Moovit bug, Black Hat’s NOC, DDoS origins
Moovit bug allowed for free rides
Security researchers with SafeBreach disclosed a bug in the popular Intel-owned transformation app Moovit. Using a chain of exploits, the researchers could collect new user registration data globally, including addresses, emails, and phone numbers, as well as partial credit card numbers. The researchers could also fully take over accounts without disrupting them, allowing them to order transportation services. Moovit subsequently patched the issues, saying it found no evidence of malicious use.?
(TechCrunch )
A look at Black Hat’s network operations center
The Register’s Iain Thomson looked at the peculiarities of running a NOC during the Black Hat conference. While attacks do occur, the volunteer staff say it operates very differently than a typical organization. Outside of the registration network, Black Hat doesn’t have other assets to protect. They also cited their Wi-Fi network as a way to potentially increase security with attendees. Staff cited attendees coming with malware-infected laptops or sending unencrypted data at the event. In both cases, staff contact the attendee and can help fix the issue. The staff builds the network from scratch each event, with a free hand in equipment loans from vendors.
(The Register )
Business and gaming disputes lead to DDoS attacks
At Black Hat presentation, staff from the FBI’s cyber and IP crimes Section division in the U.S. Justice Department said that most DDoS attacks arise from petty disputes, primarily to get a competitive advantage in gaming. Part of the reason why DDoS attacks see a spike in December comes from minors coming home from school and increased gaming time. Another common cause comes from businesses looking to disrupt a competitor. Many DDoS-as-a-service providers start pricing at about $20 for 1000 seconds of an attack on a target. While DDoS from nation-state affiliated actors rose through the last two years, these still represent a small percentage of the overall number of attacks.?
(The Record )
China claims it will disclose US “global reconnaissance system”
The Chinese state newspaper The Global Times reported that Chinese authorities will disclose evidence of US military intelligence agencies targeting civilian infrastructure, particularly targeting seismological data. This comes from a joint investigation by China’s National Computer Virus Emergency Response Center and the security firm Qihoo 360. Officials claim this activity disrupted seismographic monitoring capabilities, but it’s unclear if this indicates use of malware. As the Record’s Alexander Martin points out, while overwhelming evidence shows China engages with cyber espionage as part of its statecraft, it does not publicly avow its agencies, unlike the US.??
(The Record )
领英推荐
Thanks to our sponsor, Veza
AI detection algorithms show ESL false positives
Researchers at Stanford University published a paper showing that algorithms used to detect AI generated content in academic papers showed significant false positives with non-native English speakers. While native English speakers were incorrectly flagged 5.1% of the time as AI-written, non-nativ e speakers saw misclassification 61.3% of the time when tested across a variety of algorithms. In 20% of cases, all the AI detection algorithms unanimously classified this text as AI-written. This can occur in algorithms that use indexes of complexity and large vocabularies as indicators of human origins. OpenAI, Quill.org, and CommonLit shut down AI detectors earlier this year, citing unreliability.??
(The Markup )
DOJ seizes NetWalker servers
The US Department of Justice seized the domain LolekHosted.net, a site connected to an extensive crimeware-as-a-service operation. The domain facilitated ransomware, brute force attacks, and phishing domains. One of the domain’s clients also included the NetWalker ransomware group. The DOJ also brought charges against a Polish national allegedly operating the domain, Artur Karol Grabowski.??
macOS defense bypass proves “trivially” easy
With macOS Ventura, Apple introduced Background Task Manager, a security feature meant to look for software persistent that could indicate malware. At Defcon, security researcher Patrick Wardle chided the “poorly” implemented feature, showing three bypasses to disable notifications of persistence. One required root access. Another exploited a kernel bug, and the third used MacOS’ process sleep function to silence the notifications. Wardle disclosed several bugs in the system to Apple previously, but released these three at the conference without prior disclosure. Wardle’s non-profit Objective-See offers a similar persistence event notification tool called BlockBlock years prior to Apples.?
(Wired )
UK voter registration site is not a scam
Over the past month, councils across England and Wales began sending out mailers asking property occupants to update voter records. This mailer includes a 2-part security code that needs to be entered as authentication on a government site. The problem? The URL for updating the records sits at HouseholdResponse.com, a site largely unfamiliar to voters and not attached to .gov domain. Many citizens complain that the site and whole process looks like a spam campaign, with some councils even sending out separate notices to attest to its legitimacy. Voters can face a fine of up to £1,000 for failure to respond.?