SolarWinds supply chain attack updates
The US government and high profile companies struggle to assess and control the damage from the SolarWinds attack which has compromised a range of agencies including the NNSA – the US Nuclear Agency. Items of note: FireEye, is a cybersecurity company that was compromised in the attack, but it was an automated “unauthorized log in” security alert, sent to a FireEye employee that raised the alarms. Some officials state that had this not been noticed, the attack might still be going undetected. Cisco is one of the high profile companies whose internal machines were targeted, although the company has said its security team moved quickly to address the issue and that the “affected software” has been “mitigated.” President-Elect Joe Biden is considering punishing Russia, for their suspected role in this attack. We at Cyber Security Headlines will continue to follow and report upon the many threads of this still breaking story.
Trump officials plan to split up Cyber Command and NSA
An end to the “dual hat” arrangement has been debated for years, and this is the latest push to dramatically reshape defense policy advanced by a key political officials who were installed in acting roles in the Pentagon after this year’s election. The post of NSA director and CYBERCOM commander are held by one person — currently, Gen. Paul Nakasone — in a “dual-hat” arrangement. The Trump administration’s proposal, if approved, “would mark a significant shift in policy, and without the proper analysis and certification would run contrary to law,” a House Democratic aide said Saturday, calling the potential change “severe.”
Google explains the cause of its recent outage
A bug in the automated quota management system of Google’s User ID Service prevented users from logging into their accounts and authenticate to all Cloud services last week. The outage impacted Gmail, YouTube, Google Drive, Google Maps, Google Calendar, and several other Google services for almost an hour on Monday, December 14th. The User ID Service stores unique identifiers for all Google accounts and it manages authentication credentials for both OAuth tokens and cookies. Google is in the midst of migrating to a new quota management system and this accidentally allowed the bug to impact daily activities.
Emulators behind massive online bank fraud
The operation employed emulators, devices that are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices, to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had already been compromised. To bypass existing protections, the crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. In some cases, they pretended they were customers who were accessing their accounts from new phones. The attackers were also able to bypass multi-factor authentication by accessing SMS messages.
Thanks to our episode sponsor, ReversingLabs
Computer memory can be made to speak in WiFi
A new theoretical exploit called Air-Fi can turn a secure, air-gapped computer into a WiFi transmitter that can help a hacker exfiltrate secure data. Although an air-gapped computer is completely disconnected from any network, including having every possible network feature removed – including WiFi and Bluetooth – hackers can theoretically use DDR SDRAM buses “to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands and encode binary data on top of it,” according to the researcher Mordechai Guri of the Ben-Gurion University of the Negev, Israel.
FBI and Interpol disrupt carding marketplace Joker’s Stash – for now
The seizure of top level domains belonging to the internet’s largest marketplace for buying and selling stolen cards has put a temporary slowdown on the group’s activity. The seizure of the domain will likely not do much to disrupt Joker’s Stash, especially since they maintain several versions of the site and its Tor-based links are still working normally, researchers said. Joker’s Stash has been operating since October 2014, and often posts packs of stolen payment card details that can be used for both CP (card present) and CNP (card not present) fraudulent transactions.
Spyware found in fake Cyberpunk 2077 Android download
Threat actors are impersonating the Google Play store in order to get users to download a ransomware-laden version of the new open-world game. The listing for the game, which is named Cyberpunk 2077 Mobile (Beta), even had reviews from users so as to appear legitimate. But researchers at Kaspersky suggest that even when users are faced with a $500 ransom demand, the CoderWare ransomware uses a hardcoded key that means it may be possible to decrypt without paying the ransom.
US Air Force successfully runs AI system on spy plane
The autonomous AI system was run on one of its Lockheed U-2 reconnaissance aircraft. The AI technology dubbed ARTUµ controlled only the plane’s radar sensors and tactical navigation systems and had no access to weapons or flight control systems. The AI had been trained on computer simulation to scan for incoming missiles and the launchers that fire them, and is intended to assist, rather than replace the human pilot.