Cyber Security Headlines: Leaked Intel keys, trading security for fps, new phishing-as-a-service tool

The long term impact of leaked Intel Boot Guard keys

Earlier this year, a ransomware attack against the PC OEM MSI by the organization Money Message claimed to steal about 1.5 terabytes of data. According to analysis of recently leaked data by the group by the supply chain analysts at Binarly, this includes Intel Boot Guard Private keys on 116 MSI products, as well as image-signing keys for 57 products. The leaked keys could allow an attacker to install malware in UEFI firmware, they keys would make it appear as legitimate software. If these keys are out there, they could represent a hard to detect attack vector for years to come. Intel says OEMs generate their own Boot Guard keys, meaning this should only impact MSI hardware specifically. 

(Dark Reading)

AtlasOS shrugs at Windows security features

The AtlasOS project claims to provide a streamlined version of Windows better optimized for PC gamers. Essentially the OS seeks to do this by disabling what it considers unnecessary Windows services and features that eat into computing resources better used for higher frame rates. Developers speaking to Motherboard said as much, saying AtlasOS leans “towards performance and usability compared to security.” This includes disabling Windows Defender and Virtualization Based Security.  AtlasOS developers say users can still choose to enable these features any time and plans to add further customization for users that still want to enable security features by default. 


Cisco warns of new phishing-as-a-service tool

A new report from Cisco’s Talos group outlines details of this new service, called “Greatness.” It first spotted it in the wild back in mid-2022, with VirusTotal samples showing spikes in December and March. Its operator generally uses it against corporate entities for financial gain, spoofing Microsoft 365 login pages to gain credentials for further network access. Greatness provides its clients with a full phishing kit, including attachment and link builders, prebuild login pages, bots for chat apps, and MFA circumvention. US businesses accounted for roughly half of Greatness victims. Attackers mainly targeted manufacturing, healthcare, and technology sectors with attacks.

(The Record)

Apple loses copyright appeal against iOS 

Apple filed a copyright infringement lawsuit against the company Corellium in 2019. Corellium makes a product that provides  a virtual iPhone, marketed as a security and mobile testbed tool. In its filings, Apple alleged the tool would primarily be used for jailbreaking. In December 2020, a judge dismissed the lawsuit, but Apple appealed the following August. Now the US Court of Appeals for the Eleventh Circuit sided with Corellium on copyright grounds, saying it fell under fair use doctrine. It argued that its virtualization software constituted it as transformative. The court did instruct a lower court to reconsider claims related to contributory infringement, as well as use of Apple’s copyrighted icons and wallpapers. 

(Security Week)

And now a word from our sponsor, TrendMicro

Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. 

Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. 

Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to

National Gallery of Canada hit with ransomware

The country’s national art museum first discovered a ransomware attack against its systems on April 23rd. Despite hiring a cybersecurity company for an investigation and working with the Canadian Centre for Cyber Security, over the last two weeks its IT system remained offline. It remains open to customers although many employees continue to work remotely. So far no sign of customer data loss or impact on payment systems, although the attackers exfiltrated some operational data. It’s unclear what group orchestrated the attack. However groups seem to increasingly target arts organizations. The Metropolitan Opera in New York experienced a cyberattack last December, while numerous arts organizations felt the impact of a July 2022 attack against the digital marketing firm WordFly. 

(The Record)

Ransomware tactics evolve

As ransomware becomes a common occurrence in cybersecurity, the response is fairly standardized. Recent figures from Tenable show this having an impact on payouts. 2022 saw ransomware payouts falling 38% on the year. However a piece from CSO Online aggregated the ways that threat actors continue to professionalize their operations as a result. 

These organizations increasingly set hard KPIs and targets to achieve against victims, operating on standard business models. Double extortion schemes became a norm for ransomware as a way to increase leverage. Now these groups have turned to so-called triple extortion methods, which adds on a DDoS attack on top of encrypting and exfiltrating data. This adds a further disruption to business operations to ensure payment. Another tactic includes operators reaching out directly to a victim’s customers or stakeholders. 

(CSO Online)

Questionable WhatsApp mic behavior 

Earlier this month, the Indian tech site PiunikaWeb reported WhatsApp users on Android saw microphone permissions triggered on devices even when the app wasn’t being used. This did not appear model specific, appearing on both Pixel and Samsung phones. Twitter engineer Foad Dabiri raised more alarm bells on the issues, subsequently showing similar findings from the Android Privacy Dashboard. WhatsApp’s Twitter account said it contacted Dabiri. The company said it believes the issue is with Android’s Privacy Dashboard “misattributing information.” WhatsApp said it asked Google to investigate.


Celebrities pay ransoms just like us! 

On a talk show, Smashing Pumpkins frontman Billy Corgan disclosed that an unauthorized third-party gained access to multiple songs off the group’s upcoming Atum release. The threat actor threatened to leak the songs six-months ahead of the album’s planned release, Corgan agreed to pay an unknown ransom to prevent the leak. The FBI investigated the case, which Corgan claims involved content from other artists.

In lighter news of cybersecurity meeting the music world, reverse engineer Nicholas Starke informed Bleeping Computer he discovered the controller firmware for Kingston NVMe SSds contain strings with the lyrics to Coldplay’s 2002 hit “The Scientist.” No word from Kingston as to why, but we can suspect bored developers.  

(Security Affairs, Bleeping Computers)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.