[InfoSec MASHUP] Week 33/2024
Black Hat and DEF CON recaps; Alleged breach of 2.7 billion records; Russia blocking access to Signal app; LockBit infiltrated; Iran trying to interfere in US elections; First PQC standards are here;
Welcome to the 25 new members from the last 30 days! This newsletter now has 1,495 subscribers.
Partners and Affiliates
Save up to 73% + get free travel data! Users buying a 2-year NordVPN plan will get up to 20GB of free travel data from Saily:
Basic plan - 1GB; Standard & Plus plans - 3GB; Complete plan - 10GB; Ultimate plan - 20GB
Claim your gift right away. New NordVPN users will be able to claim their Saily travel data using a coupon code via the Saily app.
➝ The best hacks and security research from Black Hat and Def Con 2024
➝ Black Hat USA 2024 – Summary of Vendor Announcements
➝ DEF CON badge disagreement gets physical as firmware dev removed from event stage
Breaches & Security Incidents
🇰🇵 🇰🇷 South Korea's ruling party claims that North Korean hackers stole important technical data about the country's K2 tanks and spy planes — They are worried this information could help North Korea avoid military surveillance and gain a battlefield advantage. The party is calling for stronger cybersecurity measures to protect against these cyberattacks.
🇦🇺 🔓 Evolution Mining, a major Australian gold producer, was hit by a ransomware attack on August 8, 2024, affecting its IT systems. The company has brought in cybersecurity experts and says the attack is contained, with no expected impact on mining operations. So far, no major ransomware groups have claimed responsibility, and it's unclear if any data was stolen.
🇺🇸 🔓 Hackers leaked nearly 2.7 billion records of personal information, including Social Security numbers, from a company called National Public Data. The leaked data, which is unencrypted and may be outdated, has led to multiple class action lawsuits against the company. If you live in the US, your personal information may be included in this breach, so it's important to monitor your credit for any suspicious activity.
➝ As usual, the very good and thorough analysis by Brian Krebs.
🇺🇸 🔓 The East Valley Institute of Technology (EVIT) reported a data breach affecting over 200,000 individuals, compromising personal and health information. The breach occurred on January 9 when unauthorized access was gained to EVIT’s network. EVIT is offering one year of free identity protection services to those impacted.
➝ More breaches:
3AM ransomware stole data of 464,000 Kootenai Health patients
Mayor of Columbus, Ohio, Says Ransomware Attackers Stole Corrupted, Unusable Data
Cybercrime, Cyber Espionage, APT’s
Nigerian who hacked Texas retirement fund gets 12 years in prison
Russian who sold 300,000 stolen credentials gets 40 months in prison
🇮🇷 🇺🇸 APT42, an Iranian-backed group, has intensified its phishing campaigns targeting high-profile individuals in Israel and the U.S., including those connected to the current U.S. presidential election. They use tactics like social engineering and fake emails to steal login credentials from government officials, diplomats, and campaign workers. Google has actively disrupted these attacks by securing compromised accounts and alerting affected users.
🇮🇷 🇺🇸 Iran is increasing its efforts to interfere in the 2024 U.S. elections by spreading fake news and attempting to hack into candidates' accounts, according to a Microsoft report. Four Iranian hacking groups have been involved, targeting political figures and aiming to create chaos, especially in swing states. Microsoft warns that these actions are part of a pattern of Iranian influence operations that have been seen in previous U.S. elections.
↘︎↘︎↘︎
Trump campaign says emails were hacked, jumpstarting ‘a wild ride’ to election day
What We Know About Suspected Iranian Cyber Intrusion in the US Presidential Race
Elon Musk Says Cyberattack Crashed Site Ahead of Trump Livestream Interview
Musk claims there was a DDOS attack on X — but The Verge is told there was not.
🇺🇸 💸 A Texas company called Orion lost $60 million in a bank wire transfer scam. Fraudsters tricked employees into sending money to accounts they controlled.
🇷🇺 Russian hackers targeted human rights groups, media outlets, and a former U.S. ambassador using deceptive emails that appeared to come from trusted contacts. Researchers found that the hackers employed clever social engineering tactics to trick their victims into revealing personal information. This ongoing threat highlights the Kremlin's persistent efforts to undermine those they view as adversaries, even in the face of international scrutiny.
🇧🇾 🇺🇸 Maksim Silnikau, a Belarusian-Ukrainian national, was arrested in Spain and extradited to the U.S. for creating the Ransom Cartel ransomware operation and running a malvertising scheme. He is accused of using fake identities to promote cybercrime and deceive victims into clicking on malicious ads. If convicted, Silnikau could face over 100 years in prison for various charges, including fraud and identity theft.
