Podcasts
CyberWire Daily
Ep 2126
The CyberWire Daily Podcast 8.9.24
Ep 2126 | 8.9.24

The 18-year stowaway.

Show Notes
Transcript

Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy.

Today is Friday August 9th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Deep firmware vulnerabilities affect chips from AMD. 

In a story for Wired, Andy Greenberg writes that security researchers from IOActive have discovered a critical vulnerability in AMD processors, called “Sinkclose,” that has existed in AMD chips since 2006. This flaw allows malware to deeply embed itself into a computer’s memory, potentially making it nearly impossible to remove without specialized hardware tools. Sinkclose affects a highly privileged mode of AMD processors known as System Management Mode, which is usually reserved for secure firmware operations. Exploiting this flaw could allow hackers to install undetectable malware, surviving even after reinstalling the operating system. Although exploiting Sinkclose requires prior deep access to a machine, the vulnerability could be particularly dangerous if used by sophisticated attackers. AMD has acknowledged the issue and released some mitigations, but complete fixes are still forthcoming. The researchers emphasize the importance of patching affected systems quickly, as the flaw could significantly compromise the security of millions of devices worldwide.

CISA warns of actively exploited Cisco devices. 

CISA has warned organizations about threat actors exploiting improperly configured Cisco devices, specifically targeting the legacy Cisco Smart Install (SMI) feature. Malicious hackers are acquiring system configuration files, which can lead to network compromises. CISA noted the continued use of weak password types on Cisco devices, making them vulnerable to password cracking attacks. Additionally, Cisco disclosed critical vulnerabilities in their end-of-life Small Business SPA IP phones, which can be remotely exploited but will not receive patches.

Solar inverters are found vulnerable to disruption. 

The global electricity network’s integration with rapidly expanding solar power infrastructure and the Internet of Things (IoT) creates a complex and potentially vulnerable system. Key components, like inverters and controllers, are essential for converting solar-generated power and maintaining grid stability. However, recent research by Bitdefender has uncovered serious vulnerabilities in the Solarman and Deye solar inverter platforms, affecting millions of installations and exposing 195 gigawatts of global solar capacity to cyber threats. These vulnerabilities could allow attackers to hijack solar systems, disrupt electricity generation, and even destabilize entire power grids. Given the critical role of these devices in balancing supply and demand, and the increasing reliance on solar energy, robust cybersecurity measures are essential to safeguard grid stability and national security. 

Iran steps up efforts to interfere with U.S. elections. 

Iran is intensifying efforts to interfere in the 2024 U.S. elections, according to a recent Microsoft report. Iranian hackers are conducting spear-phishing campaigns targeting high-ranking political figures and laying the groundwork for fake news campaigns. Microsoft identified four different hacking groups involved, with one group attempting to breach the accounts of a former presidential candidate and a current campaign official. The influence operations are focused on stirring up controversy, especially in swing states, and have included creating fake news sites targeting both liberal and conservative audiences. These operations appear to follow a pattern of Iran’s later-stage election interference compared to other countries like Russia. Microsoft warns that some groups may escalate to more extreme actions, such as inciting violence, with the goal of undermining election integrity and creating chaos.

The UN passes its first global cybercrime treaty. 

The United Nations has passed its first global cybercrime treaty, initially proposed by Russia, establishing a legal framework for cybercrime and data access. The treaty, adopted unanimously by the UN’s Ad Hoc Committee on Cybercrime, will go to the General Assembly for a vote in the fall, where it is expected to pass. Despite the treaty’s significance, it has faced opposition from human rights organizations and big tech companies due to concerns over provisions allowing cross-border access to electronic evidence and potential misuse of surveillance powers. Critics argue that the treaty lacks strong human rights safeguards, potentially enabling increased surveillance and undermining digital trust. The treaty marks a milestone in global efforts to address cybercrime. 

ADT confirms a data breach. 

