AR vs. VR, Hacking Mazdas, Risqué Latte Art, Crypto Wormholes, & Carding Forum Seized – PSW #727

"Microsoft said the decision to block VBA macros by default only affects Access, Excel, PowerPoint, Visio, and Word on Windows. Documents that contain VBA macros that have been created and obtained from inside an organization’s trusted network will still be allowed to execute."

So many talents, money laundering and: "She also apparently has something of a music career. Going by the rap moniker “Razzlekhan,” or RZK, Morgan is a verified artist on Spotify, where she describes herself as creating “sexy horror-comedy raps with an authentically awkward twang."

Russians are no joke: "Security researcher Soufiane Tahiri also discovered that the source code for the sky-fraud.ru seizure notice includes a hidden message for other Russian hackers, saying "??? ?? ??? ??????????" Translated into English, this warning says, "WHICH OF YOU IS NEXT?""

"More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly"

"A proof-of-concept published by Russian security vendor Positive Technologies comes with detailed instructions on how to unlock processors to gain access." and "It does this by exploiting a bug in the CPU that Intel has released an advisory on, and then unlocking the CPU to see the chip's internals through an interface known as JTAG. Developed by the Joint Testing Action Group, JTAG is a chip-level interface." - Github repo: https://github.com/ptresearch/IntelTXE-PoC

"In our lab environment, Nmap has been configured to send probes to an individual IP address from an unauthenticated client. The results, albeit constrained to a specific scan type, return a plethora of information that can aid an attacker in building a profile about a discovered host. "

Which tool/technique is your favorite?

"Future malicious actors may figure out how to make their presences undetectable. From there, they could invisibly join meetings and listen in on business conversations. State actors and spy agencies, as well as industrial espionage actors, may devote enormous resources to figuring this out."

Easy to exploit (Reference: https://securityaffairs.co/wordpress/127377/hacking/cve-2022-21882-win-local-privilege-elevation.html)

Investigators say they believe that a Jan. 20, 2022, breach of Rupert Murdoch's News Corp, which resulted in the theft of data belonging to journalists working for variety of news outlets, was linked to China.

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred to another blockchain.

The US Department of Homeland Security has named a 15-member Cyber Safety Review Board (CSRB) to assess significant cybersecurity events and recommend improvements - starting with the Log4J vulnerability.

The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software. Just in time for tax season, Intuit is warning customers of a phishing campaign that threatens to close user accounts if they don’t click on a malicious link.

Security researchers at Apiiro have discovered a significant software supply chain zero-day vulnerability in the popular open-source continuous delivery platform, Argo CD. Argo CD is a tool that reads environment configurations (written as a helm chart, kustomize files, jsonnet or plain YAML files) from git repositories and applies it Kubernetes namespaces. The platform can manage the execution and monitoring of application deployment post-integration. The flaw (CVE-2022-24348) lets attackers access and exfiltrate sensitive information such as passwords and API keys. There is no workaround other than update to the fixed version

Russia arrested six people, allegedly part of a hacking group involved in the theft and selling of stolen credit cards. This marks the third arrest of cyber criminals by Russian authorities in 2022, following the reported arrests of actors associated with the REvil ransomware gang and Andrey Sergeevich Novak, the alleged administrator of the UniCC card shop and leader of the Infraud Organization. The recent law enforcement pressure on Russian cyber criminals could disincentivize threat actors from engaging in payment card theft and carding activities, resulting in a continued decrease in observed activity.

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware. Advisory: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a