BuzzSec

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode , which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis). Specifically, the weakness involves Unicode’s bi-directional or “ Bidi” algorithm , which handles

Enterprises are allocating more IT dollars towards implementing a multilayered approach to securing data and applications against new threats, data shows. from Dark Reading https://www.darkreading.com/tech-trends/enterprises-allocating-more-it-dollars-on-cybersecurity

New capabilities allow Snyk Infrastructure as Code customers to more effectively detect infrastructure drift. from Dark Reading https://www.darkreading.com/application-security/snyk-agrees-to-acquire-cloudskiff-creators-of-driftctl

In what maybe peak hype, Squid Game has its own cryptocurrency . Not in the fictional show, but in real life. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/10/friday-squid-blogging-squid-game-has-a-cryptocurrency.html

A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors. from Dark Reading https://www.darkreading.com/threat-intelligence/apts-teleworking-and-advanced-vpn-exploits-the-perfect-storm

While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs. from Dark Reading https://www.darkreading.com/attacks-breaches/cybercriminals-take-aim-at-connected-car-infrastructure

Court documents say Vladimir Dunaev is alleged to have been a malware developer for the Trickbot Group. from Dark Reading https://www.darkreading.com/attacks-breaches/russian-national-accused-of-role-in-trickbot-is-extradited-to-us

OMIGOD It's RCE We are excited to announce that we now have a module for the OMIGOD vulnerability that exploits CVE-2021-38647 courtesy of our very own Spencer McIntyre! Successful exploitation will allow an unauthenticated attacker to gain root level code execution against affected servers. Given that this has seen exploitation in the wild by the Mirai botnet, we hope you're patched, lest your servers decide to join the zombie horde this Halloween! Sophos Contributes to the RCE Pile Continuing the trend of unauthenticated RCE exploits that grant root level code execution, this week we also have an exploit for CVE-2020-25223 , an unauthenticated RCE within the Sophos UTM WebAdmin service. Whilst we haven't yet seen exploitation in the wild of this bug, this is definitely one to patch given its severity. Stay frosty folks! Guess Who’s Back, Back Again, Apache's Back, Tell a Friend Whilst not a marshalling bug (I'm sorry, it's Halloween some puns are need

New attacks initially coming in via email are directing victims to make phone calls to attacker-controlled call centers in order to provide banking and credit card details. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/multi-stage-vishing-attacks-are-coming-to-an-inbox-near-you

This latest arrest by the South African Police Service (SAPS) demonstrates how romance scams that have been around for decades remain alive and well… and profitable. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eight-romance-phishing-scammers-with-ties-to-nigerian-organized-crime-arrested-after-stealing-nearly-7-million

A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/over-half-of-all-impersonation-attacks-target-non-executive-employees

While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs. from Dark Reading https://www.darkreading.com/iot/cybercriminals-take-aim-at-connected-car-infrastructure

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency. from Threatpost https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/

Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/what-exactly-is-secure-access-service-edge-sase-

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/google-releases-security-updates-chrome

KnowBe4's latest quarterly report on top-clicked   phishing   email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and 'in the wild' attacks . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/q3-2021-top-clicked-phishing-report-infographic-with-global-data

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/gocd-authentication-vulnerability

True-life horrors from conversations with software engineers and developers. D'oh! from Dark Reading https://www.darkreading.com/vulnerabilities-threats/a-treehouse-of-security-horrors

Cloud security is maturing — it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM. from Dark Reading https://www.darkreading.com/cloud/finding-the-right-approach-to-cloud-security-posture-management-cspm-

“Zero trust" is increasingly being heralded as the ultimate solution for organizational cyber safety and resilience — but what does it really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022? In this post, we'll answer those questions by taking a look at what problems the concept of zero trust is trying to solve, what types of people, process, and technology are necessary for successful zero-trust implementations, and what mindset changes your organization many need to make to be fully ready for this new defender paradigm in the year to come. What is zero trust? At the core, the concept of zero trust is just what those two words suggest: every human, endpoint, mobile device, server, network component, network connection, application workload, business process, and flow of data is inherently untrusted . As such, they each must be authenticated and authorized continuously as each transaction is performed,

It's hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates. from Dark Reading https://www.darkreading.com/edge-slideshows/6-ways-to-rewrite-the-impossible-job-description

Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It's time for everyone to strengthen the kill chain. from Threatpost https://threatpost.com/cyber-threats-targeting-all-sectors/175873/

CWE list aimed at designers and programmers to avoid key hardware weaknesses early in product development. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/top-hardware-weaknesses-list-debuts

