UK police arrest 7 people in connection with Lapsus$
Ranging in age between 16 and 21, the hackers were arrested and then released by City of London Police, following an investigation which is still ongoing. Bloomberg had reported that a teenager based in Oxford was suspected of being the group’s mastermind. Bloomberg was able to track him down after his personal information was leaked online by rival hackers. According to Brian Krebs, the teenager purchased Doxbin last year, a site where people can share or find personal information on others, before leaking the entire Doxbin data set to Telegram. The Doxbin community retaliated by doxxing him.
North Korean hackers exploit Chrome zero-day weeks before patch
North Korean state hackers exploited a zero-day, remote code execution vulnerability in Google Chrome web browser for more than a month before a patch became available, in attacks targeting news media, IT companies, cryptocurrency, and fintech organizations. Google’s Threat Analysis Group (TAG) attributed two campaigns exploiting the recently patched CVE-2022-0609 (described only as “use after free in Animation” at the moment) to two separate attacker groups backed by the North Korean government, one of which has been identified as the Lazarus Group. Google TAG discovered the campaigns on February 10 and addressed the vulnerability in an emergency Google Chrome update four days later.
Anonymous claims to have hacked the Central Bank of Russia and stolen 35,000 documents
In this most recent attack on Russian infrastructure, the group announced on Wednesday that the files would be released in 48 hours, which would be today, Friday. The group has also declared that it will be going after companies that have decided to continue to operate in Russia by paying taxes to the Russian government.
GitHub explains the cause behind the past week’s outages
GitHub says recent service outages were caused by resource contention issues in their primary database cluster. Since last week, GitHub says that there were four service outages caused by these problems, on March 16th, March 17th, March 22nd, and March 23rd. Yesterday, GitHub explained that these outages were caused by “resource contention” issues with their primary MySQL cluster called ‘MySQL1.’ Resource contention is when multiple processes/requests compete for the same resources, whether that be memory, CPU, or disk utilization, or even access to a database table. As requests pile up, the server ultimately reaches the maximum number of connections it is configured to handle, and simply rejects all further requests until there is room for more.
Thanks to our episode sponsor, Varonis
Microsoft help files disguise Vidar malware
In a report published Thursday, Trustwave SpiderLabs revealed a new phishing attack designed to plant the Vidar infostealer on target machines. The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help (.CHM) file, Microsoft’s proprietary file format for help documentation saved in HTML that nobody ever looks at. The malware still requires a phishing email, this case with a low key subject line, “Re: Not read: Coverage Inquiry 3.24.16”and with a simple unpersonalized message, “The important information for you. See the attachment to the email. Thank You!”
Mustang Panda hacking group takes advantage of Ukraine crisis in new attacks
On March 23, researchers from ESET said that Mustang Panda, a Chinese cyberespionage group also tracked as TA416, RedDelta, and Bronze President has been spreading a new Korplug/PlugX Remote Access Trojan (RAT) variant. ESET has named the new sample Hodur. To get around, Mustang Panda uses phishing methods that include news items or messages related to the Ukraine invasion. The group has managed to successfully infiltrate research organizations, internet service providers (ISPs), and systems belonging to European diplomatic initiatives across countries including Mongolia, Vietnam, Myanmar, Greece, Russia, South Africa, and Cyprus.
(ZDNet)
CEA sees future in waferscale quantum computing chips
Paris-based quantum computing startup C12 Quantum Electronics is working on the multi-qubit chips in conjunction with CEA, the government-backed French research institution. Qubits, short for quantum bits, are the fundamental yet extremely delicate building blocks of quantum computers. Not many regular chip companies have even tried to make a wafer-size chip due to the multidimensional complexities involved. C12 said this new work is building from a “breakthrough in manufacturing quantum chips on 200mm silicon wafers.” 200 millimeters equals roughly 7.8 inches in diameter. This breakthrough is being hailed leap forward toward the goal of commercializing quantum computing and manufacturing chips at scale.
Remembering the creators of the GIF and TRS-80
Stephen E. Wilhite will be remembered as the creator of the Graphics Interchange Format – the ubiquitous GIF, which he created while working at CompuServe an online service that was actually founded in 1969 but which, by the mid-1980s, had evolved to the point some users expected to see graphics when they dialed in to check their mails or chat in forums. The easily transported graphics file became a de facto standard and then enjoyed an enormous revival in the early 2000s thanks to its ability to display animations – a feature greatly appreciated before the widespread advent of streaming video. By the way, Mr. Wilhite always insisted the name be pronounced as “jif” with a soft “g”. Those who pointed out that his preferred pronunciation was inconsistent or illogical were met with a stern: “They are wrong”.
One of the machines where GIFS were often to be seen was the TRS-80 an early personal microcomputer sold by Tandy through its network of Radio Shack stores. The computer was the brainchild of John Roach, who also passed away this week. With a $599.95 price tag (just over a thousand of today’s dollars) it brought home computing to suburban homes across America. In addition to developing this pioneering pre-built computer, Mr. Roach might also be remembered for hiring two young programmers to write software for the machine. Their names were Bill Gates and Paul Allen.