GeoPolitics
China’s Volt Typhoon breached Singtel, reports say • The Register - Volt Typhoon reportedly breached Singapore Telecom over the summer. Highlighting why Cyber Threat Intelligence can at times be beneficial for more advanced orgs.
N Korea may receive tech in exchange for military support • The Register - DPRK has provided around 10,000 troops to Putin’s war in Ukraine. After DPRK successfully conducted a 90 minute missile flight the US and its allies are starting to wonder exactly what Pyongyang got in exchange for those troops.
Germany drafts law to protect researchers who find security flaws - “With this draft law, we will eliminate the risk of criminal liability for people who take on this important task” - Federal Minister of Justice Dr. Marco Buschmann The criteria to meet for security research are the following:
- The action must be carried out with the aim of identifying a vulnerability or another security risk in an IT system.
- The researcher must intend to report the identified security vulnerability to a responsible entity capable of addressing the issue, such as the system operator, the software manufacturer, or the Federal Office for Information Security (BSI).
- The act of accessing the system must be necessary to identify the vulnerability. This ensures that the exemption only applies to the extent required for security testing, without unnecessary or excessive access. At the same time, the draft fill introduces a penalty ranging from three months to five years of imprisonment for severe cases of malicious data spying and data interception. In terms of what constitutes a severe case, the draft bill mentions the following cases:
- The offense results in substantial financial damage.
- The act was driven by a profit motive, conducted on a commercial scale, or carried out as part of a criminal organization.
- Cases that compromise critical infrastructure—like hospitals, energy suppliers, or transportation networks—or affect the security of Germany or one of its states, including attacks originating from abroad.
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns - “As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. However, Canada is not banning or blocking access to the app in the country.
Breaches
Nokia breached? IntelBroker claims haul of source code • The Register - Source code, SSH Keys, RSA keys, Bitbucket logins, SMTP accounts, credentials and more. “Today, I am selling a large collection of Nokia source code, which we got from a third party contractor that directly worked with Nokia to help aid [its] development of some internal tools,” Infostealer stated.
Schneider Electric attackers demand ransom paid in baguettes • The Register - Hellcat ransomware group demands $125k in bread. Yes. Bread. This is Schneider Electric’s third breach in less than two years. And CEO Olivier Blum took over monday.
Vulns
Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw • The Register - Cisco’s Ultra-Reliable Wireless Backhaul (URWB) system has a perfect CVSS 10/10 flaw. Allowing an attacker to send HTTP request to the web interface and execute commands with root privileges on the operating system of the device. These systems are commonly used in OT, manufacturing, naval ports, etc…
Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers - Fabrice, imitating the fabric package, has been active since 2021 and has 37k downloads. The malware uses the Boto3 AWS SDK for Python to extract and steal AWS access and secrets from the local environment.
VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware - VEILDrive attack uses Microsoft’s “External Access” teams functionality and QuickAssist to conduct malicious attacks. The attackers are using a diverse environment of infected organizations to conduct their attacks and communicate with other organizations using the default Teams configurations.
Campaigns
Cybercrooks target Bengal cat lovers in Australia • The Register - Cybercriminals are now moving from games forums, adult content, and other sites, to the more benign. Poisoning search results with fake forums with URLs linked to malware.
Cybercrims target global orgs using fake copyright notices • The Register - Victims are sent emails pretending to be from media and technology companies falsely alleging a copyright violation regarding content on their business Facebook pages. Zip files are included that supposedly contain “content-removal instructions” but actually harbors a malicious package using the Rhadamanthys infostealer.
FBI says hackers are sending fraudulent police data requests to tech giants to steal people’s private information | TechCrunch - Threat-actors break into and maintain access to .gov email address, then send request for private information citing serious threats to life. Tech companies may willingly participate in this process without court order or subpoena. While these can be life preserving, they also can be highly abused.
Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw | TechCrunch - Kernel-level anti-cheat systems are getting wildly out of control. And this was a perfect example. A hacker, Vizor, provided details of a campaign they ran against players of Activision’s Call of Duty to highlight issues with the companies anti-cheat software, Ricochet. The hacker discovered that Ricochet was using “signatures” to detect users using aim-assist and other technologies. The software specifically scanned all of the devices memory to look for the string Trigger Bot and if found perma-banned the players. Vizor just messaged the other users the words, and poof perma-banned.
Privacy
‘FYI. A Warrant Isn’t Needed’: Secret Service Says You Agreed To Be Tracked With Location Data - If you accepted being tracked by your apps, the Secret Service says they’re just going to buy that data, 4th amendment or not.
Etc…
Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users - Google claims AI first after SQLite security bug discovered • The Register iPhones might be harder for police to unlock, thanks to new reboot feature | TechCrunch