🇺🇸 ❌ The FBI has taken down a ransomware gang called Radar, also known as Dispossessor, which had hacked at least 43 companies since August 2023. They seized the gang's servers and domains in the UK and Germany.
🌐 Nearly 200 countries have agreed on a UN treaty to combat cybercrime, but privacy advocates fear it may lead to human rights violations. Critics warn that the treaty could enable governments to intrude on personal communications and target dissenting voices. Supporters argue it balances the need for law enforcement with privacy concerns, but many believe it could be misused by repressive regimes.
🇨🇳 🇷🇺 Chinese hacking groups APT31 and APT27 have launched targeted cyberattacks against Russian government and IT systems, dubbed "EastWind." The attackers used phishing emails to deploy sophisticated malware like CloudSorcerer and GrewApacha, which can steal data and execute commands. This situation highlights the complex relationship between China and Russia, where both cooperate publicly but engage in cyberespionage against each other.
🇺🇸 🇰🇵 A Nashville man, Matthew Isaac Knoot, has been charged for helping North Koreans secure remote IT jobs in the U.S. using a stolen identity. He allegedly ran a "laptop farm" to facilitate this scheme, which generated revenue for North Korea's weapons program. If convicted, Knoot could face up to 20 years in prison for his actions.
🥸 Cybersecurity researcher Jon DiMaggio infiltrated the LockBit ransomware gang, gaining the trust of its leader, Dmitry Khoroshev, using fake identities. After law enforcement took down the gang's website, DiMaggio identified Khoroshev and publicly doxxed him with detailed information. DiMaggio hopes his experience shows how researchers can effectively investigate cybercriminals but warns of potential consequences for such actions.
Government, Politics, and Privacy
🇺🇸 👀 The FBI used a tool called Hola iBot to monitor messages from the encrypted app Anom, which they secretly controlled. This system allowed them to track users' locations, analyze conversations, and connect criminal networks across the globe. The Anom operation led to thousands of arrests and significant drug seizures, but some cases still faced legal challenges.
🇺🇸 A new bipartisan Senate bill requires federal contractors to implement vulnerability disclosure policies that follow national guidelines — This legislation aims to help contractors identify and fix security issues before they lead to cyberattacks. It also ensures that security researchers can report vulnerabilities directly to contractors without additional hurdles.
🇮🇳 🇺🇸 India's competition regulator accidentally published two reports containing confidential data about Apple, prompting the company to complain. The regulator has now asked for the reports to be returned so they can redact the sensitive information. Apple is under investigation for potentially abusing its market position with the App Store.
🇪🇺 💰 The 10 Largest GDPR fines on Big Tech - The European Union's General Data Protection Regulation (GDPR) has imposed significant fines on major tech companies since its implementation in 2018. Meta, the owner of Facebook and Instagram, has received the largest penalties, including a record €1.2 billion fine in May 2023. Other companies like Amazon and ByteDance have also faced hefty fines for various data protection violations.
X faces GDPR complaints for unauthorized use of data for AI training
🇷🇺 💬 Russia's telecommunications agency has blocked access to the Signal messaging app, claiming it violated anti-terrorism laws. Users in Russia reported issues connecting to Signal, which has been added to a list of restricted services. Signal is working on ways to help users bypass these blocks and has highlighted the need for better encryption technologies.
🇨🇳 🇺🇸 A large network of AI accounts known as "Green Cicada," linked to a Chinese university and AI company, has been discovered operating on X (formerly Twitter). This network, which has at least 5,000 accounts, is suspected of trying to disrupt the upcoming US presidential election by spreading divisive political content. Experts warn that while the network is currently ineffective, it could pose a significant threat in the future.
Partners and Affiliates
🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.
Malware & Threats
🦠 🇨🇳 A new malware called ValleyRAT is targeting Chinese-speaking users through advanced tactics — It uses a multi-stage process to control infected systems and can execute commands like taking screenshots and loading additional plugins. The malware is designed to avoid detection by antivirus software and impersonates legitimate applications to trick users.
🇺🇦 ❌ Scammers are using fake content warnings about the Ukraine war and earthquakes in Japan on X to lure users into clicking on links that lead to scam sites. These posts often look like they contain adult videos but instead redirect users to malicious content or shady affiliate sites. The scammers use a technique that tricks X into displaying their posts as if they contain legitimate warnings.
