Author: Blog

Iran Nuclear Facility Suffers Blackout, Cyberattack Suspected

While difficult negotiations continue over a deal to curtail Iran’s nuclear ambitions, this morning Iran suddenly experienced a blackout at its underground Natanz atomic facility, the Associated Press reports: While there was no immediate claim of responsibility, suspicion fell immediately on Israel, where its media nearly uniformly reported a devastating cyberattack orchestrated by the country caused the blackout. Israeli Prime Minister Benjamin Netanyahu later Sunday night toasted his security chiefs, with the head of the Mossad, Yossi Cohen, at his side on the eve of his country’s Independence Day… Netanyahu, who also met Sunday with U.S. Defense Secretary Lloyd Austin, has vowed to do everything in his power to stop the nuclear deal…

Natanz has been targeted by sabotage in the past. The Stuxnet computer virus, discovered in 2010 and widely believed to be a joint U.S.-Israeli creation, once disrupted and destroyed Iranian centrifuges at Natanz amid an earlier period of Western fears about Tehran’s program. Natanz suffered a mysterious explosion at its advanced centrifuge assembly plant in July that authorities later described as sabotage. Iran now is rebuilding that facility deep inside a nearby mountain. Iran also blamed Israel for the November killing of a scientist who began the country’s military nuclear program decades earlier.

Git.PHP.net Not Compromised in Supply Chain Attack, but User Database Leak Possible

Inside.com’s developer newsletter reports: The PHP team no longer believes the git.php.net server was compromised in a recent attack, which prompted PHP to move servers to GitHub and caused the team to temporarily put releases on hold until mid-April…

In an update offering further insight into the root cause of the late March attack, the team says because it’s possible the master.php.net user database was exposed, master.php.net has been moved to main.php.net. The team also reset php.net passwords, and you can visit https://main.php.net/forgot.php to set a new password. In addition, git.php.net and svn.php.net are both read-only now.

Attackers Can Now Remotely Deactivate WhatsApp on Your Phone

“Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in,” reports a new article in Forbes. “Even two-factor authentication will not stop this…”

The attacker triggers a 12-hour freeze on new verification codes being sent to your phone — then simply reports that same phone number as a lost/stolen phone needing deactivation. There are apparently no follow-up questions, and “an automated process has been triggered, without your knowledge, and your account will now be deactivated,” Forbes writes.

Myanmar’s Internet Suppression

In Myanmar, the junta’s intensifying crackdowns on protesters in the street are mirrored by its rising restrictions online. Reuters: In the early hours of Feb. 1, Myanmar’s military seized power in a coup that has ignited months of mass protests. The military junta’s security forces have since killed more than 550 civilians in crackdowns on the pro-democracy protesters, including children. To try to suppress protests, the junta has imposed increasing restrictions on internet access, culminating in a near total shutdown as of April 2. That has made it extremely difficult for people to access information, upload videos of protests, or organize. These tactics have also crippled businesses and limited access to medical information during the coronavirus pandemic. A Myanmar junta spokesperson did not respond to calls seeking comment. At a March 23 press conference, spokesperson Zaw Min Tun said the junta had no immediate plans to ease internet restrictions because violence was being provoked online.

Protesters in Myanmar, who asked to stay anonymous, told Reuters they were terrified about being shut off from the world, with no way to broadcast news of the protests or of the army’s killings to those outside of Myanmar. “We Myanmar people are in the dark now,” said one young protester. “News from Myanmar is going to disappear,” another added. Governments around the world are increasingly using internet restrictions during political crises as a tool to limit free expression and hide human rights abuses, according to data from the digital rights organization Access Now. The U.N. Human Rights Council has condemned such intentional disruptions as a human rights violation. “Whenever the internet is shut down during such critical moments we would hear or document or see reports of human rights abuses, and that is what is happening in Myanmar,” said Felicia Anthonio, a campaigner with Access Now. “The government is cracking down on protesters to ensure they do not let the rest of the world know what is happening.” Since the coup, the junta has ordered telecom companies to carry out dozens of shutdowns. These shutdowns targeted mobile and wireless internet, which is the only available internet for most in the country.

2021 Malware Trends: What We Should Expect

It seems as if news of another malware or ransomware attack surfaces every day. From the ransomware attack against defense contractor CPI to an Emotet campaign impersonating  the Democratic National Committee, 2020 was booming with malware and ransomware incidents. Unfortunately, sophisticated and devastating malware and ransomware attacks will likely  increase throughout 2021 as threat actors continue to capitalize on global affairs. 

Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input

An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not — yet — been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest.

In a statement to Tom’s Guide, Zoom thanked the Computest researchers and said the company was “working to mitigate this issue with respect to Zoom Chat.” In-session Zoom Meetings and Zoom Video Webinars are not affected. “The attack must also originate from an accepted external contact or be a part of the target’s same organizational account,” Zoom added. “As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust.”

CrowdStrike Invests In No-Code Security Automation Startup Tines

… the CrowdStrike Falcon Fund was launched in partnership with Accel in 2019. The $20 million CrowdStrike fund focuses on seed and early stage … IT service management (ITSM) workflow automation tools like ServiceNow. … plans to launch a formal program for channel partners, MSPs and MSSPs.

4 steps to better security hygiene and posture management

As the old security adage goes, “a well-managed network/system is a secure network/system,” and this notion of network and system management is a cybersecurity foundation.  Pick any framework (e.g., NIST Cybersecurity framework), international standard (e.g., ISO 27000), best practice (e.g., CIS 20 Critical Controls) or professional certification (e.g., CISSP), and much of the guidelines presented will be about security hygiene and posture management.