This week’s Cyber Security Headlines – Week in Review, August 9-13, 2021, is hosted by Rich Stroffolino with our guest, Ben Sapiro, CISO, Canada Life
Cyber Security Headlines – Week in Review is live every Friday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.
Actively exploited bug bypasses authentication on millions of routers
A critical authentication bypass vulnerability is impacting home routers with Arcadyan firmware that will allow for deployment of Mirai botnet malicious payloads. Tracked as CVE-2021-20090 with a rating of rated 9.9/10, this poses threats to millions of routers from or connected to Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus. The security flaw was discovered by Tenable, which published a security advisory on April 26 and added proof of concept exploit code on Tuesday, August 3. Most disturbing, Tenable says is that the vulnerability has existed in the supply chain for at least 10 years.
Password of three random words better than complex variation, experts say
The National Cyber Security Centre (NCSC), part of the UK’s Government Communications Headquarters said a three-word system creates passwords that are easy to remember, and creates unusual combinations of letters, enough to keep online accounts secure from cybercriminals. “Traditional password advice telling us to remember multiple complex passwords is simply daft,” the NCSC’s technical director, Dr Ian Levy, said on the center’s website, conceding also that using three random words was not 100% safe, since people might use predictable word combinations. He suggested a major advantage of the system was its usability “because security that’s not usable doesn’t work.”
New Amazon DNS attack method allows for nation-state level spying
The attack method was identified by researchers at Wiz while conducting an analysis of Amazon Route 53, a cloud DNS web service offered to AWS users. The findings were presented this week at the Black Hat cybersecurity conference in Las Vegas. In short, Wiz researchers discovered that registering a domain with a name such as ns-852.awsdns-42.net. and adding it in Route 53 to the DNS server with the same name gave them insight into DNS traffic from more than 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 government agencies from other countries. The intercepted data included internal and external IP addresses, computer names, user names, and office locations. The researchers equate this to nation-state level spying capability. The issue is related to an algorithm used by Windows devices to find and update the master DNS server when IP addresses change.
(Wiz.io)
Now we need to worry about power LEDs
The mad scientists/security researchers at Ben-Gurion University’s Cyber@BGU team published details about a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs back into the audio signals that caused those fluctuations. These fluctuations are not perceptible to the human eye, but can be read by a photodiode coupled to a simple optical telescope, then run through a Analog/Digital Converter for direct playback. Because this is completely passive, it would not be picked up by any electronic countermeasure sweep.
Thanks to our episode sponsor, Sotero
Notorious darknet market comes back to life
The AlphaBay darkweb market has resurfaced. It was the largest darknet market before being shut down by law enforcement in July, 2017. One of its administrators, named DeSnake announced on a dark web forum that the AlphaBay is now open for business and claims the platform is built to last with secure audited code, hardened servers, and safeguards against disruptions caused by hardware failure, police raids, or seizures. A list of items prohibited from sale on AlphaBay includes firearms, ransomware, pornography, doxing, and Covid-19 vaccinations and long-term plans for creating a platform allowing anyone to set up a darknet markets with a strong focus on anonymity.
US Senate sends infrastructure bill to House
The U.S. Senate passed its bipartisan infrastructure bill to the House of Representatives Tuesday after a 69-30 vote. The bill dedicates $1 trillion to infrastructure improvements over the next 10 years, but drew controversy from the crypto community due to a “pay-for” that anticipates raising $28 billion from a broadened crypto tax provision. The provision expands the definition of a “broker,” leading to concerns that the IRS might seek to impose broker information reporting requirements on non-broker entities such as miners.
(Coindesk)
Poly Network hacker has a change of heart
Yesterday we reported on the hack of the decentralized finance platform Poly Network, which saw over $600 million worth of crypto assets stolen. The attacker seems to have had a change of heart and is in the process of returning the stolen tokens. The Block reports at least $254 million worth of assets has been returned. Why the change of heart? Well the security researchers at Slowmist reportedly were able to trace the culprit’s email, an IP address and the Chinese cryptocurrency exchange used to move the assets. The attacker indicated in crypto transaction with the refunds that “[t]he hacker is ready to surrender.”
(Engadget)
PrintNightmare finally patched for good
The PrintNightmare saga appears to be at an end. The vulnerability was accidentally disclosed too early by security researchers, then Microsoft issued an emergency patch that was quickly found to be incomplete. Now Microsoft released an update for Windows 10 that requires people to have administrative privileges to install printer drivers with the Point and Print feature as a further fix for the PrintNightmare vulnerability. According to Microsoft “the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.”