- 1. New Army unit will combine military intelligence with open source data on foreign adversaries
We are not already doing this? - "By blending military intel with commercial data, publicly available information on foreign adversaries and certain national intelligence systems, it will provide insight necessary for Army Cyber Command to operate and defend networks and influence foreign audiences, the spokesperson added."
- 2. Researchers Used a Decommissioned Satellite to Broadcast Hacker TV
- 3. CVE-2022-1026: Kyocera Net View Address Book Exposure
"While the API supports authentication, and the thick client performs this authentication, while capturing the SOAP requests, it was observed that the specific request to extract an address book, `POST /ws/km-wsdl/setting/address_book` does not require an authenticated session to submit. Those address books, in turn, contain stored email addresses, usernames, and passwords, which are normally used to store scanned documents on external services or send to users over email."
- 4. A critical RCE vulnerability affects SonicWall Firewall appliances
- 5. Racing against the clock — hitting a tiny kernel race window
Haven't gone through all the technical details, but this seems to be the point: "This also demonstrates that even very small race conditions can still be exploitable if someone sinks enough time into writing an exploit, so be careful if you dismiss very small race windows as unexploitable or don't treat such issues as security bugs."
- 6. Creepy Spyware Company Claims It’s Broke Right Before Asset Seizure
Weird, they just closed up shop, perhaps burning it down to re-emerge and not be under fire from German authorities? "The company, which is known for its powerful and invasive malware “FinSpy,” has been under investigation by the German government since 2019 over allegations that it illegally sold spyware to the government of Turkey without acquiring the requisite export license. The spyware, which was allegedly used to monitor the phones of political activists in the country, is known for its ability to pilfer data and listen-in on mobile users."
- 7. EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official
- 8. Researchers release car exploit that allows hackers to lock, unlock and start Honda’s
- 9. How Security Complexity Is Being Weaponized
Marty summed it up nicely right here: "As environments grow noisier with context-free security alerts and a constant flood of log data, it becomes easier for attackers to intentionally create distractions that make it possible for them to conceal their activities inside the network."
- 10. Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
So yea, like we know this works, so does Lapsus$: "“No limit is placed on the amount of calls that can be made,” a member of Lapsus$ wrote on the group’s official Telegram channel. “Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.”" - Does simply rate-limiting this fix it?
- 11. “VMware Spring Cloud” Java bug gives instant remote code execution – update now!
Great explanations of Spring and the exploit path in this post: "If the person calling your Java function via the web (to look up a username in a database, for example, or to check if a specific SKU is in stock) inserts a specific HTTP header into their web request, and if that header contains Spring code structured in the right way… …then the code in that header gets executed on the server, right inside the Spring Cloud server world. In other words, unauthenticated, uncomplicated remote code execution (RCE)."
- 12. Largest Crypto Hack Ever Nabs $625 Million From Ronin Network
"The hacker’s crypto wallet, which is available to view on Etherscan, shows that most of the funds haven’t been moved since they were extracted from the Ronin Network. But there’s evidence the hacker is trying to move tiny amounts of crypto in several transactions, perhaps a way to figure out what avenue might be safe for extracting the wealth."
- 13. Chrome Browser Gets Major Security Update
From the Google post: "Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL." (https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html) - I really like how Google is not afraid to list out the tools that people use to find vulnerabilities in their own products, nice!
- 14. Ubiquiti seeks $425 million in damages against industry blogger Brian Krebs
I think this is a stretch: "Ubiquiti said it promptly notified customers of the attack and instructed them to take additional security precautions to protect their information. Ubiquiti then notified the public in the next filing it made with the SEC, but they claim Krebs intentionally disregarded the steps the company took to target Ubiquiti and increase ad revenue by driving traffic to his website" - at least the "intentionally disregarded" on Krebs part, I'm on team Krebs. And oh look, there's this too: "Corey Quinn, chief cloud economist at the Duckbill Group calls into question the Ubiquiti lawsuit and pointed out that the law firm representing Ubiquiti, Clare Locke LLP in Alexandria, Virginia, has a long history of suing media companies. " (https://twitter.com/QuinnyPig/status/1508965090019577856)
- 15. Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
"For instance, bad actors can use them as a jumping-off point to breach a company’s internal network and steal data. Or, in a grimmer scenario, they could be used to cut power for mission-critical appliances, equipment or services, which could cause physical injury in an industrial environment, or disrupt business services, leading to significant financial losses." - Also, it seems default credentials are the way attackers are getting in, which is bad.
- 16. Alvaro Muñoz ???????????? on Twitter
- 17. Microsoft Azure Defender for IoT vulnerabilities could lead to ‘full network compromise’
Damn, I had high hopes for Azure for IoT too, hopefully MS can turn it around: "Given that Defender for IoT is a security product itself, SentinelLabs says that is research “raises serious questions about the security of security products themselves and their overall effect on the security posture of vulnerable sectors.”"
- 18. Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
"The boy's father told the BBC his family was concerned and was trying to keep him away from his computers. Under his online moniker "White" or "Breachbase" the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America."