Top News

• Security researchers discover 22 issues in Google One VPN

"After conducting a security assessment of the Google One VPN service, NCC Group listed 22 issues, with the majority of them present on Windows and iOS applications.
VPN by Google One is currently available to Google One members on Premium plans (2 TB and higher) in more than 20 countries.
An information assurance firm, NCC Group, conducted a security assessment of Google One virtual private network (VPN) during the summer. In a 52-page report, it said it had made 22 initial discoveries: three were medium-severity findings, ten were rated as low-severity, and nine described as informational observations."

Link

TLP¹ : Green

• Clop ransomware uses TrueBot malware for access to networks

"Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence.
The Silence group is known for its big heists against financial institutions, and has begun to shift from phishing as an initial compromise vector.
The threat actor is also using a new custom data exfiltration tool called Teleport. Analysis of Silence's attacks over the past months revealed that the gang delivered Clop ransomware typically deployed by TA505 hackers, which are associated with the FIN11 group."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Twitter might not encrypt messages after all, new safety chief says

"Online security experts are still eagerly waiting for Elon Musk to introduce end-to-end encryption on Twitter. But now the platform’s new safety chief says the expected feature might not be launched for quite some time, if ever – why?
Already back in April, Musk said that Twitter should have end-to-end encryption to reduce the risk of spying on users.
And soon after he acquired the platform in October, researchers spotted signs that encrypted messages might be introduced and that the Signal protocol, used by the eponymous app and WhatsApp, would be activated."

Link

TLP¹ : Green

• As Wiretap Claims Rattle Government, Greece Bans Spyware

"Lawmakers in Greece on Friday approved legislation banning commercial spyware and reforming rules for legally-sanctioned wiretaps following allegations that senior government officials and journalists had been targeted by shadowy surveillance software. The 156-142 vote in parliament followed two days of debate, during which opposition lawmakers accused the government of attempting to cover up the illegal surveillance. They demanded that the date of a general election — due before next summer — be brought forward. Under the new law, the use, sale or distribution of spyware in Greece will carry a penalty of a two-year minimum prison sentence. Additional safeguards were also planned for legal wiretaps as well as for hiring the director and deputy directors of the National Intelligence Service, or NIS. Critics, including human rights groups and an independent transparency authority, argue that the changes followed a poorly-planned consultation process and lack sufficient oversight. Opposition lawmakers all voted against the bill Friday."

Link

TLP¹ : Green

• Australia arrests 'Pig Butchering' suspects for stealing $100 million

"The Australian Federal Police (AFP) have arrested four suspected members of a financial investment scam syndicate estimated to have stolen $100 million from victims worldwide.
All four arrested individuals are Chinese nationals living in Sydney. The AFP began investigating them following tips from the United States Secret Service (USSS).
According to the police's announcement, the four men had links to a US-based scam that US law enforcement has investigated since August 2022.
"An analysis of victim reports by police has identified more than US$100 million in losses worldwide attributed to this organized crime syndicate, with the majority of victims being based in the United States," reads the announcement."

Link

TLP¹ : Green

• EU Court: Google Must Delete Inaccurate Search Info If Asked

"Google has to delete search results about people in Europe if they can prove that the information is clearly wrong, the European Union’s top court said Thursday.
The European Court of Justice ruled that search engines must “dereference information” if the person making the request can demonstrate that the material is “manifestly inaccurate.”
People in Europe have the right to ask Google and other search engines to delete links to outdated or embarrassing information about themselves, even if it is true, under a principle known as “right to be forgotten.”
Strict data protection rules in the 27-nation bloc give people the right to control what appears when their name is searched online, but the regulations frequently pit data privacy concerns against the public’s right to know.
Google said it welcomed the decision."

Link

TLP¹ : Green

• Royal Ransomware Threat Takes Aim at U.S. Healthcare System

"The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.
"While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center (HC3) said [PDF].
"The group does claim to steal data for double-extortion attacks, where they will also exfiltrate sensitive data."
Royal ransomware, per Fortinet FortiGuard Labs, is said to be active since at least the start of 2022. The malware is a 64-bit Windows executable written in C++ and is launched via the command line, indicating that it involves a human operator to trigger the infection after obtaining access to a targeted environment."

