Security Leftovers

posted by Roy Schestowitz on Jun 07, 2023

• Ripping Off Professional Criminals by Fermenting Onions - Phishing Darknet Users for Bitcoins

  In 2018, I read about the perfect crime of stealing the money of credit card fraudsters by making fake carding sites.

  At the time, this felt genius to me; the attackers were apparently making a decent living while nobody was presumably coming after them. (Except maybe now someone will, as they got Krebs'd by Brian).

• New ways to reduce the chances of ransomware attacks [Ed: Don't use Windows. But this site gets money from Microsoft.]

  Just this past week, ransom attacks have hit a major Spanish bank, a Canadian university and a legal software-as-a-service platform. So it's good timing that two reports released in the past month from IBM Corp. and Amazon Web Services Inc. are providing guides to how to combat the terrible tide.

• New tool scans iPhones for 'Triangulation' malware infection

  Although the malware analysis is still underway, the cybersecurity firm noted that the 'Operation Triangulation' malware campaign uses an unknown zero-day exploit on iMessage to perform code execution without user interaction and elevated privileges.

  This allows the attack to download further payloads to the device for further command execution and information collection.

  It should also be noted that the FSB, Russia's intelligence and security service, linked the malware to infections of high-ranking government officials and foreign diplomats.

• Linux-based System76 prefers to shut off the Intel Management Engine

  Open Sauce outfit worried about the closed firmware

  Linux computer vendor System76 has said that it prefers to disable the Intel Management Engine wherever possible to reduce the amount of closed firmware running on System76 hardware.

  Phoronix reports that the move will "benefit their latest Intel Core 13th Gen 'Raptor Lake' wares and prior generation devices."

  Intel ME is disabled for their latest Raptor Lake laptops and most older platforms, with some exceptions, like having a silicon issue with Tiger Lake.

• Security updates for Tuesday

  Security updates have been issued by Debian (linux-5.10), Red Hat (cups-filters, curl, kernel, kernel-rt, kpatch-patch, and webkit2gtk3), SUSE (apache-commons-fileupload, openstack-heat, openstack-swift, python-Werkzeug, and openstack-heat, python-Werkzeug), and Ubuntu (frr, go, libraw, libssh, nghttp2, python2.7, python3.10, python3.11, python3.5, python3.6, python3.8, and xfce4-settings).

• Malicious Chrome extensions with 75M installs removed from Web Store

  Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.

  The extensions featured legitimate functionality to keep users unaware of the malicious behavior that came in obfuscated code to deliver the payloads.

• British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack [Ed: Microsoft is to blame, but of course Microsoft blames Russia (or China) to change public opinion. Microsoft executives need to be arrested for the security failings (deliberate), not approached for advice on security and even paid for their time.]

  British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.

• Pacific Union College was attacked on March 27. When will they publicly admit personal info was compromised?

  That Pacific Union College (PUC) experienced a cyberattack is not a secret. The college even posted a notice on their website on April 7 stating that they were experiencing “Additional complications relating to the ongoing cybersecurity issue, which has recently affected some of our internal networks, phone systems, and web services. The remainder of the notice provided the status of various types of systems and services and assured the community of updates “as new information becomes available.”

• Coincidence or is something up in the courts?

  On June 5, 2023, in the U.S. case against Diogo Santos Coelho (“Omnipotent” of RAIDForums), Lauren Pomerantz Halper was added as an attorney for the U.S.

  On June 5, 2023, in the U.S. case against Conor Brian Fitzpatrick (“Pompompurin” of BreachForums), Lauren Pomerantz Halper was added as an attorney for the U.S.

  That the same prosecuting attorney would be involved in both cases is no surprise given how the forums were run and the alleged interactions between Coelho and Fitzpatrick. But why was Halper’s appearance announced yesterday in both cases? Is something up or about to be announced?

• Brute Forcing Simple Archive Passwords, (Mon, Jun 5th)