Cyber security news August 2021

This posting is here to collect cyber security news in August 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

308 Comments

  1. Tomi Engdahl says:

    T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks
    https://www.securityweek.com/t-mobile-hack-involved-exposed-router-specialized-tools-and-brute-force-attacks

    American Living in Turkey Takes Credit for T-Mobile Hack

    T-Mobile’s CEO and an individual who claims to be behind the recent hacking of the mobile carrier’s systems have shared some information about how the attack was carried out.

    In a statement issued on Friday, Mike Sievert, CEO of T-Mobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to the criminal investigation conducted by law enforcement. He did, however, share a high-level summary of the attack.

    “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” he said. “In short, this individual’s intent was to break in and steal data, and they succeeded.”

    Reply
  2. Tomi Engdahl says:

    Exploitation of Flaws in Delta Energy Management System Could Have ‘Dire Consequences’
    https://www.securityweek.com/exploitation-flaws-delta-energy-management-system-could-have-dire-consequences

    An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws.

    The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.

    The security holes were reported to the vendor, through CISA, in April, but they have yet to be patched. CISA says patches are expected to become available on September 15. In the meantime, organizations using the affected product have been advised to implement mitigations to reduce the risk of exploitation.

    DIAEnergie vulnerabilitiesHeinzl told SecurityWeek that the eight DIAEnergie vulnerabilities disclosed last week are just some of the issues he reported to the vendor. The remaining flaws will be disclosed at a later date.

    https://awesec.com/advisories.html

    Reply
  3. Tomi Engdahl says:

    CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability
    https://www.securityweek.com/cisa-microsoft-issue-guidance-recent-azure-cosmos-db-vulnerability

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible.

    Referred to as ChaosDB, the security hole was publicly disclosed last week by researchers with the cloud security firm Wiz. Microsoft had been notified of the issue roughly one week before, and immediately took the necessary steps to address it.

    Residing in the Jupyter Notebook feature of Cosmos DB, the bug could have been exploited to obtain valid credentials that would have allowed for the takeover of Cosmos DB accounts, with full administrative rights.

    Reply
  4. Tomi Engdahl says:

    Apple NeuralHash algorithm collision demo (easily generate pictures that are falsely detected as child porn)

    https://news.ycombinator.com/item?id=28305394

    Reply
  5. Tomi Engdahl says:

    https://hackaday.com/2021/08/27/this-week-in-security-through-the-mouse-hole-zoom-rce-and-defeating-defender/

    Researchers from Sector 7, part of Computest, pulled off an impressive hack at Pwn2Own, achieving an RCE via the Zoom client. The caveat is that the attacker has to be accepted as a contact, either manually, or through being in the same organization. The central vulnerability is CVE-2021-30480, a heap buffer overflow

    Citizen Lab has released an outside review of Amnesty International’s work on the NSO Group’s Pegasus Spyware program.

    Long-term Windows Defender Bypass

    The research group, APTortellini has published their guide to defeating Windows Defender. A few commenters on this particular write-up scoffed at the first step, elevating to SYSTEM. You might even wonder, what’s the point if you’ve already compromised a machine to the point of being root? Getting SYSTEM access is only the beginning for an actual malicious campaign. This research is all about how to nullify Windows Defender without actually disabling it.

    The first thing to know is that modern Windows systems have adopted quite a few elements from Unix, with the Windows legacy stuff bolted on top. To make that point clear, note that a Windows 10 C: drive is actually located at \Device\HarddiskVolumeX, with a series of symbolic links to make the C: notation work. One of those links is \SystemRoot, which by default points to \Device\BootDevice\Windows. Even for SYSTEM, that link can’t be modified, but it can be deleted and recreated. That particular path happens to be part of where Windows Defender looks to load its back-end driver, WdFilter.sys.

    Reply
  6. Tomi Engdahl says:

    https://www.forbes.com/sites/thomasbrewster/2021/08/31/google-dragnets-on-phone-data-across-13-kenosha-protest-arsons/
    Jennifer Lynch, a lawyer at the Electronic Frontier Foundation (EFF), tweeted that hundreds of lawful protesters likely had their Google phone data handed to federal investigators as a result of the Kenosha investigations.

    Reply
  7. Tomi Engdahl says:

    Unprecedented surveillance bill rushed through parliament in 24 hours.
    https://tutanota.com/blog/posts/australia-surveillance-bill/

    Australian police can now hack your device, collect or delete your data, take over your social media accounts – all without a judge’s warrant.

    The Australian government has been moving towards a surveillance state for some years already. Now they are putting the nail in the coffin with an unprecedented surveillance bill that allows the police to hack your device, collect or delete your data, and take over your social media accounts; without sufficient safeguards to prevent abuse of these new powers.

    Reply
  8. Tomi Engdahl says:

    T-Mobile customers are left feeling frustrated as hacker comes forward, calling the company’s security ‘awful’
    https://www.businessinsider.com/t-mobile-customers-frustrated-hacker-says-security-is-awful-2021-8

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*