Skip to main content

2023.03.01.News You Should Know

Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support.

Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection. Regardless, researches have identified threat actor infrastructure to develop indicators of compromise.

Focusing on short-term quarterly returns instead of strategic technology upgrades and improvements seems to have set Southwest up for continued failures. After the holidays saw thousands of flights cancelled by the carrier, 15% of flights are still delayed or cancelled and thousands of bags are still lost, missing, or stolen at airports nationwide.

As unknown threat actors target the power grids within the United States, Russia-aligned threat actor Trident Ursa aka Gamaredon has attempted to disrupt petroleum refining within NATO territories. Though unsuccessful, businesses operating within the EU and former Soviet Bloc nations, should expect these types of critical infrastructure attacks to increase.

In a first of its kind report, a woman was arrested in Paris, France while under the influence of narcotics. Inspection of her vehicle revealed a digital device encased in a Pelican case with multiple antenna. Fearing an explosive, Paris police detonated what would later be identified as an IMSI Catcher, known to western audiences as the Harris Stingray. Devices are able to passively intercept cellular traffic or actively operate a man-in-the-middle attack to capture and relay traffic within an area. Unfortunately, due to the quick work of Paris’ finest, we won’t know exactly what the device was being used for unless the woman comes clean.

Lockbit ransomware group recieved a lot of positive publicity over the holidays after an affiliate of the group attacked a children’s pediatric hospital in Canada. This violated Lockbit’s affiliate agreements, causing them to publically denounce the affiliate and release a decryptor to the hospital. What followed was saccharine headlines reading “Lockbit group has heart”.

From the Reading List:

Atlantic Council’s 2012 article, Beyond Attribution remains relevant when discussing state-sponsored attacks. The paper outlines 10 states of attribution ranging from State Prohibited to State Integrated. This Spectrum of State Responsibility is essential to attribution discussions in light of world events. PDF available here

Worth Watching:

The HackerSploit Youtube channel provided a half-hour introduction to ChatGPT for Cybersecurity. The OpenAI chatbot has rocketed to the forefront of conversation as its shown a capable ability to distill information around complex but well documented systems and issues. In the video, users learn how to generate shellcode, create macros, and perform fuzzing; among other offensive techniques.

Popular posts from this blog

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.