Security Leftovers

posted by Roy Schestowitz on Aug 15, 2023

• Can you pass the Rekt test?

  One of the biggest challenges for blockchain developers is objectively assessing their security posture and measuring how it progresses. To address this issue, a working group of Web3 security experts, led by Trail of Bits CEO Dan Guido, met earlier this year to create a simple test for profiling the security of blockchain teams.

• US Cyber Safety Board to Review Cloud Attacks

  The US government's CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication.

• Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying

  Vulnerabilities in CyberPower and Dataprobe power management products could be exploited in data center attacks, including to cause damage and for spying.

• Steam Deck Gets Belated Zenbleed Patch For AMD's Vulnerability

  The Linux community patched Zenbleed for all AMD Ryzen processors with Zen 2 cores last month, but the Steam Deck and its custom Zen 2 SoC were forgotten until this weekend.

• AMD Zen 1 Vulnerability Not Properly Fixed, Second Pass Issued

  AMD Linux security engineer Borislav Petkov issued a new patch towards fixing the Zen 1-exclusive "Divide by zero" bug, showcasing both the willingness to revisit "explored" issues and the difficulty in security mitigation.

• Hackers explore ways to misuse AI in major security test

  Generative AI's security vulnerabilities — and how we get ahead of them — are about to become the tech and policy world's top priorities after this past weekend's largest security test of large language models revealed just how diverse the problems already are.

• CrowdStrike: Microsoft Is Failing At Security [Ed: This is a Microsoft-connected firm run also by "former" Microsoft staff, so this is a big deal]

  In the wake of recent vulnerabilities and high-profile attacks, there is growing concern regarding vulnerabilities present in Microsoft’s software and increasing intensity focused on the question of Microsoft’s culpability.

• Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge

  Since the beginning of the modern internet, distributed denial of service (DDoS) attacks have been a scourge. The first known example of a major DDoS attack happened in 1996 when prominent New York commercial internet provider Panix suffered an attack that knocked its servers offline for several days. In the years since then, the size and scope of DDoS attacks have grown, alongside a significant increase in their frequency.

• China [Cracked] Japan’s Military Networks

  The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story:

  The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.

• US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator

  US authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service.

• Scorpion CBS show. Plane hack

  Having got on a bit of a roll with dismantling plane hacking in the media with the MH370 documentary critique...

• Die Hard 2. Or how not to hack airplanes

  How could I criticise possibly the best action movie series of all time? Well, it’s to help dispel myths about hacking planes.

• Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles

  Ford says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system on certain vehicle models does not pose a safety risk.

• Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

  Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs.

• Cybersecurity provider Secureworks to let go 15% of its workforce

  Secureworks Inc. is laying off 15% of its workforce in a bid to improve profitability and redirect more resources to its flagship cybersecurity product suite. The company disclosed the move in a regulatory filing released today.

• Mitigating the latest processor attacks will be a chore on many levels

  The names Downfall, Inception, Meltdown and Spectre might evoke the names of Bond villains, but they describe something almost as insidious: They are all central processing unit-based security vulnerabilities that have been uncovered in the past several years.

• Getting regulation right to improve Australia’s cybersecurity

  Poor cybersecurity is a risk to the interconnected digital systems on which we all increasingly rely, while improved security is an opportunity to build trust and advantage by enabling further digital transformation.

• Monti ransomware targets VMware ESXi servers with new Linux locker

  In September 2022, an Intel471 report highlighted the increased likelihood of Monti being a rebrand of Conti based on their identical initial network access methods.

• Security updates for Tuesday

  Security updates have been issued by Debian (samba), Red Hat (.NET 6.0, .NET 7.0, rh-dotnet60-dotnet, rust, rust-toolset-1.66-rust, and rust-toolset:rhel8), and SUSE (kernel and opensuse-welcome).

• 134K Massachusetts residents impacted by ‘global security incident’ [Ed: Microsoft Windows TCO]

  Massachusetts health officials are warning over 134,000 individuals who are currently or were previously enrolled in certain state programs that their personal information has been involved in a recent third-party data security breach. The breach is part of a worldwide incident that involves a file-transfer software program called “MOVEit.”

  UMass Chan Medical School first became aware of the vulnerability in MOVEit on June 1. On July 27, UMass Chan discovered that some of the files contained information belonging to individuals who received services from the Executive Office of Health and Human Services. This includes programs such as MassHealth, the State Supplement Program, Family Resource Centers, the Executive Office of Elder Affairs, and Aging Services Access Points. The affected individuals are a subset of current or recent participants in these programs.

• Hackers may have stolen SSNs, other info from Coastal Orthopedics

  Sensitive information — including Social Security numbers, birthdays and addresses — for current and former patients at Coastal Orthopedics may have been compromised after an attacker hacked into the company’s system. The company detected suspicious activity on its network around June 11, prompting an investigation, according to a press release. Although the investigation is ongoing, Coastal Orthopedics determined that “certain files and folders within the network were taken without authorization.”

• Prince George’s County Public Schools responding to cyberattack

  Fox5 in D.C. reports Prince George’s County Public Schools revealed Monday its network experienced a cyber attack.

  [...]

  As of yesterday, then, there was no mention of whether this might be a ransomware incident or if there has been any ransom demand received.

• PGCPS network hit by cyber attack: 4,500 accounts affected

  Prince George's County Public Schools revealed Monday its network experienced a cyber attack.

  The school district says an estimated 4,500 user accounts were impacted out of 180,000.

• Discord.io confirms breach after hacker steals data of 760K users

  The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.

  Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service’s Discord server, with over 14,000 members.

  Yesterday, a person known as ‘Akhirah’ began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.

• Three managers picked up; 2 others invited for breaching Ghana data protection law

  Three managers were arrested on Monday by the Data Protection Commission (DPC) and the Criminal Investigations Department (CID) of the Ghana Police Service for breaching the Data Protection Act, 2012 (Act 843).

  The three institutions are Hisense, an electronic goods dealership, Marwako Fast Foods and Agyabeng Akrasi and Co Limited, a law firm.

  Two others – Quick Credit and Investment Micro-Credit and Bemuah Royal Hospital, were asked to report to the CID by Tuesday morning at the latest for further interrogation.

• Press notice regarding data breach at Norfolk and Suffolk police

  Norfolk and Suffolk constabularies have identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.

  A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question. The data was hidden from anyone opening the files, but it should not have been included.

• United Bank Notifies Individuals of MOVEit Breach Involving Camden-Clark Physician Corporation and Camden-Clark Memorial Hospital Corporation

  United Bank, a financial services institution which provides banking services to Camden-Clark Physician Corporation, a physicians’ group practice located in Parkersburg, W.V. and Camden-Clark Memorial Hospital Corporation (collectively “Camden-Clark”), suffered a data security incident. This data security incident involved the compromise of a software product called MOVEit that is used by thousands of organizations around the world to transfer electronic data files.