My Weekly Roundup #161
Cybersecurity
Samsung Has Been Hacked: What Data Has Been Stolen?
On September 2, Samsung published a security advisory confirming it had been hacked. The breach would appear to have been of Samsung systems in the U.S. and took place in ‘late July’ according to the advisory.
Metaverse Broadband Infrastructure Security
The term “metaverse” was originally coined by author Neal Stephenson for his 1992 cyberpunk novel Snow Crash to describe a virtual reality (VR) world.
Pros and cons of cybersecurity automation
This blog was written by an independent guest blogger. Cybersecurity threats are nothing new. Major corporations and small businesses alike are regularly faced with them. However, as technology continues to advance and change, so do those threats.
What is NOBELIUM’s new MagicWeb Tool?
NOBELIUM group has been spotted using a new malware that allows it to authenticate as anyone in a targeted network. The Russian threat group was observed targeting entities in the U.S., Europe, and Asia.
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click.
Tackling the Growing and Evolving Digital Attack Surface: 2022 Midyear Cybersecurity Report
According to our Trend Micro Smart Protection Network (SPN) platform, Emotet detections soared in the first six months of 2022 with 148,701 detections compared to the 13,811 detections in the first half of the previous year.
FBI warns about cyber criminals exploiting DeFi vulnerabilities
Vulnerabilities in decentralized finance (DeFi) platforms are being exploited by cybercriminals to steal cryptocurrency, the Federal Bureau of Investigation warned Monday. DeFi platforms generally rely on smart contracts, which are automated agreements that lack an intermediary, like a broker.
Chromium browsers can write to the system clipboard without your permission
If you are a user of Google Chrome or any other Chromium-based web browser, then websites may push anything they want to the operating system’s clipboard without your permission or any user interaction.
ModernLoader delivers multiple stealers, cryptominers and RATs
By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .
NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion techniques such as PrinterBug, PetitPotam, and DFSCoerce.
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Inside the IT Army of Ukraine, ‘A Hub for Digital Resistance’
Ukrainian cyber officials claim hundreds of thousands of people from around the world have volunteered to be part of a pick-up cyber force they call the IT Army of Ukraine.
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
On July 26, 2022, Group-IB intelligence analysts received a request from a client of our Threat Intelligence solution asking for additional information on a recent phishing attack that they had experienced.
Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories.
Technology
The x86-64 processor (aka amd64, x64): Whirlwind tour
I figure I’d tidy up the processor overview series by covering the last¹ processor on my list of “processors Windows has supported in its history,” namely, the x86-64.
NASA Delays the Launch of Its Giant Moon-bound Rocket
NASA has pushed back the launch of its Artemis 1 mission to the moon due to an issue with one of the engines of the giant SLS rocket.
Privacy
Over-the-Horizon Drones Line Up But Privacy Is Not In Sight
The Federal Aviation Administration (FAA) will soon rule on Beyond Visual Line of Sight (BVLOS) drones, which are capable of flying while its operator (pilot) is far away.