Here are some of the topics we will be discussing TODAY. Please join us every Friday at 12:30pm PT/3:30pm ET for an open discussion session. on YouTube Live.
Encrypted ZIP files can contain two valid passwords
Password-protected ZIP archives are a popular way to encrypt and share files, but Arseniy Sharoglazov, a cyber security researcher at Positive Technologies has shown that it is possible for an encrypted ZIP file to contain two valid passwords. This vulnerability comes when the password is set to more than 64 characters, as ZIP uses an algorithm to change the password. Sharoglazov showed that testing passwords longer than 64 characters causes ZIP to generate the same hash and thus accept the second password as valid. A full report on the matter is available at Bleeping Computer, who, fortunately, were able to replicate this.
White hat hackers broadcast via satellite
A group of white hat hackers demonstrated at DEF CON how to control a satellite in geostationary orbit. The team used a satellite called Anik F1R, which was decommissioned in 2020. The team was allowed to do the trick and was also given permission and access to unused space that included satellite communications equipment. The group wanted to show how easy it could be to control satellites using software that cost only $300.
Attacks carried out by the government are not covered by cyber insurance
Lloyd’s of London insurance market will introduce exclusions from online insurance policies to avoid government-sponsored “perils”. These exclusions will begin in the new policies on March 31, 2023. Lloyd warns that all insurers must clearly state in the rules that government-sponsored risks are not covered. This applies regardless of the declared war between the two countries. This shows that state-sponsored attacks are often not just for financial gain, but often for national reasons. This also comes as insurance providers avoid ransomware coverage as premiums increase.
A former security chief criticizes Twitter for not taking cybersecurity seriously
Peiter Zatko, Twitter’s former chief security officer who was fired in January 2022, blew the whistle on Twitter’s cybersecurity practices. Zatko filed a complaint with the US Securities and Exchange Commission (SEC) on July 6, alleging that thousands of laptops contain all Twitter records. He says a third of the weapons blocked defense systems, extinguished fire engines and had remote access. They also claim that Twitter failed to delete user data after account suspension. The complaint also alleges that employees repeatedly installed spyware on their work computers at the request of outside agencies. Zatko said Twitter experienced one outage per week during his two-year tenure and expressed his “fear that Twitter could be compromised on the scale of Equifax.”
Thanks for sponsoring today’s episode, Code42
Microsoft unveils Nobelium’s MagicWeb
The company’s security researchers discovered a technique used by a Russian-linked threat group to gain access to compromised networks. Called MagicWeb, this exploit uses a malicious DLL to tamper with claims issued by tokens generated by the Active Directory Federated Services server. This overwrites existing certificates. This required Nobelium to first have privileged credentials, gain access to the network, and gain admin access in Active Directory. Because of this, MagicWeb seems very straightforward.
NIC drain plugs prevent air gaps
Dr. Mordechai Guri, director of R&D in the CyberSecurity Research Center at Ben Gurion University, published a new method of extracting data from airborne systems called ETHERLED. This uses the LEDs on the NICs to transmit data from the system up to hundreds of meters away. Data can be sent through simple Morse code or converted into eye signals. This requires the attacker to compromise the system and plant malicious code. In this case, the attack uses unwritten firmware commands to power up the NIC. Solutions include black tape to block the lights.
North Korean malware exists in Black Hat
IronNet, a security firm hired to support Black Hat’s Network Operations Center discovered a number of network malware infections including SHARPEXT, which is said to have direct links to North Korea’s top leadership. The threat hunters also said that during the meeting, they saw many calls from four special teams to three regions related to North Korean malware. ” This may have come from someone who had SHARPEXT on their machine, brought it to a meeting, or picked it up while they were there. The SHARPEXT browser extension is usually installed on the victim’s Windows PC after it has been compromised through some vulnerability or infection process.
The Pentagon may require vendors to certify their software is free of known defects
The House of Representatives’ 2023 National Defense Authorization Bill — which was passed on July 14 — continues to divide the cybersecurity community. The debate revolves around whether the requirement is unnecessary and impossible to meet or whether it is a game changer that will begin to hold software vendors accountable for selling faulty technology. The Biden Administration’s position is that software companies should emulate the auto industry, where “manufacturers have ownership and responsibility” over the life of a car, said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. But cybersecurity chief Dan Lorenc says no program is without vulnerability.