In today’s cybersecurity news…
Kremlin complains of DDoS attack, digital experts not so sure
Disruptions that occurred on Wednesday for some Russian users of WhatsApp, Telegram, Skype, Discord, Twitch, Wikipedia, Steam and even PornHub, are being blamed by the Russian internet regulator Roskomnadzor on a DDoS incident targeting Russian telecom operators. Local digital experts disagree with this statement, arguing that it is impossible to organize a DDoS attack on all 2,000 Russian telecom operators simultaneously. Stanislav Shakirov, co-founder and technical director of the Russian digital rights organization Roskomsvoboda, suggested that the regulator “likely tried to block Telegram, which inadvertently impacted other services.”
FAA proposes new cybersecurity rules for airplanes
The rules focus on security of the airplanes themselves, especially the engines, which have increasingly become connected to internal and external data networks that could make them vulnerable to cyber threats. The proposal seeks to standardize what the FAA currently calls “special conditions,” which are temporary regulations issued on a case-by-case basis. The goal of the standardization is to help reduce the cost of certification. This change is being described as “long overdue” by cybersecurity expert Joseph Saunders.
Atlassian releases patches for Bamboo, Confluence, Crowd, and Jira
In its August 2024 security bulletin, the company highlights patches for the Bamboo Data Center and Server, the Bouncy Castle Java dependency, Confluence Data Center and Server and the Apache Tomcat dependency of Jira Data Center and Server and Jira Service Management Data Center. A link to the bulletin with all the details is available in the show notes to this episode.
(Security Week and Atlassian bulletin)
Windows Recall to reappear
Microsoft is deploying an updated version of its Recall feature, which had been initially announced this spring and immediately derided by industry analysts as keylogger or spyware. The idea behind Recall was to take snapshots of a user’s desktop every few seconds as tool for keeping track of things. It was removed from widespread Copilot+ PC release on June 13, but is now being deployed to testers in coming weeks. Microsoft has not fully clarified how the new version will differ but has said it will include “just in time” decryption and that Windows Insiders would need a Copilot+ PC.
Huge thanks to our sponsor, Nudge Security
Google fixes another high-severity Chrome flaw
The fix is the ninth for zero-days in Chrome since the start of the year, and this one has been confirmed as being under active exploitation in the wild. It is described as a type confusion bug in the V8 JavaScript and WebAssembly engine, which allows a remote attacker to exploit heap corruption via a crafted HTML page.” This according to a description of the bug in the NIST National Vulnerability Database. Users of Chrome as well as of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply the fixes as and when they become available. CVE-2024-7971
U.S. charges Karakurt gang’s “cold case” collector
An FBI investigation has determined that 33-year-old Deniss Zolotarjovs was a member of the Karakurt ransomware and extortion group. He is a Latvian national who lived in Moscow until being arrested in December 2023 and extradited to the U.S. earlier this month. Zolotarjovs’s role was to quote-unquote “negotiate so-called cold case extortions for the Karakurt operation, when communication after the attack had halted without a ransom being paid.” He was tracked down through cryptocurrency tracing, communication analysis, and data obtained from search warrants executed on Rocket.Chat, linking him to the extortion and money laundering activities.
Unified Teams app connects personal, work accounts
A new unified Teams application launched by Microsoft “allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps, and also helps users switch between accounts without signing out and signing in again and allows them to join meetings without logging into an account. Microsoft Teams will be available as a single application, enabling users to seamlessly switch between multiple cloud environments, tenants, and account types across personal and work,” the Windows Insider team said.
Two years later, Log4Shell still being exploited
This is according to researchers at Datadog Security Labs. “Cybercriminals are still finding targets for Log4Shell exploits that evade detection and plant malware scripts on unpatched corporate systems.” This is due to vulnerabilities that remain unpatched even though fixes have been made available. “Security experts have warned that eradicating the problem will be a long, laborious process because of software dependencies and so-called “transitive dependencies” that make patching very difficult.” Datadog for example has noted nation-state APT actors linked to China, Iran, North Korea and Turkey using obfuscated LDAP requests (that is an Active Directory protocol) to evade detection, leading to the execution of malicious scripts on compromised systems.