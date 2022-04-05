Security and Proprietary Traps
-
SolarWinds hackers set up phony media outlets to trick targets
The Russian hacking group behind the SolarWinds hack, Nobelium, is setting up new infrastructure to launch attacks using old tricks, researchers at Recorded Future found. The findings, published Tuesday and shared first with CyberScoop, demonstrate how the group has evolved in recent months in an effort to avoid researcher detection.
Researchers identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands. The tactic, in which hackers register potentially misspelled versions of real brand domains to trick targets, is known as “typosquatting.”
-
Identity Theft
Last year we danced in court with a Patent Troll and they eventually backed off. This year SparkFun is a victim of Identity Theft. Yes - a company can also get its identity stolen. Let me explain.
There is a website www.sparkfunn.com that was privately registered on January 8th and updated on January 10th, 2022. Notice the extra n in funn. Cute right? It reminds me of when I tell people my name is spelled with two n’s, not one. Close but that’s not my name or SparkFun’s.
With the domain sparkfunn.com officially registered, these scammers are sending emails using this domain with actual names of SparkFun employees to get other companies to ship them product. The email address is a digital sleight of hand to get in the door, but the actual PO attached to their email is pretty brazen.
-
TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches
Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm 2.0, the vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities expanding the reach of TLStorm to millions of additional enterprise-grade network infrastructure devices.
[...]
In March 2022, Armis first disclosed TLStorm, three critical vulnerabilities in APC Smart-UPS devices that allow an attacker to gain control of them from the internet with no user interaction, resulting in the UPS overloading and eventually destroying itself in a cloud of smoke.
-
Botnet that hid for 18 months boasted some of the coolest tradecraft ever [Ed: Microsoft Windows TCO]
“Once UNC3524 successfully obtained privileged credentials to the victim’s mail environment, they began making Exchange Web Services (EWS) API requests to either the on-premises Microsoft Exchange or Microsoft 365 Exchange Online environment,” the Mandiant researchers wrote. “In each of the UNC3524 victim environments, the threat actor would target a subset of mailboxes….”
-
New Sophisticated Malware
-
Security Researchers Find Nearly 400,000 Exposed Databases
As per Trend Micro’s recent international Cyber Risk Index (CRI) findings for the second quarter of 2021, 76% of those surveyed anticipate a breach within the next 12 months. While this represents a 10% decline, it still indicates critical security holes. Over one-third of organizations experienced seven or more impactful cyberattacks in the preceding 12 months, a 10% rise from the previous year.
-
OpenPGP keys and SHA-1
As you may know, Thunderbird offers email encryption and digital email signatures using the OpenPGP technology and uses Ribose’s RNP library that provides the underlying functionality.
To strengthen the security of the OpenPGP implementation, a recent update of the RNP library had included changes to refuse the use of several unsafe algorithms, such as MD5 and SHA-1. The Thunderbird team had delivered RNP version 0.16.0 as part of the Thunderbird 91.8.0 update.
Unfortunately, this change resulted in some users no longer being able to use their OpenPGP keys. We learned that the affected users still depend on keys that were created or modified with OpenPGP software that used SHA-1 for the signatures that are part of OpenPGP keys.
-
Musk says Twitter may see 'slight cost' for businesses and governments
Business and government users on Twitter may need to pay a "slight" fee to stay on the social media platform, Tesla boss Elon Musk has said.
It comes after the board of Twitter agreed to a $44bn (£34.5bn) takeover offer from Mr Musk.
However, Mr Musk said the site would always be free for "casual users".
-
We Cannot Rely on Billionaires to Create Necessary Guardrails on Social Media
“The most epic troll ever.” That’s how one Twitter employee described Elon Musk’s offer to buy the platform, and how it has largely been covered—as the latest entrepreneurial romp in the billionaire’s ever-growing cult of personality. A self-proclaimed “free speech absolutist” who sees Twitter as the “de facto public town square,” Musk did what any zillionaire with a savior complex would: purchase the town square, for $44 billion.
-
