InfoSec News 20230630
Top News
-
Proton launches open-source password manager with some limitations
"Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager.
Proton has been offering various privacy-focused products and services for some time, including the end-to-end encrypted Proton Mail email service, the Proton VPN service, and the Proton Drive cloud storage service.
Proton Pass is the latest addition to the company's data and privacy-protection product portfolio, giving users a secure, end-to-end encrypted vault to store their passwords and notes.
"We're happy to announce the global launch of Proton Pass, available now as a browser extension on most major browsers (Chrome, Firefox, Edge, Brave, and more) and iPhone/iPad and Android." reads the Proton Pass launch announcement."
TLP1 : Green
-
YouTube tests restricting ad blocker users to 3 video views
"YouTube is currently running what it describes as a "small experiment globally," warning users to toggle off their ad blockers and avoid being limited to only three video views.
As first spotted by a Reddit user on Wednesday, YouTube now displays a pop-up that notifies ad blocker users targeted by this test that "video player will be blocked after 3 videos."
"It looks like you may be using an ad blocker. Video playback will be blocked unless YouTube is allowlisted or the ad blocker is disabled," the message adds."
TLP1 : Green
-
The US Is Spying on the UN Secretary General
"The Washington Post is reporting that the US is spying on the UN Secretary General.
The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
"Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations.
This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were first reported by BBC Persian.
Some of the other improvements include streamlined steps to simplify the setup process as well as the introduction of shareable links to "share functioning/valid proxy addresses to their contacts for easy and automatic installation.""
TLP1 : Green
-
Rapid7: Japan Threat Landscape Takes on Global Significance
"Japan is the world’s third largest economy. It attracts both criminal and nation-state cyberattacks. The effects of these attacks can be felt on a global scale.
The primary cause of cyberattacks against Japanese computer systems are the strength and quality of its manufacturing base. The size of Japanese manufacturers makes them an attractive target for criminal extortion. The quality of Japanese products makes the manufacturers’ IP an attractive target for nation-state attackers seeking to improve their own knowledge and economy.
The nature and effect of the attacks turns attacks against Japan into global events – as explained in a Rapid7 report (PDF) titled Japan and Its Global Business Footprint."
TLP1 : Green
-
Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
"Nikita Kislitsin, formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.
Kislitsin is accused of hacking into the now-defunct social networking site Formspring in 2012, and conspiring with another Russian man convicted of stealing tens of millions of usernames and passwords from LinkedIn and Dropbox that same year."
TLP1 : Green
-
New MIT Framework Evaluates Side-Channel Attack Mitigations
"A group of researchers from the Massachusetts Institute of Technology (MIT) has devised a framework for evaluating the effectiveness of some side-channel mitigation schemes against data leaks.
Named Metior (PDF), the framework provides a view of how programs, attacker techniques, and obfuscation scheme configurations may impact the amount of data that can be leaked via side-channel attacks.
“Metior builds upon existing information theoretic approaches, allowing for the comprehensive side-channel leakage evaluation of active attackers, real victim applications, and state-of-the-art microarchitectural obfuscation schemes,” the researchers explain."
TLP1 : Green
-
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
"The pro-Russia crowdsourced DDoS (distributed denial of service) project, 'DDoSia,' has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations.
The project was launched by a pro-Russian hacktivist group known as "NoName057(16)" last summer, quickly reaching 400 active members and 13,000 users on its Telegram channel.
In a new report released today, Sekoia analysts say that the DDoSia platform has grown significantly over the year, reaching 10,000 active members contributing firepower to the project's DDoS attacks and 45,000 subscribers on its main Telegram channel (there are seven in total)."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
"The LockBit ransomware group claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC), but the chip giant says only one of its suppliers was breached.
The notorious cybercrime group announced on Thursday on its website that it targeted TSMC, suggesting — based on the $70 million ransom demand — that it has stolen vast amounts of sensitive information. The victim was initially given seven days to respond, but the deadline has been extended to August 6 at the time of writing."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
MITRE releases new list of top 25 most dangerous software bugs
"MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.
Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.