Ukraine Warns of New Phishing Campaign Targeting Government Computers
🦠 A widespread malware campaign has infected over 300,000 browsers by force-installing malicious extensions that hijack homepages and steal browsing data. The malware disguises itself as popular software and modifies browser files to remain hidden and persistent. Victims must manually remove the malware and its effects, as it complicates removal and disables browser security updates.
AI, Tech & Tools
🤖 AI Security Shared Responsibility Model: Navigating Risks in AI Deployment
🤖 A Ferrari executive received suspicious messages and a call from someone pretending to be CEO Benedetto Vigna, using deepfake technology. The executive became suspicious and asked a question that only Vigna would know, causing the call to end abruptly. This incident highlights the growing threat of deepfake scams targeting high-profile individuals in business.
🔐 The U.S. National Institute of Standards and Technology has released new post-quantum cryptography standards to protect against future quantum computers that could break current encryption methods. There is a pressing need for organizations to assess their cryptographic practices and prepare for the transition to these new standards.
🤖 MIT researchers have created an AI risk repository that catalogs over 700 different risks associated with AI systems — This database aims to help policymakers and industry stakeholders understand and address the diverse risks of AI, which are often overlooked in existing frameworks. The researchers hope this resource will improve AI safety evaluations and guide future regulations.
🪳 💰 Anthropic has launched a bug bounty program offering up to $15,000 for finding critical vulnerabilities in its AI systems — This initiative aims to enhance AI safety by inviting ethical hackers to test for potential exploits before the technology is publicly deployed. Amidst increasing regulatory scrutiny, Anthropic's focus on transparency and safety sets it apart from other AI companies.
🇺🇸 🤖 The Pentagon's DARPA competition challenged 90 teams to create AI tools that can find and fix vulnerabilities in open-source code. The teams successfully identified 22 vulnerabilities, with one team discovering a new issue in the widely used SQLite database. This initiative aims to enhance cybersecurity by leveraging AI to address the growing number of software flaws.
Vulnerabilities, Research, and Threat Intelligence
➝ Patch Tuesday:
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps
Adobe Calls Attention to Massive Batch of Code Execution Flaws
Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
🔓 ☁️ Attackers exploited security flaws in cloud environments by accessing exposed .env
files, which contained sensitive credentials. They used these credentials to scan over 230 million targets and gain unauthorized access to various organizations' Amazon Web Services (AWS) accounts. This campaign highlights the importance of proper cloud security practices to prevent data breaches and extortion.
🔓 A newly discovered vulnerability called ArtiPACKED in GitHub Actions can allow attackers to take over repositories by leaking access tokens. This issue arises from misconfigurations and security flaws, making sensitive data publicly accessible in open-source projects. Organizations are urged to reevaluate their use of GitHub artifacts to prevent potential exploitation.
🔓 🤖 Researchers found two security flaws in Microsoft's Azure Health Bot Service that could let hackers access sensitive patient data. These vulnerabilities have been patched, and there is no evidence they were exploited. The issues highlight the need for strong security in AI chatbot services.
👀 In the first half of 2024, VulnCheck reported 390 new vulnerabilities exploited in the wild, highlighting ongoing threats to various software products. The data shows that 53 of these were zero-day vulnerabilities, with many being weaponized before their public disclosure — read more and have a peek into 1H-2024 vulnerability exploitation.
🪳 🩹 Google's Project Zero team has made progress in addressing zero-day vulnerabilities, but many challenges remain, especially regarding software quality and patching. Vendors play a crucial role in fixing these issues, as relying solely on security research is not enough — Project Zero: ‘It Will Take All of Us to End The Era of Zero Days’.
🪳 🖥️ A new vulnerability called Sinkclose affects AMD processors, allowing deep access to compromised systems — AMD stated that exploiting this flaw requires prior access to the system's security, making it a threat primarily for already breached devices. The company is releasing firmware updates to mitigate the risk but cautions that not all older CPUs will receive patches.
🪳 🔓 Microsoft has revealed four security flaws in OpenVPN that could allow attackers to take control of systems and access sensitive data. The vulnerabilities require user authentication and affect all versions before 2.6.10 and 2.5.10. Attackers could exploit these flaws by gaining access to a user's credentials through various methods.
🪳 💸 A security researcher found vulnerabilities in ransomware leak sites that helped save six companies from paying ransoms. Two companies received decryption keys, while four crypto firms were warned before their data was encrypted.
ICS, OT & IoT
ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva
Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks
🇺🇸 The White House is creating a new office to study and secure open source software in critical infrastructure — This initiative follows a year of feedback from the hacker community and aims to address vulnerabilities highlighted by past cyberattacks. The program will work with the Department of Homeland Security and other agencies to enhance the security of open source software.