Vulnerability found in TETRA encryption
Three Dutch security researchers from the firm Midnight Blue discovered severe flaws in the encryption algorithms for TETRA, a European radio standard used for critical voice and data radio communications. One flaw in syncing and keystream generation impacted all algorithms. This could let someone potentially monitor and send commands to critical infrastructure. They also found TETRA’s TEA1 algorithm, which uses 80-bits regularly, but also featured a mode that reduces its key to 32-bits. They cracked that reduced key in less than a minute on a consumer laptop.
TETRA has been in use since the 90s but up until now its encryption algorithms remained secret. The researchers discovered the flaws in 2021, but agreed to wait to disclose findings through the Dutch National Cyber Security Center until patchable issues could be fixed. The researchers will present a full technical overview at BlackHat.
(Wired)
Ryzen CPUs vulnerable to Zenbleed exploit
Google security researcher Tavis Ormandy disclosed the bug on his blog, first reporting it to AMD on May 15th. Zenbleed impacts AMD’s entire Zen 2 product line. The flaw allows an attacker to steal sensitive data stored in a CPU, including encryption keys and logins. Cloudflare notes remote attackers can exploit Zenbleed through website Javascript. Zenbleed doesn’t represent a side channel vulnerability like Spectre, rather it manipulates register files to force a mispredicted command. AMD released a patch for Zenbleed for its impacted Epyc server processors, but its remaining CPUs will not receive patches until at least October.
Norwegian government breached with Ivanti zero-day
Norway’s National Security Agency announced that it discovered compromised systems across a dozen government agencies. This came from a newly discovered zero-day impacting mobile endpoint management software from Ivanti. While this proved disruptive to the impacted ministries, it did seem to widely impact overall government operations. Norway contacted businesses using Ivanti’s solution in the country, and the company said its “actively engaging with customers to help them apply the fix.” Ivanti initially put details of the flaw behind a paywall and reported asked customers to sign NDAs before providing information.
Apple patches Operation Triangulation zero-click bug
It’s been a busy month for Apple. It issued its third security update in about a month to fix issues reportedly tied to a Russian spyware campaign targeting iMessage users. The latest patch fixes an actively exploited flaw impacting devices running iOS 15.7.1 or older. Apple credited researchers at Kaspersky for identifying the zero-click exploit used in the attack dubbed Operation Triangulation. This campaign targeted a variety of Apple products, across iOS, macOS, iPadOS and watchOS.
And now a word from our sponsor, AppOmni
With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com.
MikroTik routers vulnerable to total takeover attack
Researchers at VulnCheck published details on a privilege escalation vulnerability in the RouterOS used by MikroTik routers. This allows attackers to obtain a root shell on the router, letting them install arbitrary tools. MikroTik released a patch for the vulnerability and urged owners to apply it quickly. Shodan shows that up to 900,000 vulnerable routers remained online as of July 18th. While the attack requires authenticated access on a router, the researchers note RouterOS ships with an admin account with a default empty string password.
ChatGPT comes to Android
OpenAI published the ChatGPT app in the Google Play Store. It launched on iOS back in May. The Android version comes first to the US, India, Bangladesh, and Brazil, with other markets to follow. After breakneck downloads when it debuted, SensorTower reported the app saw roughly 10% drops in downloads and time spent in June.
Mastodon grappling with CSAM
Researchers at the Stanford Internet Observatory discovered over 600 pieces of known or suspected child sexual abuse material, or CSAM, on the decentralized social network. The researchers collected data over a two day period, but said they discovered the first instances within 5 minutes of searching. They also discovered about 2000 hashtags associated with CSAM. One of the report’s authors, David Thiel, said it saw more hits on known CSAM hashes in this initial research phase than on any other social media analysis. Thiel said Mastodon struggles with CSAM due to its volunteer moderation and rudimentary reporting tools.
(WaPo)
Imperva acquired for $3.6 billion
The French aeronautics and defense multinational Thales Group intends to inquire about the cybersecurity firm Imperva from the private equity firm THomas Bravo. The company said the acquisition price implied a value of 17 times Imperva’s operating earnings forecast for next year. Thoma Bravo took Imperva private back in 2019. The acquisition will bring Thales into the application security market, and give it a larger footprint in the US. Thales expects the deal to close in 2024.
(Reuters)