A quick Saturday digest of cybersecurity news articles from other sources.
Bruce Schneier Edition
Excellent Write-up of the SolarWinds Security Breach
[2021.08.30] Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.
Surveillance of the Internet Backbone
[2021.08.25] Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.
At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.
In the hands of some governments, that could be dangerous.
Interesting Privilege Escalation Vulnerability
[2021.08.26] If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.
It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin.
Details of the Recent T-Mobile Breach
[2021.08.27] Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security.
I’ve lost count of how many times T-Mobile has been hacked.
Zero-Click iPhone Exploits
[2021.09.01] Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government.
These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they are hacked.
The Massive Costs of Ransomware Attacks
Ransomware attacks have continued to increase in 2021, creating challenges for individuals and organizations throughout the world. Major victims of recent attacks include Apple, Colonial Pipeline, and more.
The post The Massive Costs of Ransomware Attacks appeared first on CHIPS.
NEW JUPYTER EVASIVE DELIVERY THROUGH MSI INSTALLER
Posted by NADAV LORBER on September 21, 2021
In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes under the radar of security solutions. Following this discovery, the Morphisec Labs team has been made aware of multiple high-level targets that are under threat from the Jupyter infostealer. We are currently investigating the scope of the campaign.
The blog post that follows outlines the new delivery chain, showcasing how threat actors continue to develop their attacks to become more efficient and evasive. See full article with screenshots, TTPs and IOCs…
My boss, the algorithm
Putting management into the hands of an algorithm is a major mistake. Does this actually have to be said?
It wasn’t so long ago that Uber started a revolution in work: managing workers—or is it freelancers?—via an algorithm-driven app. The gig economy was born. Its promise was to save consumers money and enable anyone with a car to earn quick, easy cash. And, of course, to make Uber’s founders and investors rich.
That was then. We know better now.
Oh, the model is more popular than ever. Thanks to the COVID-19 pandemic, for example, food delivery services exploded: 60% of US consumers now order delivery or takeout once per week from DoorDash, Uber Eats, Grubhub-Seamless, or their minor competitors. There’s only one little problem. All those gig economy promises turned out to be lies—an important lesson for smaller firms that might be tempted to try to mimic all that “success.” More…
Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech and other sectors.
Share
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com