2024.08.27.News You Should Know
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide (thehackernews.com) - Hardware backdoor means even with appropriate controls, threat actors can still attack hotel and office doors around the globe. The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes.
Russia fears Ukraine hijacking home CCTV systems for intel • The Register - This is genius, the Russians have asked users in the Bryansk, Kursk, and Belgorod regions to shut off dating apps and IP cameras that Ukranians are using for intelligence gathering.
110K domains targeted by ‘sophisticated’ cloud extortionists • The Register - Those in the study who eventually found their S3-stored data replaced with a ransom note had exposed their environment variables, failed to refresh credentials regularly, and didn’t adopt a least-privilege architecture. Attackers zeroed in on unsecured web applications, scanning for environment files that exposed identity and access management (IAM) keys. Once acquired, the crims ran the GetCallerIdentity API call to verify the data inside, the ListUsers API request to enumerate the IAM users in the AWS account, and the ListBuckets API request to find all the S3 buckets, the researchers said. These access keys didn’t have the admin privileges the attackers were after, but they did allow for the creation of new IAM roles to which policies could be applied, ultimately allowing them to escalate their privileges to those with unfettered access. “To elevate privileges, the attackers created an IAM role named lambda-ex with the API request CreateRole, then used the API call AttachRolePolicy to attach the AWS-managed policy AdministratorAccess to the newly created lambda-ex role,” Cyble wrote.
Critical industries top ransomware hitlist, attacks dwindle • The Register - Ransomware is down but critical industry attacks aren’t and infostealers are extremely effective.
US sues Georgia Tech alleging litany of security failings • The Register - Fed goes after Georgia Tech and whistleblowers get paid. Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech’s own policies, but allegedly happened anyway. False Claims Act by the Civil Cyber-Fraud Initiative
Stealthy ‘sedexp’ Linux malware evaded detection for two years (bleepingcomputer.com) - Using UDev rules, the malware was dropped and then triggered frequently based on random number generation. And since UDev is essential to the operating system, most antiviruses/EDRs ignore it.
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys (thehackernews.com) - AWS key indicators in Cloud Trail logs
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com) - head of Telegram has been arrested after accidentally setting foot in an extradition country. Is now being charged with assisting in the distribution of drugs, people, child sexual assault material, money laundering, and generic fraud. Telegram oddly isn’t even end-to-end encrypted by default, but is still chosen over Signal by an outsized number of threat actors, criminal enterprises, and fraudsters.
Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S. (thehackernews.com) - As you do business globally, make sure you know the global rules.
Chipmaker Microchip reveals cyber attack • The Register - Essential chip provider for NASA and the DoD is attacked, possibly limiting foundry services. An attack that will be felt globally. This isn’t the only one this year with TSMC, Nexperia, and AMD all also being targeted.
Man sentenced for hacking state registry to fake his own death (bleepingcomputer.com) - No notes, the title says it all.
[Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data ( thehackernews.com)]( https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html - Put differently, the attack technique made it possible to retrieve the instance metadata in a Copilot chat message, using it to obtain managed identity access tokens, which could then be abused to access other internal resources, including gaining read/write access to a Cosmos DB instance.
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (thehackernews.com) - Patch, patch, patch!
SolarWinds left hardcoded credentials in helpdesk product • The Register - SolarWinds has a little oopsie. Just a set of hardcoded credentials that can be used by anyone who has access to the product. SMH.
Halliburton probes ‘issue’ that has impacted company systems • The Register - Of the 395 ransomware attacks last month, over a third were on critical infrastructure.
Seattle airport ‘possible cyberattack’ snarls travel again • The Register - Seattle airport fails over to manual ticketing and boarding procedures after a cyberattack takes down the technical systems. This is a main traffic hub for Alaska and Delta airlines.