Home

Dark Reading

16 August 2022

• Clop Ransomware Gang Breaches Water Utility, Just Not the Right One
  South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.
• Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox
  Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.
• Name That Toon: Vicious Circle
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
• With Plunge in Value, Cryptocurrency Crimes Decline in 2022
  Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.
• Windows Vulnerability Could Crack DC Server Credentials Open
  The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.
• Lessons From the Cybersecurity Trenches
  Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.
• SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit
  Heads of CIA and CISA headline event at DC Convention Center.
• DEF CON 30: Hackers Come Home to Vibrant Community
  After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.
• Most Q2 Attacks Targeted Old Microsoft Vulnerabilities
  The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.
• Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management
  ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised.

Threatpost

• U.K. Water Supplier Hit with Clop Ransomware Attack
  The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
• Xiaomi Phone Bug Allowed Payment Forgery
  Mobile transactions could’ve been disabled, created and signed by attackers.
• Black Hat and DEF CON Roundup
  ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
• Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
  The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
• Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
  Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
• Starlink Successfully Hacked Using $25 Modchip
  Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
• New Hacker Forum Takes Pro-Ukraine Stance
  A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
• Cisco Confirms Network Breach Via Hacked Employee Google Account
  Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
• Inside the Hackers’ Toolkit – Podcast
  This edition of the Threatpost podcast is sponsored by Egress.
• Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
  August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.

The Hacker News

16 August 2022

• ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
  16 August 2022
  A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution
• New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
  16 August 2022
  Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider
• Unified Threat Management: The All-in-One Cybersecurity Solution
  15 August 2022
  UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a
• Microsoft Warns About Phishing Attacks by Russia-linked Hackers
  15 August 2022
  Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. "
• Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
  15 August 2022
  Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated 

Naked Security

• US offers reward “up to $10 million” for information about the Conti gang
  Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)
• Zoom for Mac patches critical bug – update now!
  There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...
• S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
  Latest episode - listen now! (Or read the transcript if you prefer.)
• APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…
  If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!
• Slack admits to leaking hashed passwords for five years
  "When those invitations went out... somehow, your password hash went out with them."
• Traffic Light Protocol for cybersecurity responders gets a revamp
  Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
• GitHub blighted by “researcher” who created thousands of malicious projects
  If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards.
• S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
  Latest episode - listen now! (Or read if that's what you prefer.)
• Post-quantum cryptography – new algorithm “gone in 60 minutes”
  And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
• Cryptocoin “token swapper” Nomad loses $200 million in coding blunder
  Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.