Security Leftovers
-
CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans | CISA
The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019.
-
CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors | CISA
Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat.
CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.
-
Microsoft Releases May 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
-
Microsoft issues patches for 38 flaws, including zero-day in Secure Boot
Narang said another zero-day attacked Secure Boot. “CVE-2023-24932 is a security feature bypass vulnerability in Secure Boot. This vulnerability was exploited in the wild as a zero-day and was publicly disclosed prior to patches being made available," he explained.
"It appears to be related to a report from ESET from March regarding BlackLotus, a Unified Extensible Firmware Interface bootkit that has been available to cyber criminals since October 2022 and can be purchased for US$5000 on hacking forums.
"The report said at the time that the bootkit was capable of bypassing the UEFI Secure Boot security feature on fully patched systems. An attacker could exploit this flaw if they had physical access or administrative rights to a vulnerable system.”
-
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
-
Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days
Microsoft’s May 2023 security updates address a total of 40 newly documented vulnerabilities, including two flaws already exploited in attacks.
-
Feds Take Down 13 More DDoS-for-Hire Services
-
PIPEDREAM Malware against Industrial Control Systems
Another nation-state malware, Russian in origin:
In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).
[...] -
US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency.
> -
Privilege Escalation in Cloud-Native App Production Environments
With today's modern digital applications, managing access permissions during operational events is crucial to ensuring the safety and security of an organization’s production applications and infrastructure. A common and essential security principle, the principle of least privilege, states that developers and support engineers should have as little access as possible
-
U.S. Says It Dismantled Russia’s ‘Most Sophisticated’ Malware Network
The Justice Department said the F.B.I. had turned the structure of the Russian intelligence service’s “Snake” network for spying on computers against itself.
-
FBI disrupts sophisticated Russian cyberespionage operation
The FBI operation dubbed “Medusa” targeted nearly 2o-year-old malware operated by Turla, a unit within the Federal Security Service of the Russian Federation, which has been known for years as one of Russia’s premier cybersespionage outfits.
The group was using and continuously updating a piece of malware known as “Snake” — which dates back to 2004 — to steal sensitive documents from hundreds of computer systems in at least 50 countries, the U.S. Department of Justice said in a statement. The stolen material was then exfiltrated through a covert network of Snake-compromised computers in the U.S. and other countries.
-
Hunting Russian Intelligence “Snake” Malware
We consider Snake to be the most sophisticated cyber espionage tool in the FSB’s arsenal. The sophistication of Snake stems from three principal areas. First, Snake employs means to achieve a rare level of stealth in its host components and network communications. Second, Snake’s internal technical architecture allows for easy incorporation of new or replacement components. This design also facilitates the development and interoperability of Snake instances running on different host operating systems. We have observed interoperable Snake implants for Windows, MacOS, and Linux operating systems. Lastly, Snake demonstrates careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity.
-
FBI-led Op Medusa slays NATO-bothering Russian military malware network
Turla, the FSB-backed cyberspy group, has used versions of the Snake malware to steal data from hundreds of computer systems belonging to governments, journalists, and other targets of interest in at least 50 countries, according to the US Justice Department. After identifying and stealing sensitive files on victims' devices, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the US.