Link

TLP¹ : Green

• Cybersecurity boss pleads guilty to defrauding own company

"The former head of a data security company has pleaded guilty to using fake email accounts to defraud his own firm out of millions of dollars, a New York court heard.
Suni Munshani, 61, of Connecticut, entered the plea at a federal court regarding a scheme he masterminded over nearly a decade, and agreed to pay back $10 million in restitution after bilking his firm out of at least $6.5 million. The company was not named by the US Department of Justice (DoJ) but believed by Cybernews to be Protegrity."

Link

TLP¹ : Green

• Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

"Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.
The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress and YouTube as dead drop resolvers, Kaspersky said in a technical report published this week.
Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group.
Also tracked as DeathStalker, the threat actor is known to deploy backdoors like Janicab, Evilnum, Powersing, and PowerPepper to exfiltrate confidential corporate information."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto

"Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.
During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration.
While no team signed up to hack the Apple iPhone 13 and Google Pixel 6 smartphones, the contestants hacked a fully patched Samsung Galaxy S22 four times.
The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points."

Link

TLP¹ : Green

• Follow-up: Telstra Says Database Issue, Not Hacking Led to Privacy Breach

"Australian communications company Telstra Corp. said a “misalignment of databases” caused the details of some customers to be released publicly.
The names, phone numbers and addresses of some customers who had requested to be unlisted became available online and via directory assistance, the Melbourne-based company said in a blog post. About 130,000 customers were affected, the Age reported without saying where it got the information "

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022

"Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.
On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first two days.
The new SOHO Smashup category earned participants the highest amounts on the third day. In this category, a small office / home office (SOHO) scenario is simulated, with the goal being to hack a router on the WAN interface and then pivoting to the LAN, where a second device needs to be hacked, such as a smart speaker, NAS appliance, or printer."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• FREE WHITEPAPER – HOW TO IDENTIFY CYBERSECURITY SKILLS FOR YOUR TECHNICAL TEAM

"Are you looking for top security talent to keep your organization safe from security attacks?
OffSec’s Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation, has put together a comprehensive, detailed guide on how to identify cybersecurity skills in the job market.
Ensure your team is well-equipped to prevent, detect, and respond to cyber threats."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework

"In this session from SecurityWeek's 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation."

Link

TLP¹ : Green

• Follow-up: Rackspace warns of phishing risks following ransomware attack

"Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.
While the company is still investigating the incident and is working on bringing affected systems back online, it says that cybercriminals might also take advantage and exploit this incident for their own purposes.
"If you do receive a message from an individual you do not recognize, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said.
"We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact.""

Link

TLP¹ : Green

• Black Hat Europe 2022: Hacking tools showcased at annual security conference

"Tools to enable the work of security researchers, pen testers, and bug bounty hunters were demonstrated at this year’s Black Hat Europe conference, held at London’s Excel Centre this week.
The annual security conference saw hackers from across the world gather to share research and other insights.
One of the conference’s regular features is the arsenal track, where attendees can witness live demos of various hacking tools."

Link

TLP¹ : Green

• Microsoft Edge 109 is the last version to support Windows 7/8.1

"Microsoft Edge will drop support for Windows 7 and Windows 8/8.1 after the release of version 109 on January 12th, 2023.
The decision to no longer provide Windows 7 / 8.1 support for Edge users almost perfectly aligns with the end of support for Windows 7 Extended Security Update (ESU) and Windows 8/8.1 on January 10th, 2023.
"While Microsoft Edge and Webview2 Runtime versions 109 and earlier will continue to work on these operating systems, those versions will not receive new features, future security updates, or bug fixes," the company said.
"Microsoft Edge version 109 will also be the last supported version for Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.""

Link

TLP¹ : Green

• Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

"An Ongoing Attack Against Python and Javascript Developers
UPDATE: This actor is now active in NPM and has begun publishing packages there as well.
Overnight we saw a flurry of activity around typosquats of the popular Python requests package. In the malicious packages themselves the attacker has embedded the following(...)"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp