Reviews
User Scrore
Rate This
Descriptions:
===== OUR SPONSOR ===================
https://KiKrr.co
Real-Time Hands-On Self-Service POV’s of Cybersecurity products
#KiKrr
======================================
Hosts:
Kim Crawley, https://www.linkedin.com/in/kimcrawley/ … CROWGIRL … “Mistress of the Dark Web”
Craig Ellrod, https://www.linkedin.com/in/craigellrod/
#DARKweb
#DEEPweb
#HACKERculture
#HACKERverse
#DEFcon
#HACKINGvillage
#KiKrr
#BEARDSofcolor
HACKERverse TOP 20 News for Jan 2023 – brought to you by KiKrr – Self Service POV’s for Cybersecurity
2023 – Jan:
1. Rhadamanthys Malware (SOC Prime)
Rhadamanthys Malware Analysis
The new Rhadamanthys info-stealer, which came on the scene in late 2022, hijacks Google ads to gain initial access to the compromised system. Distributed through malware-as-a-service (MaaS).
Threat actors leverage the new strain to steal user passwords and dump sensitive data from compromised hosts. Its also used to target popular cryptocurrency entities and wallets to steal the credentials.
It starts it’s attack with a PDF file that lures victims into downloading the malicious payload. If you open it,
it shows a notification with a download link masquerading as an Adobe Acrobat DC software update. By clicking the fake update URL, the threat launches an executable file that executes the stealer and enables adversasries to access sensitive data from the compromised host.
2. CVE-2022-42475: Critical Heap-Buffer Overflow Vulnerability Resulting in Unauthenticated Remote Code Execution (SOC Prime)
https://socprime.com/rs/rule/da9633e2-dc38-4908-94f6-919b63969e0c
Detect CVE-2022-42475: Critical Heap-Buffer Overflow Vulnerability Resulting in Unauthenticated Remote Code Execution
There is a zero day vulnerability in FortiOS being used to attack government agencies and large organizations.
It is an RCE – a remote code execution exploit. The vuln is related to a heap buffer overflow in sslvpnd.
3. SOC Prime
Dridex Malware Detection: Proactively Defend With SOC Content
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
Raspberry Robin is a malware loader worm that infects hosts via a Trojanized USB device. It operates as a backdoor and has advanced obfuscation techniques built-in to avoid being detected by anti-malware tools.
It was first discovered in May 2022. Microsoft reported it being used in July 2022 by the Russian based EVIL-CORP, and says it is similar to the Dridex malware also tied to EVIL-CORP. A similar report by Security Joes says the malware enables attacker to move laterally and exploit the cloud infrastructures of popular web services such as Discord, Azure and GitHub.
Know anyone using those?
4. OPWNAI (Checkpoint Research)
Checkpoint researchers have detected multiple underground discussions about how to abuse ChatGPT malicioiusly. Some samples include a Python based file searcher, locates sensitive files, copys them to a folder, zips them and uploads them to an FTP server … over clear text.
Aother sample is a piece of Java code that downloads PUTTY and an SSH client and runs them covertly using PowerShell. At that point it can download any type of Malware you can plug into it.
Another example showed how ChatGPT could be used to generate code to quickly stand up a Dark Web marketplace.
Another example showed how to create art and post it for sale on ETSY.com,]. Know anyone that buys art on ETSY.com?
ChatGPT is popular right now, because it offers advanced help for artists, writers and coders. However, it is also dangerous because it enables low-skilled threat actors, such as myself, to create some creatively new malware.
5. Attackers are updating their code languages (Binary Defense)
https://www.binarydefense.com/digging-through-rust-to-find-gold-extracting-secrets-from-rust-malware/
Apparently attackers on the Dark Web are migrating their code from older languages such as C/C++ to more modern languages such as Golang, Rust and Nim. Giving them compile abilities for both Linux and Windows. Some examples of Rust coded malware include “BlackCat Ransomeware” and a stealer called “Luca Stealer”.
6. Black Fog – Has issued their State of Ransomeware Report for 2022
https://www.blackfog.com/the-state-of-ransomware-in-2022/
* 87% of all ransomware attacks use PowerShell
* 89% of attacks are used to exfilatrate data
* The average Dollars spent on Ransomware attacks in the US was $258,143.
Wanna see all the places that got nailed, go to blackfog.com.
7. Microsofts new VALL-E text-to-speech AI can simulate anyone’s voice in 3 seconds. (Arstechnica)
https://arstechnica.com/information-technology/2023/01/microsofts-new-ai-can-simulate-anyones-voice-with-3-seconds-of-audio/
There are a couple of codecs out there already, Meta announced one called EnCodec in Oct 2022. Theres another audio library called LibriLight that has 60,000 hourse of english language speech from 7000 speakers.
VALL-E uses that for training data. So if you don’t wnat their tool to nab your voice, I guess you will need to start talking like a star wars character.
So much for the speech recognition as a password software. Know anybody doing that?
8. Russian Hackers tried to hack into an America Nuclear Research Lab (VICE and Reuters)
https://www.vice.com/en/article/jgpz88/russian-hackers-tried-to-break-into-the-uss-top-nuclear-labs-report
Hackers tied to a Russian bodybuilder and IT worker attempted to hack American nuclear research labs last year, according to a report from Reuters. The hacking group Cold River used phishing techniques in an attempt to access the Brookhaven, Argonne, and Lawrence Livermore National Laboratories.
According to Reuters, Cold River ran its scheme during the summer months of 2022. The group created fake login pages for the labs and emailed scientists in an attempt to trick them into logging in. It’s unclear if the hacks were successful or what, exactly, Cold River was trying to access at the labs.
