Teenage Masterminds, Hacking Civics, Journalists Sued, UPS Attacks, & Spyware – PSW #734
This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. A hacker stole $625 million from the blockchain behind NFT game Axie Infinity
- 2. Viasat shares details on KA-SAT satellite service cyberattack
- 3. EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official
- 4. Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread
- 5. Honda Civics vulnerable to remote unlock, start hack
- 1. Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison – Krebs on SecurityAn Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. He is also ordered to pay $36 million in restitution.
- 2. Honda Civics vulnerable to remote unlock, start hackResearchers have found a vulnerability that can be exploited through a replay attack to unlock and remotely start certain Honda and Acura vehicles made between 2016 and 2020. The attack captures radio frequency signals sent to the car from a key fob and replays them at a later time. The researchers recommend that the car manufacturers use “rolling” or “hopping” codes.
- 3. Microsoft is adding a new driver-blocklist feature to Windows Defender on Windows 10 and 11Microsoft is adding a Vulnerable Driver Blocklist to Windows Defender on Windows 10, Windows 11, and Windows Server 2016 or newer. The blocklist will comprise information from Microsoft and from OEM partners.
- 4. FBI: Triton Malware is Being Used Against Energy CompaniesThe FBI has issued a TLP: White Private Industry Notification warning that Triton malware, also known as Trisis, is still a threat to critical infrastructure industrial control systems (ICS) around the world. The bulletin describes the threat, including the 2017 Triton attacks targeting a petrochemical company in the Middle East.
- 5. Muhstik Botnet Targeting Redis Servers Using Recently Disclosed VulnerabilityThe Ukrainian Security Service (SSU) has revealed it has shuttered more than 100,000 bogus social media accounts that were part of a bot farm operated out of Kharkiv, Cherkasy, Ternopil, and Zakarpattia that was spreading fake news over social media designed to instill fear and discourage Ukrainian citizens from defending their country.
- 6. Ukraine war: Major internet provider suffers cyber-attackUkrainian national telecommunications operator Ukrtelecom says it is now trying to restore Internet service in Ukraine after being hit by a "major cyber-attack" that resulted in connectivity dropping to just 13 percent of pre-war levels throughout the country. Service is being restored on a priority basis. What would you do if your ISP was offline? Do you know where you fit on their service restoration plan?
- 7. Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day VulnerabilityGoogle on 3/25 shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited. Updates are also available for chromium browsers such as Brave and Edge.
- 8. While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and RadioWhile Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK).
- 9. Sophos Firewall affected by a critical authentication bypass flawSophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has released a hotfix that can be automatically installed. There are no mitigations for this flaw. Make sure you're on a supported firmware revision.
- 10. Russian aviation authority switches to paper after losing 65TB of dataThe Federal Air Transport Agency Rosaviatsiya is responsible for overseeing the civil aviation industry in Russia. Its website favt.ru went offline on Monday and has been unreachable since. "Due to the temporary lack of access to the Internet and a malfunction in the electronic document management system of the Federal Air Transport Agency, the Federal Air Transport Agency is switching to a paper version," reads the Rosaviatsiya statement signed by the agency's head Alexander Neradko.
- 1. EMBER BEAR: Threat Actor Profile | CrowdStrikeEMBER BEAR is an adversary group aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations
- 2. Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISAActions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software.• Develop internal contact lists and surge support.
- 3. Surveillance software firm FinFisher declares insolvencyMunich-based spyware company FinFisher declared insolvency last month, Bloomberg reported Monday, amid an ongoing investigation into its business dealings.
- 4. Mitigating Attacks Against Uninterruptible Power Supply DevicesMitigate attacks against UPS devices by immediately removing management interfaces from the internet.
- 5. Cyberattackers Target UPS Backup Power Devices in Mission-Critical EnvironmentsThe active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.