Friday12 August 2022

Sean Kalinich

Sean Kalinich

In early January 2021 North Korean hackers were in the midst of a campaign targeting western security researchers. They were looking to gather tools, vulnerability information and anything else of value they could get. The US, after learning about this attack did not have a significant response to the threat. Of course, the country was going through a bit of a political turmoil at the time, but there still should have been some sort of response to help prevent further attacks.

On February 23rd, 2017, Google published a paper on their security blog that showed how a SHA-1 collision was possible. It proved that the aging cryptographic and hashing standard was no longer a safe or secure method. Google showed that they could produce two different files yet have them show the same hash, thus causing a collision and getting around some of the file hashing systems in place at the time. The problem is that SHA-1 hashing is still in use today by many tools.

Universal Plug and Play UPnP) is one of those technology decisions that make you wonder what people were thinking. The concept is fairly clear, find a way to make things easy for someone to just connect a device to a network and have it function without interaction. Devices like the Xbox Series X|S require this for their remote play feature as the ports and IP addresses needed to function would be overly complicated for most users to set up. So, you enable UPnP on your router and just plug the Xbox in. Sound great, but as with anything that create convenience, it also brings about risk.

Facebook makes their money off their users. That is no shock to anyone considering the number of investigations currently ongoing over Facebook’s data collection practices. Of course, Facebook is not the only group collecting this type of information, they just tend to take it a bit farther than most of the other groups. Because of these invasive data collection practices many countries have tightened their laws around what can and cannot be used to develop and send out targeted ads. This has included a whole new category for “intimate” information. Even Apple has decided that this style of data collection might be out of bounds and have change their own privacy policies in iOS.

Microsoft has a history of making solid products that go nowhere. If you look at their history this is very clear from Windows Phone to Zune and more. They build it, fail to focus on penetrating the market and then scrap it despite the many talented people on the teams for each of these. Now history is repeating itself in the form of HoloLens.

Microsoft’s Threat Intelligence team has recently disclosed their discovery and analysis of a new malware family. The malware in question is being tracked as a Trojan named UpdateAgent. The team has been watching as it progressed from a simple information stealer for the macOS to much more sophisticated capabilities including being able to bypass the macOS Gatekeeper security function.

The SolarWinds supply chain attack was and still is one of the most complex and ingenious attacks that has come to light. How it was discovered is also an interesting topic for another conversation. The attack group in question is still being speculated on although one most people tend to gravitate towards is the Russian APT group COZY BEAR (APT29). The actual attack and compromise of the software repository at SolarWinds is the stuff of legend. Once that was completed it allowed the attackers access to a wide swath of business verticals along with government agencies from a single trusted source. They could, almost on a whim, compromise anyone that leveraged the SolarWinds product. Of course, supply chain attacks are nothing new and are not going anywhere. They are complicated to set up and maintain, but once in place they can yield amazing results.

Yesterday we talked about Microsoft’s plans to buy Activision Blizard as well as Sony’ plans to buy Bungie. We covered what these could mean in terms of content control and splitting console ownership into what titles people like. Although both Microsoft and Sony are committed to releasing content for both consoles, once the existing contracts run out, things could be very different. Because of this potential monopoly of content by the Activision Blizzard deal, the FTC is going to take look at it.

We first talked about the using the UEFI firmware as an attack vector (At Def Con 22 in 2014). Since that time there have been three identified and disclosed versions of malware that directly targeted this critical subsystem. That would seem to be a relatively small percentage given the time since it was first uncovered, the number of devices that operate using the UEFI firmware subsystem, and the time between then and now. However, this is only ones identified and in most of the identified cases were found because of the method of delivery for the OS payload. This begs the question, are there more out there that just have not been found?

Page 12 of 210