Skip to main content

2023.03.01.News You Should Know

Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support.

Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection. Regardless, researches have identified threat actor infrastructure to develop indicators of compromise.

Focusing on short-term quarterly returns instead of strategic technology upgrades and improvements seems to have set Southwest up for continued failures. After the holidays saw thousands of flights cancelled by the carrier, 15% of flights are still delayed or cancelled and thousands of bags are still lost, missing, or stolen at airports nationwide.

As unknown threat actors target the power grids within the United States, Russia-aligned threat actor Trident Ursa aka Gamaredon has attempted to disrupt petroleum refining within NATO territories. Though unsuccessful, businesses operating within the EU and former Soviet Bloc nations, should expect these types of critical infrastructure attacks to increase.

In a first of its kind report, a woman was arrested in Paris, France while under the influence of narcotics. Inspection of her vehicle revealed a digital device encased in a Pelican case with multiple antenna. Fearing an explosive, Paris police detonated what would later be identified as an IMSI Catcher, known to western audiences as the Harris Stingray. Devices are able to passively intercept cellular traffic or actively operate a man-in-the-middle attack to capture and relay traffic within an area. Unfortunately, due to the quick work of Paris’ finest, we won’t know exactly what the device was being used for unless the woman comes clean.

Lockbit ransomware group recieved a lot of positive publicity over the holidays after an affiliate of the group attacked a children’s pediatric hospital in Canada. This violated Lockbit’s affiliate agreements, causing them to publically denounce the affiliate and release a decryptor to the hospital. What followed was saccharine headlines reading “Lockbit group has heart”.

From the Reading List:

Atlantic Council’s 2012 article, Beyond Attribution remains relevant when discussing state-sponsored attacks. The paper outlines 10 states of attribution ranging from State Prohibited to State Integrated. This Spectrum of State Responsibility is essential to attribution discussions in light of world events. PDF available here

Worth Watching:

The HackerSploit Youtube channel provided a half-hour introduction to ChatGPT for Cybersecurity. The OpenAI chatbot has rocketed to the forefront of conversation as its shown a capable ability to distill information around complex but well documented systems and issues. In the video, users learn how to generate shellcode, create macros, and perform fuzzing; among other offensive techniques.

Popular posts from this blog

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.

Malicious OneNote

Anatomy of a Malicious Email Attachment With Microsoft’s recent changes to macros within the Office and M365 suite, Threat Actors have changed their TTPs to utilize the OneNote (.one) file type for Malicious Code Delivery TL;DR (.one) files are a binary blob capable of embedding any file type. Threat actors are utilizing the prolific nature of OneNote to execute malicious code on endpoints. Block (.one) files from incoming email and dissociate commonly abused file extensions. The Problem Microsoft recently modified the way legacy Office applications and M365 applications handle macros within documents. With the restrictions on macros tightening, threat actors have been forced to find new techniques to deliver malicious code to the endpoint. The Attackers Solution Microsoft’s OneNote application has two great benefits to an attacker. It’s present anywhere M365 is being used and the application saves files in binary blobs with no limit on file contents. By targeting the OneNote ap

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open infosec.exchange , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza