Security Leftovers

posted by Roy Schestowitz on Aug 26, 2023

• Microsoft Released a Windows 11 Update That’s Causing PCs to BSOD

  Microsoft is investigating reports that a Windows 11 update released this month is causing the Blue Screen of Death (BSOD) to appear due to an “unsupported processor” error.

• A Beginner’s Guide to Adversary Emulation with Caldera

  Target Audience The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation.

• Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

  Cisco has released patches for three high-severity vulnerabilities in NX-OS and FXOS software that could lead to denial-of-service (DoS) conditions.

• A broken marriage. Abusing mixed vendor Kerberos stacks

  My first DEF CON talk was nerve-racking but something I would definitely put myself through again.

• The Engineer’s Guide to Blockchain Finality

  By Benjamin Samuels Many security-critical off-chain applications use a simple block delay to determine finality: the point at which a transaction becomes immutable in a blockchain’s ledger (and is impossible to “undo” without extreme economic cost).

• Scaling, Security Driving Adoption of Calico Networking Software

  The need to scale services and enforce cybersecurity polices are the top two reasons for adopting the open source Calico networking software.

• FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective

  The FBI says that the patches Barracuda released in May for an exploited ESG zero-day vulnerability (CVE-2023-2868) were not effective.

• UK Court Concludes Teenager Behind Huge Hacking Campaign

  A UK court has found a teenager responsible for a hacking campaign that included one of the biggest breaches in the history of the video game industry.

• Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint [Ed: Microsoft is not the security expert but the culprit; Taiwan should not have deployed Microsoft's back-doored spyware anywhere, but now it pays the price]

  Microsoft warns that Chinese spies are hacking into Taiwanese organizations with minimal use of malware and by abusing legitimate software.

• Microsoft says Chinese hacking crew is targeting Taiwan [Ed: No, they target Windows and other back-doored Microsoft stuff; way to shape the narrative, framing the culprit as the victim and also the expert]

  A group dubbed Flax Typhoon has targeted "dozens" of Taiwanese organizations, according to new research from Microsoft.

• University of Minnesota Confirms Data Breach, Says Ransomware Not Involved

  University of Minnesota confirms data was stolen from its systems, says no malware infection or file encryption has been identified.

• Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device

  Mysterious Whiffy Recon malware scans for nearby Wi-Fi access points to obtain the location of the infected device.

• Malware-infected advertising grows ever more sophisticated, and lethal [Ed: Adblocking is very good practice that should be universally recommended]

  The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in lethality. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove.

• A new ransomware gang is claiming it hacked a U.S. hospital system

  The Rhysida ransomware gang claimed responsibility Thursday for a recent cyberattack on Prospect Medical Holdings, according to a dark web listing reviewed by Axios.

  Why it matters: The new ransomware gang alleges it stole more than 500,000 Social Security numbers and photocopies of employees' driver's licenses and passports, along with other legal and financial documents.

  ---

  • Axios was able to confirm that at least some of the stolen data is legitimate using public records.

• Parmesan Anti-Forgery Protection

  The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.

• Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks

  Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to  take control of servers and hack HMIs. 

• Cybersecurity Companies Report Surge in Ransomware Attacks [Ed: Windows TCO]

  Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks.

• Exploitation of Ivanti Sentry Zero-Day Confirmed

  While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it.

• Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day [Ed: Windows TCO]

  A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money.

• Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack

  Danish cloud hosting provider CloudNordic says most customers lost all data after ransomware shut down all its systems and servers.

• Illinois Department of Insurance Fails To Investigate CUNA Mutual Group’s Involvement With Murder-For-Hire Plot, Insurance Fraud, and MOVEit Data Breach, Again.

  Last month, I received a letter that my spouse’s data had been stolen from a “vendor” that was involved in the MOVEit breach.

  This time I complained to the Illinois Department of Insurance that CUNA Mutual Group should be held completely responsible for their poor security practices.

  They replied telling me they were doing nothing again.

  The letter from CUNA Mutual Group’s “Compliance Officer” basically said that they don’t have to secure their systems, because they “complied with Illinois law” simply by reporting all of the data breaches to the IDOI and Attorney General and offered a little bit of “complimentary identity theft monitoring”.

  [...]

  As victims of CUNA Mutual Group, CMFG, TruStage, whatever they CALL THEMSELVES, I want to post this so that anyone considering doing business with them knows that their security practices are appalling, they simply do not care if there is a data breach because NOBODY will punish them for it, and they consider the matter closed (as does the State) simply for informing the State every time there was a breach.

  You should not do business with CUNA Mutual, CMFG, TruStage, because their business practices are awful.

  They do not even verify that the insurance policies being written are actually requested by the victim. In this case, my husband.

  They just go ahead and write the policies without doing any sort of basic ID check, which can easily be accomplished with security questions from a credit file and asking for a photograph of your State ID.