9. Stuxnet is back (Wired and Siemens)
https://www.wired.com/story/siemens-s7-1500-logic-controller-flaw/
https://cert-portal.siemens.com/productcert/html/ssa-482757.html
Siemens announced on Jan 10, their S7-1500 CPU product family of PLC’s – Programmable Logic Controllers – do not contain an immutable Root of Trust in the hardware, meaning any code loaded onto one of these PLCs cannot be deteremined to be valid or not. An attacker could easily takeover these PLCs and launch an attack …
Similar to what happened in 2009 when a computer work called stuxnet brought down hundreds of uranium encrichment certrifuges in Iran.
Do you know anyone who is using a Siemens S7-1500 PLC?
10. WhatsApp was fined 5.5 MM Euros by the Irish Data Protection Commission (DPC) (Bleeping Computer)
https://www.bleepingcomputer.com/news/security/whatsapp-fined-55-million-by-irish-dpc-for-gdpr-violation/
For violating GDPR.
Who cares?
11. But this one is cool, FanDuel was breached through MailChip (Bleeping Computer)
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
https://www.bleepingcomputer.com/news/security/mailchimp-discloses-new-breach-after-employees-got-hacked/
FanDuel is a sports book betting site. In January, 2023, this month – was hacked, because MailChimp was hacked through a social engineering attack on MailChimp employees.
If this sounds familiar to the WooCommerce attack that happened through Mail Chimp, it is. Its basically the same attack, but used against FanDuel.
Bummer. Sucks to be an email marketing company called MailChimp right now.
12. Heres one on Industrial Espionage and Stenography (BBC and Schnier)
https://www.bbc.com/news/world-asia-china-64206950
Zheng Xiaoqing – is a US Citizen, but was hiding stolen secrets from General Electric Power, using stenography into the pictures of sunsets, then emailing the files to himself.
The stolen information was related to the design and manufacture of gas and steam turbine engines. Zheng sent the info to an accomplice in China.
He only got two years in prison.
The FBI has warned Western companies that China is on a mission to ransack the intellectual property of Western companies.
China wants what we have and are trying to steal it..
13. Cisco released a security advisory for it’s Cisco Unified Communications Manager (CISA)
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/20/cisco-releases-security-advisory-unified-cm-and-unified-cm-sme
And nobody cares about Cisco anyway…
14. Firefox Mozilla release a security update (CISA)
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/18/mozilla-releases-security-updates-firefox
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
An attacker could take control of your system. There’s a bunch of new CVE’s around this.
15. Microsoft’s first Patch Tuesday of 2023 fixes 98 security vulnerabilities (ComputerWorld)
https://www.computerworld.com/article/3685534/patch-now-to-address-critical-windows-zero-day-flaw.html#tk.rss_security
There’s a zero-day in there. CVE-2023-21674 that requires immediate attention.
16. T-Mobile was breached again. (Dark Reading)
https://www.darkreading.com/attacks-breaches/t-mobile-breached-again-exposing-37m-customers-data
In November of 2022 and it was a big one. 37 MM prepaid and postpaid subscribers – all because of one unprotected API. Attackers got off with personal data.
It’s T-Mobiles second breach in two years, and there have been more than a half dozen in the past five years.
17. Zendesk was hacked, and then Coinigy was hacked (Dark reading)
https://www.darkreading.com/application-security/compromised-zendesk-employee-credentials-breach
An SMS attack on zendesk employees was carried out in Oct 2022, but wasn’t announced until coinigy, a zendesk customer, was hacked and Coinigy outed the information. Not many details after that, probably because it only exposed ‘log files’ using unstructured data.
Still a little phishy…
18. A ransomeware attack has been targeting Yum! Brands – who owns KFC, Pizza Hut, Taco Bell and the Habit Burger. 300 sites were closed in the United Kingdom.
https://www.exploitone.com/virus/ransomware-shuts-down-hundreds-of-kfc-pizza-hut-taco-bell-restaurants/
The good news, is they at least had a disaster recovery plan with detailed response procedures – which they enacted. Only 300 sites were shut down and reopened in less than a day.
19. On Jan 12th a ransomeware attack on ShipManager software compromised 1000 ships on the high seas (Exploitone)
https://www.exploitone.com/data-breach/ransomware-attack-disrupts-operations-of-1000-ships-in-high-seas/
DNV the maker of the software is working to restore online access and identify the attacker.
20. You’ve heard about the LastPass hack. Well, now Norton Password Manager and Norton Life Lock have been hacked (Exploitone)
https://www.exploitone.com/data-breach/nortonlifelock-password-manager-accounts-hacked-customer-data-leaked-on-darkweb/
More than likely, if you use this software, your creds are on the Dark Web now.
21. Experian credit reports were easily accessible by anyone (Krebs)
https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.
This is a really old URL directory traversal technique. Shame on you Experian…
22. The world economic forums says 2023 is going to have a Cybersecurity meltdown
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/surprising-cyber-focus-at-the-world-economic-forum
From the meeting in Davos, Switzerland, leaders said “there’s a gathering cyber storm, and it’s hard to anticipate how bad it will be”. Citing Geopolitical instability, advancement of Cyber threats themselves.
Hows that for a bright outlook for 2023?
23. And last from the SEC – Securities and Exchange Commission (IT Brew)
https://www.itbrew.com/stories/2023/01/20/forthcoming-sec-rules-will-trigger-tectonic-shift-in-how-corporate-boards-treat-cybersecurity
And probably because of the Uber CISO trial last year. The SEC wants public companies to openly report cyberattacks AND point to who on the Board is responsible. Their proposal will likely be approved in April 2023.
A disclosure must happen within 4 days.
Boards must identify who on the Board is responsbile for Cybersecurity, along with their expertise.
I’m available for hire as a Board member for Cybersecurity. Just putting that out there. Bring your checkbook.
The SEC has been warning about this for years, and is finally doing something about it…
