins vulnerabilities from January being used by threat actors for Remote Code Execution. Patches should be applied in every environment. Exploitation of this vuln and proof of concepts hit the web less than 48hrs after the issue was identified.
GitHub Actions artifacts found leaking auth tokens in popular projects (bleepingcomputer.com) - GitHub breaks the principle of least astonishment/surprise by including tokens, api keys, other key material in artifacts download.
‘Digital arrest’ scams are big in India and may be spreading • The Register - Formerly used heavily in the US by Indian based scam callers, threat actors now turn inward. Will it move India towards taking action?
Indian telcos told to block scam telemarketers for two years • The Register - Yes, it turns out, within 24 hours.
[PDF] 022212_ACUS_NatlResponsibilityCyber.PDF (atlanticcouncil.org) - The Spectrum of State Responsibility
Manufacturer Orion SA says scammers conned it out of $60M • The Register - This comes after last weeks $40m BEC attack hit another company. Remember, these aren’t technical attacks. These are social engineering and non-technical fraud. Texas firm says it lost $60M in a bank wire transfer scam | TechCrunch
GM facing Texas lawsuit for selling driver data • The Register - GM was spying and selling on your driving habits to insurers as a “driver score”. This is another step in a disturbing trend of pricing based on “social credit score”. While China openly implemented this as a federal program, the US is taking the free market approach!
Kroger has alarming plans for digital price tags, lawmakers say - TheStreet - With Kroger introducing a new facial-recognition scheme that can set grocery prices when you approach a display based on how much money they think you’ll pay!
NIST releases first encryption tools to resist quantum computing (bleepingcomputer.com) - Current encryption algorithms would take a supercomputer cluster 1000s of years to break in some instances. Unfortunately, quantum encryption could break them in seconds (proposed timing is <200 seconds). NIST is encouraging application developers to start using selected algorithms as soon as possible to provide ongoing data protection.
(Note: This is a race to the bottom for Intelligence Agencies like the NSA who have been storing data of interest with the hopes of quantum computing.)
Google Pixels Carry Verizon App Doubling As a Backdoor (darkreading.com) - A Verizon application used to showcase phones in Verizon stores somehow ended up in the default image of every Google Pixel, since 2017. And worse, it communicates with a command-and-control (C2) domain and downloads files over unsecure HTTP, opening the door to man-in-the-middle (MITM) attacks, the insecure certificate and signature verification processes it uses to check incoming files can return valid responses even after failure, and more. Google has announced new phones, and current phones will be patched to remove the file.
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch - Longform reading. Worth understanding the anatomy of an attack.
National Public Data says only 1.3M affected by breach • The Register
Florida data broker says it was ransacked by cyber-thieves • The Register
National Public Data confirms breach exposing Social Security numbers (bleepingcomputer.com) Companies you’ve never heard of were storing and selling your data…and losing it. Even worse, their subsidiary hosted a .zip file with every users name and password in plaintext. Attackers didn’t break in so much as receive a red carpet invitation to steal your info. More details to follow.
Trump campaign hack-and-leak appears like a rerun of 2016. This time, media outlets are responding differently | TechCrunch - Iran re-running Russia’s playbook from 2016, hacking Trump Adviser Roger Stone using these accounts to pivot and collect information for leaking. This is the exact behavior seen by Russia’s GRU with the Guccifer Hacks of 2016.
OpenAI kills Iranian accounts spreading US election disinfo • The Register - Iran’s staying busy, also targeting disinformation campaigns on X and Instagram to dissuade confidence in electoral systems, spread disinformation about both candidates, and overall erode the political fabric of the US. This matches with Russia’s “FireHose” method of propaganda. These efforts lean towards preventing aid to Israel, and other countries working against the economic/political and wartime efforts of Iran, Russia, China, etc…
Microsoft Apps for macOS at Risk of Library Attacks (darkreading.com) - Cisco Talos researchers found eight major Microsoft apps for macOS — Outlook, Teams, PowerPoint, OneNote, Excel, Word, and two other Teams-related components — allow attackers to inject a malicious library into the app’s running processes. “That library could use all the permissions already granted to the process, effectively operating on behalf of the application itself,” Cisco Talos said in a report this week. The issue is caused by Microsoft’s decision to disable a library validation feature in the apps so as to allow the loading of third-party plug-ins. Microsoft has characterized the issue as a low-severity threat and has said it will not issue any fix for them.
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (bleepingcomputer.com) - Windows gets a Zero-click Remote Code Execution bug.
Microsoft disables BitLocker security fix, advises manual mitigation (bleepingcomputer.com) - Microsoft’s new patch removes the previous fix, and advises admin’s to reboot the computers 8 times with changes made in between. Which might be viable if you have…2 computers? but not 2000.
Windows driver zero-day exploited by Lazarus hackers to install rootkit (bleepingcomputer.com) - N. Koreas Lazarus group targeted users with job opportunities in the cryptocurrency field. After supplying the applicant with a steady stream of malware-free files, users were then sent a weaponized python script which would infect the computer and ultimately rob them of their digital coinage.