Chinese security firm Xitan Laboratory has published a write-up on "five remote control backdoors" allegedly used by the NSA to breach the Xi'an Northwestern Polytechnical University in June of last year.
The five backdoors are NOPEN, FireJet, SecondDate, CunningHeretic, and StoicSurgeon
https://mp.weixin.qq.com/s/N_jJzk5ZqJEyU8COqBzzxQ
This research blew my mind... basically they're using image stabilization technology in modern phones to see how camera lenses adjust themselves to sound waves (spoken words) and then extracting that information from photos, reconstructing the sound.
🤯 🤯 🤯 🤯 🤯 🤯 🤯
Google has released a security update to patch another Chrome zero-day vulnerability. Tracked as CVE-2023-5217, the zero-day resides in libvpx, a codec for processing VP8, VP9, and AV1 video files in Chrome.
The company says it spotted the attacks this Monday and released a security update two days later, on Wednesday.
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Cisco has responded to the joint US-JP security advisory that Chinese APT BlackTech is replacing Cisco router firmware in attacks:
"The most prevalent initial access vector in these attacks involves stolen or weak administrative credentials. As outlined in the report, certain configuration changes, such as disabling logging and downloading firmware, require administrative credentials. There is no indication that any Cisco vulnerabilities were exploited."
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
A major UK logistics operator, KNP Logistics, has filed for administration and will fire roughly 730 employees after a ransomware attack impacted its operations and market position earlier this year in June
https://www.bbc.com/news/uk-england-northamptonshire-66927965
The HTX cryptocurrency exchange has lost $8 million worth of Ether after a hacker gained access and emptied one of its hot wallets
https://archive.ph/QLLbL
Google's Christian Blichmann has open-sourced BinDiff, a tool used to compare the structure of binary files. The tool has been free to use since 2016, but its source code was still private.
https://github.com/google/bindiff/releases/tag/v8
Some observed trends:
-targeting law enforcement agencies investigating Russian war crimes
-revisiting past victims to maintain access
-focus on immediate data exfil
-less malware op, more phishing ops
-constant attacks on the UA media to plant fake news and disinformation
-LOLBIN is king
-relentless targeting of email servers
@15e2bc2d Translation: We'll allow bot networks to manipulate Notes to help out our QAnon right-wing propaganda brethren from being mass-embarrassed on a daily basis.
There are definitely some web developers who need to be yeeted into the Sun.
How the hell are you freezing browser rendering with your shitty JS code in 2023!!!!!
Qihoo360:
"With the cooperation of industry partners from multiple countries, our work has made a major breakthrough and has now successfully identified the true identity of the US National Security Agency (NSA) staff member who launched the cyber attack on Northwestern Polytechnical University."
From the Retool incident (related to those Okta attacks from last month):
"The caller claimed to be one of the members of the IT team, and deepfaked our employee’s actual voice".... then reset MFA and took control of the Okta account.
Broadcom's Symantec division has discovered a new Rust-based ransomware strain named 3AM.
Symantec saw the ransomware used in one attack so far, where a known ransomware affiliate deployed it on a victim's network after Lockbit was detected and blocked.
The 3AM ransomware comes with a Tor-based support and payment portal but does not appear to operate a dark web leak site (yet).
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
Also:
-Chrome 117 is out
-Smaller fines in the UK if you report hacks to the NCSC
-CISA publishes OSS roadmap
-CyberCom completes 50 hunt forward missions
-Football Leaks hacker sentenced
-Storm-0324 saw running MSFT Teams phishing campaigns
-Malware reports on CatDDoS, Hook, MidgeDropper, OriginBotnet, RomCom, Cuba, Remcos, Prohqcker
-Ballistic Bobcat hacks 32 Israeli companies
-Redfly compromises Asian power grid
-Patch Tuesday is out
-WiKI-Eve attack
-FBI warns of CSAM sextortions
https://files.mastodon.social/media_attachments/files/111/057/232/777/303/000/original/5b1908262be60b23.png
BugProve researchers have identified 33 vulnerabilities in Zabio IP security cameras.
Seven of the reported vulnerabilities are pre-authentication remote code execution flaws that can be used to hijack affected security camera models.
The company has published details and proof-of-concept scripts for all issues after the vendor failed to respond for almost nine months.
https://bugprove.com/knowledge-hub/cve-2023-3959-cve-2023-4249-multiple-critical-vulnerabilities-in-zavio-ip-cameras/
An academic study of 4,600 malicious Python libraries found that 72% of packages persisted across PyPI mirror sites even after the libraries were removed from the main PyPI website.
https://about.honywen.com/publication/2023ase/
@974a6e71 I hate it.... of all the software patches the fintech industry and public needs to know, a privately sold seldomly exploited is not one of them
Plus:
-IronNet furloughs workers
-Vulns in ProtonMail, Firefox, Apache Superset, Jenkins, Cisco, K8s
-IRM hotel booking 0-day
-New shelLM honeypot system
-Chinese IOs improve dramatically
-North Korean hackers on Mastodon
-APT reports on ScarCruft, APT28
-APT attacks on Fortinet and Zoho systems
-Malware reports on DarkGate, Raspberry Robin, AtomicStealer, RegStealer, AgentTesla, crypto-miners in the cloud
-Pandora malware impacts Android TVs
-Rayobyte's role in DDoS attacks
https://files.mastodon.social/media_attachments/files/111/028/961/275/468/993/original/19d204910c37e399.png
And:
-Polish Senate investigation into Pegasus scandal
-China weaponized its vulnerability disclosure program
-Verizon fined for lying about cybersecurity
-Adobe Creative Cloud Sync EoL
-Emsisoft has a critical update after GlobalSign blunder
-SeeTickets reveals skimming incident
-LastPass hack thefts estimated at $35mil
-Seville, Spain's 4th largest city, hit by ransomware attack
-Android 14 is annoying researchers
-ICC to investigate cyber war crimes
-Internet censorship in RU is now at 850k
https://files.mastodon.social/media_attachments/files/111/028/976/387/627/756/original/7e30769d67316b5c.png
Plus:
-IronNet furloughs workers
-Vulns in ProtonMail, Firefox, Apache Superset, Jenkins, Cisco, K8s
-IRM hotel booking 0-day
-New shelLM honeypot system
-Chinese IOs improve dramatically
-North Korean hackers on Mastodon
-APT reports on ScarCruft, APT28
-APT attacks on Fortinet and Zoho systems
-Malware reports on DarkGate, Raspberry Robin, AtomicStealer, RegStealer, AgentTesla, crypto-miners in the cloud
-Pandora malware impacts Android TVs
-Rayobyte's role in DDoS attacks
https://files.mastodon.social/media_attachments/files/111/028/961/275/468/993/original/19d204910c37e399.png
Notes by Catalin Cimpanu | export