American building security company ADT confirmed a data breach after threat actors leaked customer data on a hacking forum. The breach involved unauthorized access to ADT databases, exposing limited customer information, including email addresses, phone numbers, and postal addresses. ADT quickly responded by shutting down the access and launching an investigation with cybersecurity experts. The breach affected a small percentage of ADT’s 6 million customers, but there’s no evidence that home security systems, credit card, or banking information were compromised.

A longstanding browser flaw is finally fixed. 

A longstanding security issue affecting major web browsers—Chromium-based browsers like Chrome and Edge, WebKit browsers like Safari, and Mozilla Firefox—has finally been addressed. The vulnerability, related to the 0.0.0.0 IPv4 address, allowed malicious websites to access local services on macOS and Linux systems. Identified by Oligo Security as the “0.0.0.0 Day” flaw, it had been exploited since the late 2000s. While Chrome and Safari have implemented fixes, Mozilla is still working on a solution. The issue highlights the need for better security mechanisms like Private Network Access (PNA) to prevent external sites from reaching localhost services, a change that browsers are now gradually adopting to close this loophole and enhance cybersecurity.

Crash reports help unlock the truth. 

When a bad software update from CrowdStrike caused global chaos, Windows computers started showing the infamous Blue Screen of Death. As confusion spread, with rumors and misinformation running wild, Mac security researcher Patrick Wardle knew exactly where to find the truth: crash reports from the affected systems.

Wardle, despite not being a Windows expert, was intrigued by the situation and turned to crash reports to uncover the real cause. While others speculated about Microsoft being at fault, Wardle’s deep dive into these reports revealed the true culprit long before CrowdStrike made an official announcement.

At the Black Hat security conference, Wardle shared his findings, arguing that crash reports are an underutilized gold mine for uncovering software vulnerabilities. He presented multiple examples, including bugs in Apple’s macOS and the analysis tool YARA, all discovered by simply examining crash reports.

These reports, available on most operating systems, can provide developers and security professionals with invaluable insights. Wardle emphasized that sophisticated hackers and state-backed actors are likely already mining these reports to exploit potential weaknesses. Even intelligence agencies, like the NSA, reportedly use crash logs to gather information.

Wardle’s message was clear: crash reports hold the truth, and ignoring them is a missed opportunity to strengthen software security.

 

Up next, we are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024.

We’ll be right back

Welcome back

These scammers messed with the wrong guy. 

It all started with a simple, seemingly harmless text: “Your USPS package needs more details. Click here and enter your credit card info.” But when this scam text landed on the phone of Grant Smith’s wife, the scammers unknowingly poked the wrong bear. A seasoned security researcher with a bit of free time after the holidays, Smith wasn’t about to let this slide.

When his wife accidentally entered her details, Smith decided to take matters into his own hands. What followed was a high-tech game of cat and mouse. Smith dove into the depths of the internet, tracking down the culprits—a Chinese-speaking gang known as the “Smishing Triad.” These bad actors were running a massive scam operation, duping people into handing over their credit card info.

But Smith wasn’t just any victim. With the skill set of a cybersecurity pro, he hacked into the scammers’ systems, uncovering their secrets like a detective flipping through a villain’s diary. He found their weak spots—sloppy security, default passwords, and vulnerabilities galore—and exploited them to gather crucial evidence.

With over 438,000 stolen credit cards and 50,000 email addresses in the scammers’ database, Smith had his work cut out for him. But he wasn’t about to let the Smishing Triad get away. He handed everything over to USPS investigators and a major U.S. bank, helping to protect countless victims from fraud.

In the end, the scammers learned a hard lesson: messing with Grant Smith’s family was the biggest mistake they could make.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

Fridays:
Be sure to check out Research Saturday where I am joined by Shachar Menashe, Senior Director of Security Research at JFrog, as he is discussing their research on "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." That’s Research Saturday. Check it out. 

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.