Satellite hacking at DEF CON
Earlier this week, a SpaceX rocket carried the Moonlighter satellite into space and will soon be in orbit. The Aerospace Corporation built Moonlighter in partnership with US SPace Systems Command and the Air Force Research Lab. It will serve as a “hacking sandbox in space,” with systems designed to support in-orbit cybersecurity exercises. At DEF CON this August, five teams will seek to remotely hijack Moonlighter as part of an excercise to better harden space systems. Given the redundancy built into satellites and other space systems, developers often don’t prioritize security hardening.
Atomic Wallet investigating losses
Over the weekend, the makers of Atomic Wallet announced it began investigating reports of compromised wallets. Now it says its working with third-party security firms and exchanges to block the use of stolen funds. Research by blockchain investigator ZachXBT estimates losses at over $35 million. The developers took down the projects download server, seemingly out of concerns about compromised software. This seems to be a precautionary action. Atomic Wallet is still actively asking victims to submit data on software updates and other details, indicating it still remains unsure of a root cause.
SEC sues Binance
The lawsuit from the US Securities and Exchange Commission alleges that the crypto exchange giant operated illegally in the US. The SEC accuses it and founder Changpeng Zhao of illegally soliciting investors, operating unregistered investment schemes, and defrauding investors. The agency also said the company’s BUSD and BNB tokens acted as securities that required registration. And on top of all those charges, the SEC says Binance failed to implement market manipulation controls after informing investors it would. Zhao tweeted out the company would issue a response once it reviewed the complaint.
Clop blamed for MOVEit attack
Microsoft’s Threat Intelligence team attributed the recent attack against the popular managed file transfer platform to the Clop ransomware organization. It found the zero-day used in the attack followed similar behavior observed with Clop in the past. The attacks used a vulnerability to deploy crafted webshells on servers, providing access to files and credentials. Bleeping Computer and various security researchers observed attacks in the wild with this exploit over Memorial Day weekend. No word on any ransom demands yet. Clop previously used vulnerabilities in the Accellion FTA and GoAnywhere MFT in the past.
And now a word from our sponsor, Trend Micro
Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour.
Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future.
Head to trendmicro.com/cisoseries
Google Workspace gets passkeys
Google added passkey support for Workspace admins, meaning they can now enable users to sign in to either a Workspace or Google Cloud account using a passkey, no password required. By default, Workspace accounts will still require a password. But even when not allowing passkeys as a sign-in, organizations can still enable them for 2FA. Back in December, Google added passkey support in Chrome, and last month it added passkey login support for standard accounts.
Justice for cyber war crimes
At the International Conference on Cyber Conflict, Estonia’s President Alar Karis called on the International Criminal Court to hold actors that committ war crimes in cyberspace accountable. He characterized this as needed for both ensuring justice and as a deterrence for violating international laws in cyberattacks. Karis argued that the war in Ukraine shows nations can’t think of cyberattacks as separate from a military campaign. He also noted DDoS attacks against Estonia increased 300% in 2022.
Researchers find Twitter missed CSAM
According to new findings from the Stanford Internet Observatory, over recent months, Twitter failed to prevent the posting of known child sexual abuse material on its platform. Over the last two months, researchers detected over 40 previously flagged CSAM images . CSAM databases already included hashes of these images. Stanford’s David Thiel characterized using these hashes as “one of the most basic things you can do to prevent CSAM online.” Researchers said Twitter informed them last week it had improved its detection systems, asking them to notify Twitter if it detected a spike again.
(WSJ)
High profile patches released
This week we saw vendors release important patches to resolve previousl vulnerabilities we presented on this show. The computer parts OEM Gigabyte released a firmware update to resolve security vulnerabilities recently disclosed in over 270 motherboard models. This now adds signature verification when downloading firmware updates, and ensures that the update process goes through encrypted HTTPS connections.
The password manager maker KeePass also released an update to patch a flaw that could allow a malicious actor to extract a cleartext master vault password from the app’s memory. The app now uses a Windows API to retrieve data from text boxes, which should resolve the creation of managed strings, which held the password data.