Cyber attack disrupted Canadian airports
The Canada Border Services Agency confirmed that a distributed denial of service attack cause connectivity issues across several airports last week. This impacted check-in kiosks and gates. The Montreal Airport Authority said these attacks resulted in significant delays in arrivals, although the CBSA said it restored all systems in a matter of hours. The Russian threat group NonName057(16) took credit for the attack, claiming it targeted other Canadian financial and government organizations. According to monitored Telegram chats by the group, the attack came in response to continued support for Ukraine in its war with Russia by Prime Minister Justin Trudeau.
Huawei ships chips for surveillance cameras
For the past four years, the US Department of Commerce instituted various export controls to reduce the capability of Huawei and other Chinese firms to produce their own chips. However Reuters’ source say earlier this year Huawei’s HiSilicon chip unit began shipping newly created chips to surveillance camera manufacturers. Sources say these chip shipments will have a significant impact on the surveillance market. This comes after Huawei announced a new Mate 60 Pro phone using internally developed advanced chips om August, although US Commerce Secretary Gina Raimondo found no evidence Huawei made these chips in volume.
(Reuters)
Signal adds quantum-resistant encryption
The encrypted messaging service announced it upgraded its key agreement protocol to Post-Quantum Extended Diffie-Hellman or PQXDH. This uses both its previously utilized protocol, X3DH and the NIST-approved post-quantum key encapsulation mechanism CRYSTALS-Kyber. In a blog post, Signal said it did not want to entirely “replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem,” but said it believe in CRYSTALS-Kyber as a solid foundation for the future. The messaging service also said this represented an initial move as part of its efforts to offer quantum-resistant end-to-end encryption.
OpenAI launches red teaming network
The AI giant launched the network to inform its risk models assessments for current and future AI models. The company says this will formalize its existing work with outside exports to benchmark its models. The company will use a wide range of domain experts in the network, with expertise ranging from biometrics and finance to healthcare and linguistics. This network will not replace third-party audits.
Thanks to our sponsor, Hyperproof
Chinese threat group sees success with old school hacking
At the mWise security conference, researchers from Maniant detailed a campaign by the China-linked group UNC53. This used malware-laden thumb drives to hit at least 29 organizations. While victims span across the world, the initial infection seems to come from the Africa-based operations of multinational organizations. These drives deployed Sogu malware, used by Chinese-based groups for over a decade. Mandiant monitored as infection from this malware ramped up, with infections spreading at internet cafes or print shops across Africa and then spreading from there. The thumb drives don’t try to autorun malware, instead attackers lure users to click an executable, naming it like the removable media it resides on.
(Wired)
1Password rolls out passkey support on mobile and extensions
The prominent password manager announced general availability of passkey support on its Android and iOS apps, as well as on its browser extensions. This doesn’t fully replace an account’s master password. 1Password said that support will arrive “this fall” as part of an “end-to-end passkey experience” across all platforms. The company previously rolled out beta passkey support for browser extensions in June.
Casino attackers hit three other firms
We covered last week the high profile attacks on MGM Resorts and Caesars Entertainment by the threat group Scattered Spider. Now Okta CSO David Bradbury disclosed that a total of five of its clients, including the two casino giants, experienced attacks by the group since August. No word on what companies the group targeted, or if they fell in a similar vertical. In an alert, Okta said these attacks followed a similar pattern, with attackers targeting a victims help desk to provide employee network access.
(Reuters)
China accuses US of hacking Huawei
China’s Ministry of State Security released a post on WeChat, claiming that a US government agency infiltrated servers at Huawei dating all the way back to 2009 and operating surveillance since then. China’s National Computer Virus Emergency Response Center claims it recovered US spyware called Second Date while investigating a cyberattack against Northwestern Polytechnical University in Xi’an last year. The agency claims the US NSA operates Second Date, using it in operations across several countries.