2024.10.22.News You Should Know

- 7 mins read

Politics

World

Iran

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign Iranian hackers act as brokers selling critical infrastructure access - US and Allies are warning that Iran has ran a year long campaign to break into water, waste-water, electrical plants, government, healthcare, and telecom systems to serve as an Initial Access Broker, selling credentials to other nations, threat actors, etc… These IAB’s aren’t damaging the networks, simply staging an maintaining a presence on the network until it can be sold or made useful.

Readers may remember that this matches China’s VoltTyphoon’s own behavior in electrical networks, SaltTyphoon’s behavior in telecom networks, and Russia’s Sandworm’s attack on SolarWinds.

China

Interestingly, China announced this week that VoltTyphoon is an invention of US intelligence groups

China infosec body slams Intel over chip security • The Register - China’s Cybersecurity Association of China (CSAC) has started borrowing American talking points about Chinese Hardware to justify the demonization of Intel chips in the country. After the White House put restrictions in place for AI chips being exported to the country. Unfortunately for Intel, China accounts for around a quarter of their revenue.

Interesting point here, China is highlighting real issues and abuses by the US’ National Security Apparatus to support the argument that Intel chips aren’t secure. (An argument that’s been reviewed and discussed a hundred times over by US and non-US computer users alike) Your Computer May Already be Hacked – NSA Inside? Forbes 2013

Intel responds to Chinese claims it helps US intelligence • The Register - Intel said ’nuh-uh'

Ministry of State Security warns of dangers of raw survey, mapping data leaks - Global Times After the White House banned Chinese smart car tech in US cars, China has now said that an unnamed foreign entity is illegally obtaining raw surveying and mapping data on China through smart car collaborations (something the Chinese tech was accused of)

Tesla, Intel, deny they’re mapping China • The Register - Tesla and Intel have also said ’nuh-uh’, they’re not mapping the continent

North Korea

Undercover North Korean IT workers now steal data, extort employers - After identifying N. Korean Tech workers, and firing them, the companies have begun receiving extortion based on data taken from systems during employment. Biz extorted after hiring fake North Korean IT worker • The Register North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

Israel

ESET partner breached to send data wipers to Israeli orgs - Hack of ESET, Slovaki IT and Security company resulted in victims receiving emails from legitimate email servers, hosting malicious code on legitimate ESET domains. Even the emails are well done. Informing users they are the target of a state-actor and to protect them, ESET is offering additional protections.

ESET denies Israel branch compromised amid targeted attacks • The Register - ESET claims they weren’t breached, but the emails came from their Israeli email servers and the downloads of the malicious files were hosted on eset’s Israeli domains….

Domestic

SaltTyphoon Probe

US lawmakers demand probe into China’s Salt Typhoon hacks • The Register - Wyden sent a scathing letter to US Attorney General Garland and FCC Chair Rosenworcel after it was reported that CALEA (Communications Assistance for Law Enforcement Act) infrastructure was left unsecured by AT&T, Verizon, and Lumen, allowing Chinese State-Actors to maintain access to the spying apparatus for months without intervention. Highly recommend reading the letter. PDF

FBI Crypto Scheme

FBI created a crypto token so it could watch it being abused • The Register - FBI creates its own crypto token, and then asks pump-and-dump schemers to hype it up. Once the value rocketed, and pump-and-dumpers dumped their holdings, the FBI arrested them. All have plead guilty so far.

Tech

Kubernetes

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk - Users of the Kubernetes Image Builder creates a default set of credentials during the build process. If used to build Virtual Machines using the Proxmox provider, these default credentials will persist. Nodes deploying these images will likely be accessible via these default credentials. CVE-2024-9486 CVSS9.8. Another CVE impacted Nutanix, OVA, QEMU and raw providers, but was rated a 6.3 prior to patching. To fix the flaw, upgrade to Image Builder v0.1.38 or later. This version sets a randomly generated password for the duration of the image build, and then disables the builder account at the end of the build process. Already built images should be re-built and re-deployed. Or, prior to upgrading and as a temporary workaround, users can mitigate the flaw by disabling the builder account.

Microsoft

Microsoft said it lost weeks of security logs for its customers’ cloud products | TechCrunch - Oopsie

macOS

HM Surf macOS vuln potentially exploited by Adloader malware • The Register - the Adloader malware makes abuse of “permissions” or “entitlements” and can take photos, record audio, obtain users location, and more. Patches are available.

Spectre Bypasses

Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass - Speculative computing may have not been our best idea. New Intel devices including Xeon on all OSes and older AMD Zen processors on Linux.

SolarWInds

SolarWinds hardcoded credential now exploited in the wild • The Register - SolarWinds should stop. Please. Hard-coded login credentials were included in SolarWinds’ Web Help Desk software and exploited by criminals.

Breaches

Fidelity

77K Fidelity customer info stolen in August breach • The Register - Fidelity says not to worry, they only handle 51.5m individuals data, and they only lost 77k or .1% of there users data. Which isn’t much comfort to the 77k people effected. Fidelity said the data breach included customers’ Social Security numbers and driver’s licenses.

NPD

National Public Data files for bankruptcy after info leak • The Register - NPD is a data brokerage company out of Florida, who in June lost a 277.1GB file containing information on 2.9b individuals. including name, email address, phone number, ssn, and mailing address. The business has now admitted that it was ran at the owners home office using two HP Pavilion desktop computers, valued at $200 each, a ThinkPad laptop estimated to be worth $100, and five Dell servers worth an estimated $2,000. Between the regulators, investigation, and lawsuits, the owner claims he has no assets to sell/provide restitution.

Marriott

Marriott settles with FTC, to pay $52 million over data breaches - After the 2014 breach of Marriott subsidiary Starwood’s payment card system, the 2014 breach of their guest system (discovered in 2018), and finally a breach of Marriot itself in 2018 (discovered in 2020), FTC has order Marriott to enforce data deletion rules, establish a security program, do 3rd party pentests every 2 years, and receive annual cyber security compliance certification for 20 years. Additionally a settlement with 49 states and the district of Columbia, will result in a $52m payout.

Privacy

Your TV Is watching you

How smart TVs spy on you and harvest data • The Register Your tv screen shots everything you do, feeds it to AI, reports that back to advertising companies that then package up your views and sell you to advertisers. The report also catalogs various mechanisms used for profiling viewers and presenting them with personalized ads. These include: cookieless IDs; identity graphs that combine various IDs to link activity across devices and locations; automatic content recognition (ACR) software that analyzes what’s on-screen; and AI-based ad targeting that “analyzes a scene’s text, images, and sentiment, determines an emotional score, and then places ads with a similar emotional score.”

Think of the Children!

‘Chat control’: The EU’s controversial CSAM-scanning legal proposal explained | TechCrunch - AI-based content scanning across the EU and EEA is going forward though privacy groups everywhere are fighting back. If there’s anything that SaltTyphoon taught the world this week is that there is no backdoor “just for good guys”. Additionally, the proposal would lead to a Big Brother world where users private correspondence are made-suspect by default. And only the unassailable all knowing AI will decide what your crimes are. (Author’s Note: I’m extremely cynical on this topic, and historically policing powers are abused along a slippery slope to impact first marginalized groups, then larger and larger populations. Always ask yourself, would I want my worst enemy to have this power? One day, they might. )

I’m an experienced home cook, security engineer, people leader, and dedicated father and husband. I can be found on Mastodon at @IAintShootinMis@DigitalDarkAge.cc and on Signal at DigitalDarkAge.98. An RSS Feed of this blog is available here and a copy of my current OPML file is here.