SMIC making advanced chips with ASML tech
Bloomberg’s sources say China’s largest domestic chip producer used ASML’s immersion deep ultraviolet machines to produce advanced chips for Huawei smartphones. SMIC produced a 7nm chip with the equipment, something that recent US export bans have looked to stop going to China. ASML never exported its most advanced chip making equipment to China, however analysts say its possible to retool its less advanced models to produce advanced chips. The company could justify this in a competitive market, but SMIC received significant state assistance to produce these chips. It’s believed Chinese firms stockpiled less advanced ASML chipmaking equipment for years prior to the more stringent export bans.
Roundcube webmail exploited with zero-day
Security researchers at ESET disclosed that the Russian-linked threat actors Winter Vivern began exploiting a zero-day against the open-source webmail software Roundcube on October 11th. The attackers send a malicious email message that used a cross-site scripting flaw to load arbitrary code into a user’s browser window. Ultimately this exfiltrated messages to a C2 server. Bleeping Computer reported the group targeted European government entities and thought thanks with these attacks.
(The Hacker News, Bleeping Computer)
Philadelphia’s week somehow gets worse
How do you make losing Game 7 of the NLCS at home even worse? How about disclosing months-long access to municipal email systems? In a statement, Philadelphia city officials said threat actors gain access to some city email accounts from May 26th and July 28th. IT staff first noticed suspicious activity on May 24th. In August the city discovered some accounts included protected health information. Other information accessed includes names, addresses, social security numbers, and financial information. It’s unclear how many email accounts this impacted. This isn’t the first institution in the city to get hit with a cyberattack, with both the Philadelphia Inquirer and the Philadelphia Orchestra experiencing attacks in 2023.
Amazon to launch European sovereign cloud
Amazon Web Services said it will launch this offering for customers in government and highly regulated industries. This will see data stored on servers located in the EU, with EU-resident employees overseeing operations and support. The service will first launch in Germany before expanding to all EU customers. This comes as the EU and US continue to hammer out a new international data transfer agreement, with previous ones thrown out in court in the EU over privacy concerns.
(Reuters)
Huge thanks to our sponsor, Vanta
Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing.
And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance.
Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
Former NSA employee pleads in espionage case
Jareh Sebastian Dalke, a former NSA information security systems designer, pleaded guilty to six charges of violating the Espionage Act. The FBI caught Dalke in a sting operation, getting him to hand over secrets while under the guise of Russian spies. Documents sent included national security information, which he sold for $16,000 in cryptocurrency. He faces sentencing in April, as part of a plea deal he could see a sentence no greater than 22 years.
Social sign-in flaw exposes accounts
Researchers at Salt Security published a report detailing vulnerabilities in social sign-in and OAuth implementations. The report found many high-profile sites with these vulnerabilities. It named Vidio, Grammarly, and Bukalapak as examples. Using a Pass-The-Token attack, a threat actor could ultimately gain unauthorized access to these services. The main problem with implementation comes down to an improper token verification process, opening the door to using a token obtained from another site. With the site Vidio, researchers could log in using a Facebook token for example. Salt Security contacted the companies named in the report, who subsequently fixed their implementation.
(HackRead)
VMware patches EoL vCenter exploit
VMware issued a patch for a critical vCenter Server vulnerability that allows for remote code execution due to an out-of-bounds write issue with its DCE/RPC implementation. This issue isn’t being actively exploited, but it could allow for low-complexity attacks from remote attacks without any user interaction, aka pretty bad. Given the potential threat of the exploit and with no other workaround mitigations, VMware released patches for several end-of-life products.
Ransomware attacks hit a new high in September
A new report from NCC Group found that ransomware attacks increased 153% on the year in September. Of this, it saw double-extortion attacks up 76% on the year. Overall it monitored 514 attacks in the month. North America saw the most attacks, accounting for 50%, followed by Europe with 30% and Asia with 9%. LockBit orchestrated the most attacks, accounting for 15%. But new groups like LockTrust and RansomedVC combined for 18% of all attacks. Of the major ransomware organizations seen in recent months, Clop saw almost no activity in September.
(SC Media)