China leads zero-days, HinataBot DDoS attacks, screenshot vulnerability
China led zero-days in 2022
Mandiant released a report on the use of zero-days in 2022. It found that use of zero-days significantly decreased on the year, down 32% from 2021 to 55. Financially motivated threat actors used 75% of all zero-days in the report. State-based actors continue to use zero-days more frequently. China-affiliated actors exploited 7 zero-days in the year, Russian and North Korea-affiliated groups each used two, respectively. Of these zero-days, state-backed actors seemed focused on routers, firewalls, and other edge network devices.?
HinataBot focuses on DDoS attacks
Researchers at Akamai published new details on the HinataBot botnet, active since December 2022. Early this year it began developing its own malware, written in Go.This marks a continuing trend with malware, as Go allows for it to be cross-complied for different architectures. The botnet appears to target weak credentials and old remote code execution vulnerabilities, with Akamai finding it targeted some almost a decade old. In operation it’s executing an old playbook, using infected devices to launch DDoS attacks. Akamai researches said they didn’t observe any specific targets for exploitation yet.??
(SC Media)
Vulnerability lets you uncrop screenshots
Both Android and iOS offer similar Markup utilities, letting you crop and annotate images, often used with screenshots. Developer Simon Aarons reported a vulnerability of this Markup tool on Google Pixel devices back in January, which could allow for uncropping these images. The error came because Markup does not erase the original file before saving the new one. If the new file is smaller, the trailing portion of the original file is left behind, which means it can still be accessed. The bug report notes many social media services re-process uploaded images so that extra data isn’t accessible. Google fixed the issue in its March security patch.?
Text-to-video gets closer to reality
The use of generative AI to create media has iterated?rapidly over the last few years. Deepfake video technology brough concerns about how it could be used for misinformation. Then we saw the release of the first generation of text-to-image engines, followed by the glut of AI chatbots in the wake of ChatGPT. Now the startup Runway wants to take the next logical step. It opened up a waitlist for its new generative text-to-video model. The company also makes AI-enhanced video editing tools. It’s Gen-1 model already can take existing video footage and use text prompts to transform it. Now it’s Gen-2 model proposes to create video clips from just text inputs. Current samples from Runway are only a few seconds long, with an animated GIF quality to them, but do seem accurate from their prompts.?
领英推荐
And now a word from our sponsor, Conveyor
Punjab internet outage goes on for three days
The Indian government initially blocked internet access in the state of Punjab on March 18th. It said the block would last for 24-hours as authorities looked to arrest the leader of the separatist Khalistan movement. The government subsequently expanded the ban the following two days, now persisting into March 21st. Police justified the shutdown as needed to stop the spread of “fake news” and maintain order. Punjab police say 112 people have been arrested following protests around the separatist movement. This outage impacts roughly 27 million people in the region. Access Now reports India imposed 84 internet blackouts in 2022, leading all nations for the fifth consecutive year.?
(CNN)
BBC issues TikTok security advisory
We’ve seen bans on TikTok on government devices across several countries in recent weeks. Journalists also began getting in on the action. While not an all-out ban, the BBC issued an advisory to staff, strongly recommending removing TikTok from corporate phones. It cited privacy and security fears. The BBC will continue using it for marketing purposes.?
Not to be left out of the government banning trend, Russia’s Kommersant newspaper reported the Kremlin informed officials to stop using Apple iPhones ahead of its 2024 presidential election. Officials have until April 1st to comply, with one quoted official saying “either throw it away or give it to the children.”????
Banking trojan hits Latin America
Security researchers at Metabase Q reported on multiple campaigns using a banking trojan called Mispandu, underway since August 2022. The trojan itself isn’t new, first spotted by ESET in 2019, able to be used for credential theft, acting as a backdoor and keylogger. The researchers found it used in campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal. The strategy in these campaigns involves compromising legitimate WordPress sites to serve as C2 servers. The campaigns use malicious emails with supposed invoice attachments as an initial attack vector. The researchers estimate Mispandu harvested over 90,000 bank credentials in these attacks.
UK ransomware incidents up 17%
That finding came from a new report from Jumpsec. Notably the UK saw this increase even as it reported a global decline in ransomware incidents in 2022. This appears largely fueled from activity by the newly resurgent LockBit ransomware group, which accounted for over 30% of all UK ransomware incidents in the year. However, Jumpsec found the Karakurt group focused more on high-value organizations in the year, while Vice Society focused on its education sector, the most targeted UK sector in the year.?