-
News & Notes: July 30, 2021
Estonia arrests hacker who stole 286K ID scans from govt database. Mozilla Firefox to roll out DNS over HTTPS for Canadian users Windows 11 includes the DNS-over-HTTPS privacy feature – How to use
-
News & Notes: July 29, 2021
U.S. President Joe Biden: Severe cyberattacks could escalate to ‘real shooting war’ with a major global power: “You know, we’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” Biden said during a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence. “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great…
-
News & Notes: July 28, 2021
Twitter will soon let you log in with your Google account. “Twitter has started testing a new feature that allows users to sign up for an account using their existing Google account.” via Bleeping Computer eScan’s Mobile Security Application Capable of Detecting and Blocking Pegasus Spyware. The Global Spyware Market Index Report from Top10VPN.com revealed some startling statistics: 74 countries have bought and/or used invasive spyware technology since 2015. Spyware firms: 86% are based in countries considered full or flawed democracies by the EIU. Suspected customers: 55% are authoritarian or hybrid regimes, with only 7% considered full democracies. FinFisher has the most reported state customers (34), followed by Circles (25),…
-
News & Notes: July 27, 2021
Apple Issues Patches for CVE-2021-30807 Just about a week after Apple issued a series of patches for macOS, iOS & iPadOS devices, yet another series of patches has been released this week. Yea Ching, ISC Handler (Twitter: @poppopretn) posted a diary alerting us to this new bug discovered by an anonymous researcher. The issue revolves around the IOMobileFrameBuffer. ”This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges. This issue may have bee actively exploited.” For macOS Big Sur 11.5.1: IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is…
-
News & Notes: July 26th, 2021
Wireshark 3.4.7 released. ’PetitePotam’ ADCS Domain Admin Vulnerability This one come from Bojan Zdrnja (@bojanz) and a great diary he posted to ISC about the entire issue. Bojan’s piece is a must-read to wrap your head around everything going on. At the core is NTLM (New Technology LAN Manager) relay, in which an attacker has a “machine-in-the-middle” position and is able to intercept credentials being sent. This gets into Microsoft’s encrypted file system remote protocol, and no further authentication is required, making matters worse. Summed up, Don’t use NTLM for authentication! Particularly, on Active Directory Certificate Services, make sure that IIS is not allowing authentication via NTLM. Mitigation documentation from…
-
News & Notes: July 23, 2021
Cyberattacks on critical infrastructure are dangerous, increasing. And they could soon turn deadly. This is a topic that has been talked about more frequently on various internet channels of when cyberattacks will cross into the physical realm and have deadly consequences. At what point does cyber warfare trigger actual, real-life, kinetic warfare? via ZDNet Over 80 U.S. Municipalities Suffer Data Breach via Misconfigured Amazon S3 buckets “WizCaze uncovered a data breach that affected the residents of over 100 U.S. cities that used a product from PeopleGIS. Over 1000 GB of data and over 1.6 million files were held in 80 misconfigured Amazon S3 buckets. WizCase’s investigation revealed multiple reasons due…
-
News & Notes: July 22, 2021
Microsoft ACL Privilege Vulnerability dubbed “#SummerOfSAM”, this is a permissions-related fiasco for SAM & SYSTEM hives. Dubbed the “Summer of SAM” there is CVE 2021-#36934 issued for incorrect permissions on Windows 10/11 hives. Bojan Zdrnja (@bojanz) posted to the ISC (Internet Storm Center) first alerting the public here. The issue revolves around SAM and SYSTEM hives. SAM is Security Accounts Manager. SYSTEM User Account is like ‘root’ in Linux, as this account has more privileges than even the admin. SYSTEM users: see & do things the admin can’t. it can stop processes the admin can’t. has a higher integrity level that the admin. can bypass most policies. As Microsoft published…
-
News & Notes: July 19th, 2021
A U.S. led coalition including the U.K. and other coutries and organizations including NATO are formally accusing China for cyberattacks worldwide, including the massive Microsoft Exchange email hack. via Financial Times, Bloomberg, CNN, CNBC. NSO Group, an Israeli tech organization, is being accussed of selling spyware used to snoop the devices of executives, journalists, activists and dissidents. NSO Group has a proprietary software technology called Pegasus, intended for tracking terrorists, that reportedly, “allows authorities to listen into conversations using hacked mobile phones microphones, as well as track other data”. via Economist Also, a compelling read from 2019 highlighting NSO Group is here via The Economist, as well. And, still another…
-
News & Notes: July 9th, 2021
(News & Notes may be updated throughout the day…check back for more!) China’s cyber watchdog, the Cyberspace Administration, an agency set-up during Chinese President Xi JinPing’s first term is taking, “a lead role in Beijing’s push to strengthen interagency oversight of companies listed overseas, especially those traded in the U.S., and to tighten rules for future foreign listings”. via WSJ Update…China Orders Stores to Remove More Apps Operated by Didi GLobal’s China Arm via WSJ ”Stellantis said it plans to spend more than $35.5 billion through 2025 to release an array of new electrified vehicles.” Not mentioned is how much they plan on spending towards the cybersecurity of said vehicles.…
-
News & Notes: Kaseya Suffers Massive REvil Ransomware Attack Over Weekend
Over the holiday July 4th weekend some big news hit. There was a massive REvil ransomare attack on Kaseya, an American software company. Reported to us by SANS Daily StormCenter Podcast, news is still developing here, here, and here about the extent of the damage, which is not fully known but expected to be significant. Kaseya provides IT management software to MSPs (Managed Service Providers) and IT teams to improve efficiency and security, and allowing small to medium-sized businesses to manage their IT assets, service desk and more. Biblio: SANS Storm Center Podcast
