Iranian Gas, Smelly Towns, View Source Legality, EBCDIC & GDPR, & Unlocking Oculus Go – PSW #716
This week in the Security News we talk: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
Jeff Man
Sr. InfoSec Consultant at Online Business Sytems
Larry Pesce
Product Security Research and Analysis Director at Finite State
- 1. Add Mycelium To Your Mesh Networks
- 2. FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
- 3. Cracking WiFi at Scale with One Simple Trick
- 4. Unlocking Oculus Go
- 5. Copyleft Compliance Projects – Software Freedom Conservancy
- 6. SS7 Attack Panel: Yet Another Rising SCAM on Social Media
- 7. California town? This could be the studio…SQUIRREL! I love this industry... it is the only one I know of where you can mention snort, vomit and burp and not be talking about a bodily function.
Lee Neely
Senior Cyber Advisor at Lawrence Livermore National Laboratory
- 1. Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.The cybersecurity professor who helped uncover the Missouri government's failure to protect teachers' Social Security numbers has demanded that the state cease its investigation into him and stop making "baseless accusations" that he committed a crime. Khan hired an attorney to defend himself against the state's accusations. On Thursday last week, Khan's attorney sent a litigation hold and demand letter to Parson and several state agencies. The letter says that Parson and other state officials defamed Khan and violated his First Amendment "right to speak freely without the threat of government retaliation." The letter adds the Show Me State's investigation into Khan "would violate the prohibition on malicious prosecution." "Professor Khan is likely to prevail on the merits of any case brought against him," the letter said. "No statute in Missouri or on the federal level prohibits members of the general public from viewing publicly available websites or viewing the website's unencrypted source code. No reasonable person would think they were unauthorized to view a publicly available website, its unencrypted source code, or any of the unencrypted translations of that source code. There is no probable cause to investigate Professor Khan, and instigation or continuation of any proceeding against him would therefore be prohibited."
- 2. SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warnsMicrosoft has issued a warning to organizations that the "Nobelium" hacking group behind the SolarWinds attacks has targeted some 140 technology service providers and resellers as part of a global IT supply chain attack.
- 3. Another popular npm package infected with malwareIn an audacious incident, threat actors hijacked the account of the developer of a widely used JavaScript library, UAParser.ja, to replace the legitimate code with malicious one infused with malware and trojans.
- 4. TodayZoo phishing kit borrows the code from other kitsResearchers say they have discovered a series of credential phishing campaigns in which hackers are leveraging a phishing kit dubbed "TodayZoo" that uses large portions of code lifted from various other phishing kits in order to steal credentials. According to Microsoft, TodayZoo was first identified in December 2020 and includes portions of code such as comment markers, dead links, and other elements found in other, previous phishing kits.
- 5. Groove ransomware calls on all extortion gangs to attack US interestsThe Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week. Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains.
- 6. Iran says cyberattack closes gas stations across countryA cyberattack crippled gas stations across Iran on Tuesday, leaving angry motorists stranded in long lines. No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.
- 7. Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomwareAn unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware.