Security Leftovers

posted by Roy Schestowitz on Mar 01, 2023

• Side-Channel Attack against CRYSTALS-Kyber

  Researchers have just published a side-channel attack--using power consumption--against an implementation of the algorithm that was supposed to be resistant against that sort of attack.

• Dish hit by multiday outage after reported cyberattack | TechCrunch

  U.S. satellite television provider Dish is experiencing a multiday outage after a reported cyberattack, with customers unable to access streams, services or their accounts.

• Social engineering attack on Boston labor union results in $6.4 million loss

  A cyberattack on a Boston-based labor union’s health fund resulted in the loss of $6.4 million, but it does not appear that the personal information of members was stolen or compromised, union officials said.

  Federal and local law enforcement agencies were notified of the attack at Pipefitters Local 537 that was discovered Feb. 7 and the union retained a cyber security forensic investigator, union business manager/financial secretary-treasurer Daniel O’Brien said in a message to members.

• LastPass says employee’s home computer was hacked and corporate vault taken

  Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

  Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

• Forget the spy balloon. China-linked hackers collect far more information, report says.

  Even as the Chinese spy balloon floated across the U.S., China-linked hackers were gathering far more information by breaking into computer networks in America and around the world, according to a new report by a leading cybersecurity firm.

  CrowdStrike says in its annual global threat report that it observed China-linked cyberespionage groups targeting 39 industries on nearly every continent. About a quarter of the hacking was aimed at North America, while most of it targeted China’s Asian neighbors, the report found. The techniques China used have become increasingly sophisticated as cybersecurity has improved, the report found.

  “They’re endemic at this point — they're everywhere,” said Adam Meyers, CrowdStrike’s head of intelligence.

• CrowdStrike: Threat actors shifting away from ransomware

  CrowdStrike's '2023 Global Threat Report' showed a 20% increase in the number of threat actors using data theft and extortion tactics without deploying actual ransomware.

• U.S. Marshals Service suffers 'major' security breach that compromises sensitive information, senior law enforcement officials say

  The U.S. Marshals Service suffered a security breach over a week ago that compromises sensitive information, multiple senior U.S. law enforcement officials said Monday.

  In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”

  Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system."

• Another Texas school district with a data breach?

  There is no notice on WSISD’s website that DataBreaches could find about any incident or cyberattack, and it’s not known if any files were encrypted or if this was an attack in which data were just exfiltrated for ransom or extortion purposes. None of the files in the proof pack are demonstrably recent files, and a number of them have dates suggesting that they are from 2015 or earlier. One file, however, had an image of a passport issued in 2020.