This tactic - used to distribute REvil ransomware and the SolarMarker backdoor - is part of a broader increase in such attacks in recent months, researchers say. from Dark Reading https://www.darkreading.com/attacks-breaches/seo-poisoning-used-to-distribute-ransomware

The $200M Series D represents the company's largest funding round to date. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/ics-security-firm-dragos-reaches-1-7b-valuation-in-latest-funding-round

Enhanced ransomware detection, visualization of ransomware communications, and risk customization helps organizations respond to cyberattacks in minutes. from Dark Reading https://www.darkreading.com/attacks-breaches/ordr-unveils-cybersecurity-innovations-and-ransom-aware-rapid-assessment-service-to-expand-its-leadership-in-connected-device-security

CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. from Dark Reading https://www.darkreading.com/cloud/nsa-cisa-series-on-securing-5g-cloud-infrastructures

The Minimum Viable Secure Product is written as a checklist of minimum-security requirements for business-to-business software. from Dark Reading https://www.darkreading.com/application-security/tech-companies-create-security-baseline-for-enterprise-software

German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang. from Threatpost https://threatpost.com/revil-ransomware-core-member/175863/

As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy. from Dark Reading https://www.darkreading.com/risk/us-to-create-diplomatic-bureau-to-lead-cybersecurity-policy

AI can help recognize ransomware attacks and stop them at computer speed. from Dark Reading https://www.darkreading.com/emerging-tech/stop-zero-day-ransomware-cold-with-ai

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number. The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information. When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company. In a written response, Signe

This post also includes contributions from Reese Lewis, Andrew Christian, and Seth Lazarus. Rapid7's Managed Detection and Response (MDR) team leverages specialized toolsets, malware analysis, tradecraft, and collaboration with our colleagues on the Threat Intelligence and Detection Engineering (TIDE) team to detect and remediate threats. Recently, we identified a malware campaign whose payload installs itself as a Windows application after delivery via a browser ad service and bypasses User Account Control (UAC) by abusing a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privileges. The malware is classified as a stealer, which intends to steal sensitive data from an infected asset (such as browser credentials and cryptocurrency), prevent browser updates, and allow for arbitrary command execution. Detection The MDR SOC first became aware of this malware campaign upon analysis of “UAC Bypass - Disk Cleanup Utility” and

Since early 2020, Recorded Future has continued to witness prominent changes within underground communities in response to COVID-19 including an interest in defrauding government entities via fraudulent unemployment benefit applications. As detailed in our general reporting on the threat landscape of unemployment fraud earlier this year, criminals continued to use a variety of methods with relative ease, contributing to a growing marketplace that saw topics such as Pandemic Unemployment Assistance (PUA) appear as a sub-category within underground marketplaces that offered fraudulent tutorials or methods for aspiring criminals. In addition to these tutorials, we occasionally observed the sale of compromised account information that came bundled with tutorials on how to best profit off the stolen information. This past month, however, has served as a critical turning point for this general landscape with The CARES Act and other federal programs that provided unemployment benefits for

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/nsa-cisa-series-securing-5g-cloud-infrastructures

Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue. from Dark Reading https://www.darkreading.com/attacks-breaches/3-security-lessons-learned-from-the-kaseya-ransomware-attack

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/isc-releases-security-advisory-bind

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/cisco-releases-security-updates-multiple-products

The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler. from Threatpost https://threatpost.com/eus-green-pass-vaccination-id-private-key-leaked/175857/

Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack. from Dark Reading https://www.darkreading.com/attacks-breaches/you-ve-just-been-ransomed---now-what-

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/2021-cwe-most-important-hardware-weaknesses

In our last post , we discussed how we set up Rapid7's hands-on exercise at the Defcon 29 IoT Village. Now, with that foundation laid, we'll get into how to determine whether the header we created is UART. When trying to determine baud rate for IoT devices, I often just guess. Generally, for typical IoT hardware, the baud rate is going to be one of the following: 9600 19200 38400 57600 115200 Typically, 115200 and 57600 are the most commonly encountered baud rates on consumer-grade IoT devices. Other settings that need to be made are data bits, stop bits, and parity bits. Typically, these will be set to the following standard defaults, as shown in Figure 5: Figure 5: Logic 2 Async Serial Decoder Settings Once all the correct settings have been determined, and if the test point is UART, then the decoder in the Logic 2 application should decode the bit stream and reveal console text data for the device booting up. An example of this is shown in Figure 6: Figure 6: