White House releases new cybersecurity strategy
The strategy was published as a memorandum from the Office of Management and Budget and intended for the heads of all executive departments and agencies. It calls on agencies to move towards a zero-trust architecture, requiring them to implement enterprise identity and access controls, such as multi-factor authentication. Agencies must also create a complete inventory of authorized devices, which will be monitored according to CISA specifications. Agencies have 30 days to designate an implementation lead and 60 days to submit a plan.
Trickbot gets trickier
Trickbot: it’s not just a clever name. The operators of the pernicious trojan revised it to now include a new set of features to prevent reverse engineering attempts. According to researchers at IBM Trusteer, recent samples show the addition of an anti-debugging script, designed to trigger a memory overload if a researcher performs “code beautifying” techniques to make it easier to read, ultimately crashing the browser. Trickbot also includes Base64 obfuscation, redundant junk script and code, and native function patches to slow down the work of security researchers.
(ZDNet)
VPNLab shuttered in global takedown
Europol worked with investigators in ten nations, including the US and Canada to take down the VPN service, posting notices on VPNLab.net as of January 20th. The service had been around since 2008, allegedly offering encrypted communications and secure channels for threat actors. In all the takedown seized or shut down 15 servers. Analysis of these servers led investigators to find attacks in progress on over 100 other organizations. Security analysts note however that these types of services are easy to quickly spin up, with the use of Tor layered with a VPN service providing similar protection.
Microsoft warns of info reading phishing attack
Microsoft issued a warning that hundreds of Office 365 customers are getting phishing emails trying to trick them into granting OAuth permission that would let attackers create inbox rules, read and write emails and calendar items, and read contacts. The app that requests the permission is called Upgrade and appears to come from a verified publisher. Microsoft has deactivated the malicious app in Azure AD. This is a type of attack called “consent phishing” which tricks the user into granting access without having to hand over passwords. Microsoft says that reports of consent phishing have been on the rise in recent years.
(ZDNet)
Thanks to our episode sponsor, deepwatch
Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Court reverses 2009 Intel antitrust ruling
Back in 2009, the European Commission fined Intel for anti competitive behavior, hitting them with a record fine of 4% of their annual revenue. Now the EU General Court overturned the decision . This decision involved rebates Intel gave to PC makers to allegedly squeeze out AMD, resulting in the 1.06 billion-euro fine. The court found the European Commission failed to show “to the requisite legal standard” that the rebates were an anticompetitive risk. This ruling can still be appealed to the European Court of Justice, although both Intel and EU competition chief Margrethe Vestager said they were reviewing the ruling.
A look at crypto money laundering
The analysts at Chainalysis released their 2021 cryptocurrency money laundering report, finding that funds laundered in crypto increased 30% on the year to $8.6 billion, although well short of 2019’s record year of $10.9 billion. It’s estimated this accounts for 0.05% of all cryptocurrency volume. For the first time since 2018, centralized exchanges did not receive a majority of illicit funds, accounting for 47%. This is largely the result of the rise of DeFi protocols, which received 17% of illicit funds in 2021, up almost 2000% since last year. Scammers mostly preferred depositing funds in centralized exchanges, while crypto thieves preferred to move funds to DeFi.
Apple publishes Personal Safety User Guide
Since the launch of AirTags last year, there have been no shortage of theoretical and real world situations when they’ve been used to impinge on personal safety and privacy, with stalking a primary concern. Soon after the launch, Apple published an initial round of support resources to address these concerns, and has now expanded them into a full Personal Safety User Guide. The guide deals with AirTags specifically, advising that the Find My app will notify you if an unknown AirTag is seen moving with you for a while. It also includes how to manage share settings, block unknown sign-in attempts, and restore backed up data.
(9to5Mac)
Cracking your locked crypto wallet
Back in 2018, Dan Reich and a friend spent $50,000 on Theta tokens, at the time worth $0.21. These were transferred to a Trezor One hardware wallet. The value of the tokens fluctuated, but the two had forgotten the PIN and couldn’t access them, facing erasure of the wallet if they guessed wrong 16 times in a row. By the end of 2020, the value had risen into the millions. In early 2021, the two turned to hardware hacker Joe Grand. Grand built on an approach called wallet.fail to force the PIN and wallet key to be copied to RAM at boot up, which thanks to a fault injection attack were readable. Getting the timing right on this required thousands of tries, using different power levels impacting the microcontroller to pull off the exploit. The approach worked after 3 and a half hours. Grand received a portion of the wallet proceeds, and since May helped others who have lost wallet access recover funds, as well as researching how to make the wallets more secure.