Weaknesses can endanger the security of the systems on which the software is installed and running. They can provide an entry point for malicious actors attempting to gain control over affected devices, access sensitive data, or trigger denial-of-service states.
"These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working," CISA warned today."
TLP1 : Green
-
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain
"A cybersecurity firm has disclosed the details of critical SAP vulnerabilities, including a wormable exploit chain, that can expose organizations to attacks.
The vulnerabilities were reported to the enterprise software giant by Fabian Hagg, researcher at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business. Hagg found the flaws as part of a research project that spanned three years, with patches being released by SAP in mid-2021 and January 2023. "
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Reminder: CFP for ICS Cybersecurity Conference Closes June 30th
"The official Call for Presentations (CFP) for SecurityWeek’s 2023 Industrial Control Systems (ICS) Cybersecurity Conference, being held October 23-26, 2023 at the InterContinental Atlanta is open through Friday, June 30, 2023.
As the original ICS/SCADA cyber security conference, the event is the largest and longest-running cyber security-focused event series for the industrial control systems sector. The conference caters to the energy, water, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations."
TLP1 : Green
-
DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
"The DOE can trace its origins to the World War II Manhattan (atomic bomb) Project under the US Army Corps of Engineers. As the DOE emerged, it retained its nuclear responsibilities. “We are responsible for managing and maintaining the US Government’s nuclear stockpile,” explained Dunkin, “and refreshing that because components of nuclear weapons become obsolete and must be replaced. We are responsible for nuclear non-proliferation and for working across the world to reduce the proliferation of nuclear material. And we build propulsion for nuclear submarines as a joint effort within the US Navy.”"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign
"An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network.
"This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday report.
Unlike cryptojacking, in which a compromised system's resources are used to illicitly mine cryptocurrency, proxyjacking offers the ability for threat actors to leverage the victim's unused bandwidth to covertly run different services as a P2P node."
TLP1 : Green
-
How Talos IR’s Purple Team can help you prepare for the worst-case scenario
"Purple Team exercises are included within the Cisco Talos Incident Response Retainer service and our experts can help your organization find security holes before the bad guys can.
As your trusted advisor, our purple team, which is a combination of both red and blue teams, emulates one joint attack scenario, executes the scenario, and records how your current incident response capabilities perform to evaluate your current gaps and inform future enhancements.
Can your organization’s current security incident response program withstand an emulated adversarial attack? Need to put your current TTPs detections to the test? Not sure where to start, what to test, or what gaps exist in your program? No fear, Talos IR can partner with you to provide Purple Team expertise and exercises, tailored for your organization to proactively test and enhance your prevention, detection and response capabilities."
TLP1 : Green
-
Microsoft rolls out early Windows Copilot preview to Insiders
"Microsoft announced today that an early preview of its AI-powered Windows Copilot personal assistant is rolling out to Insiders in the Windows 11 Dev Channel.
Windows Copilot was unveiled during this year's Build conference when the company said it would provide customers with "centralized AI assistance."
To open it, you have to click a taskbar button or use the WIN + C keyboard shortcut, which will make it appear on the right side of the screen, next to other windows on your desktop.
The Windows Copilot panel will remain pinned on the side of the screen while you use other apps, providing uninterrupted access whenever necessary."
TLP1 : Green
-
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon
"The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that's been put to use by the actor since 2021.
Evidence shows that the custom made, actively developed framework has been leveraged in the February 2023 attack on Technion, an Israeli research institute, cybersecurity firm Deep Instinct said in a report shared with The Hacker News.
What's more, additional links have been unearthed between the Python 3-based program and other attacks carried out by MuddyWater, including the ongoing exploitation of PaperCut servers."
TLP1 : Green
-
Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
"Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as Manic Menagerie.
The threat actor deployed coin miners on hijacked machines to abuse the compromised servers’ resources. They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites."
TLP1 : Green
-
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
"Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse.
The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.
Fluhorse was first documented by Check Point in early May 2023, detailing its attacks on users located in East Asia through rogue apps masquerading as ETC and VPBank Neo, which are popular in Taiwan and Vietnam. The initial intrusion vector for the malware is phishing."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.