Bruce Schneier Edition
Excellent Write-up of the SolarWinds Security Breach
Surveillance of the Internet Backbone
[2021.08.25] Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.
At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.
In the hands of some governments, that could be dangerous.
Interesting Privilege Escalation Vulnerability
[2021.08.26] If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.
It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin.
Details of the Recent T-Mobile Breach
I’ve lost count of how many times T-Mobile has been hacked.
Zero-Click iPhone Exploits
These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they are hacked.
The Massive Costs of Ransomware Attacks
Ransomware attacks have continued to increase in 2021, creating challenges for individuals and organizations throughout the world. Major victims of recent attacks include Apple, Colonial Pipeline, and more.
The post The Massive Costs of Ransomware Attacks appeared first on CHIPS.
Posted by NADAV LORBER on September 21, 2021
In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes under the radar of security solutions. Following this discovery, the Morphisec Labs team has been made aware of multiple high-level targets that are under threat from the Jupyter infostealer. We are currently investigating the scope of the campaign.
The blog post that follows outlines the new delivery chain, showcasing how threat actors continue to develop their attacks to become more efficient and evasive. See full article with screenshots, TTPs and IOCs…
Putting management into the hands of an algorithm is a major mistake. Does this actually have to be said?
It wasn’t so long ago that Uber started a revolution in work: managing workers—or is it freelancers?—via an algorithm-driven app. The gig economy was born. Its promise was to save consumers money and enable anyone with a car to earn quick, easy cash. And, of course, to make Uber’s founders and investors rich.
That was then. We know better now.
Oh, the model is more popular than ever. Thanks to the COVID-19 pandemic, for example, food delivery services exploded: 60% of US consumers now order delivery or takeout once per week from DoorDash, Uber Eats, Grubhub-Seamless, or their minor competitors. There’s only one little problem. All those gig economy promises turned out to be lies—an important lesson for smaller firms that might be tempted to try to mimic all that “success.” More…
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech and other sectors.