The CyberWire Daily Podcast 9.27.24
Ep 2160 | 9.27.24

Darknet dollars exposed.

Transcript

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know.

Today is Friday September 27th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. 

On Thursday, the U.S. government and Dutch authorities took coordinated action against several Russian cryptocurrency exchanges and individuals accused of laundering cybercrime proceeds. The U.S. Treasury sanctioned the exchange Cryptex and Russian national Sergey Sergeevich Ivanov, who is also allegedly involved with PM2BTC, a virtual currency exchange labeled a “primary money laundering concern” by the Treasury’s Financial Crimes Enforcement Network (FinCEN).

Authorities seized websites and infrastructure tied to Cryptex, PM2BTC, and UAPS, another payment processor linked to Ivanov. Cryptex allegedly handled over $51 million from ransomware operations, while PM2BTC’s transactions were heavily tied to criminal activity, including over $600,000 linked to darknet markets. Ivanov is accused of laundering hundreds of millions in virtual currency for ransomware operators and darknet vendors over the past 20 years.

The U.S. Department of State announced a reward of up to $10 million for information leading to the arrest of Ivanov and another Russian national, Timur Shakhmametov, the alleged creator of Joker’s Stash, a major online marketplace for stolen data that was shut down in 2021.

These sanctions are part of ongoing efforts to disrupt Russian cybercriminals, who often operate freely within Russia. However, it remains uncertain whether these measures will effectively cut off such criminals from the global financial system.

The real-world risk of a recently revealed Linux vulnerability appears low. 

On September 23, researcher Simone Margaritelli teased a serious vulnerability affecting all GNU/Linux systems—a remote code execution flaw with a hefty CVSS score of 9.9. The flaw, tied to the Common UNIX Printing System (CUPS), gained attention for its potential impact. Shortly after, technical details were leaked online, forcing Margaritelli to disclose the vulnerability along with a proof-of-concept exploit.

Four related CUPS vulnerabilities were revealed, allowing attackers to execute arbitrary code by hijacking print jobs via malicious URLs. However, while the vulnerabilities seemed critical at first, further analysis revealed significant mitigating factors. The affected CUPS services aren’t vulnerable by default, and an attacker needs specific access to exploit them.

Though Shodan shows 75,000 exposed CUPS daemons online, real-world exploitability appears low, especially in server environments. Still, patches are pending, and users are advised to mitigate by disabling vulnerable services. So, it’s concerning, but not quite the next Heartbleed or EternalBlue.

Criminal Charges Loom in the Iranian Hack of the Trump Campaign.

Federal law enforcement officials are set to announce criminal charges related to an alleged Iranian hack of emails from members of former President Trump’s campaign, according to sources speaking to ABC News. The hackers reportedly accessed internal documents, including materials used to vet potential running mates for Trump. The stolen data was allegedly shared with individuals connected to the Biden campaign. The Trump campaign, as victims, has been informed of the upcoming charges, following standard Department of Justice procedures.

Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. 

Meta has been fined €91 million ($101 million) by the Irish Data Protection Commission (DPC) for storing hundreds of millions of user passwords in plaintext, a violation of the EU’s General Data Protection Regulation (GDPR). Meta first discovered the issue in 2019 and claimed that only internal employees had access to the unencrypted passwords, with no evidence of misuse. However, after a five-year investigation, the DPC found Meta failed to implement proper security measures and did not promptly notify authorities. Meta’s failure to protect users’ passwords was deemed a breach of GDPR, which mandates robust safeguards for sensitive data. The DPC’s decision was supported by other EU regulators, though the full reasoning behind the fine has not yet been made public.

Delaware’s public libraries grapple with the aftermath of a ransomware attack. 

Delaware’s public libraries are grappling with the aftermath of a ransomware attack that began on September 20, disrupting services statewide. The breach has caused internet outages and forced some libraries to temporarily close, with others, like Wilmington Public Library, keeping their doors open but closing their computer labs. The Delaware Department of State confirmed ransomware as the cause, but the investigation is ongoing. The RansomHub hacker group has claimed responsibility, allegedly exfiltrating 56 GB of data. No ransom details have been confirmed. The attack is particularly hard on vulnerable individuals, like those experiencing homelessness, who rely on library internet access. Delaware joins Washington State and Colorado in facing similar cyberattacks this year, underscoring the growing threat to public institutions.

Tor merges with Tails. 

The Tor Project has merged with the security-focused Tails operating system, a move aimed at enhancing privacy and security protections for high-risk users such as journalists and activists. After nearly a decade of collaboration, the merger allows Tails to benefit from Tor’s larger operational framework, addressing challenges like HR and fundraising. This partnership will enable Tails to focus on its core mission of improving its OS while expanding its use cases. The merger also increases visibility for Tails among Tor’s user base.

The Tor Project is a nonprofit organization that develops and maintains Tor (The Onion Router), a free and open-source software designed to help people achieve online privacy and anonymity. 

Progress Software urges customers to patch multiple vulnerabilities.

Progress Software has urged customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool. Although the company released an update on September 20 to address these issues, it has not provided specific details about the flaws. Six vulnerabilities, reported by security researchers, impact prior versions. Customers are advised to upgrade immediately to avoid exploitation. Attackers have already been exploiting two WhatsUp Gold SQL injection vulnerabilities since August, potentially leading to remote code execution, according to security reports.

A critical vulnerability in VLC media player has been discovered. 

A critical vulnerability in VLC media player has been discovered, allowing attackers to execute malicious code via a specially crafted MMS stream. The flaw, caused by an integer overflow leading to a heap-based overflow, could result in VLC crashing or potentially executing arbitrary code with the user’s privileges. The VLC team has fixed the issue in the most recent version, and users are strongly urged to update immediately to safeguard against potential attacks. To stay protected, users should avoid opening MMS streams from untrusted sources and disable VLC browser plugins until the update is applied. Andreas Fobian of Mantodea Security GmbH reported the vulnerability.

 

Next up, my conversation with GuidePoint Security’s Mark Lance talking about their work on "Hazard Ransomware – A Successful Broken Encryptor Story." We’ll be right back

Welcome back. You can find a link to Guidepoint’s blog in our show notes. 

Having the wisdom to admit you just don’t know. 

My dearly departed father-in law was a gifted, respected research chemist at the FDA. He was a kind, intelligent man with a hearty laugh and a quick wit. He also suffered from something my wife and I came to call Male Answer Syndrome. People suffering from this condition - and they are usually men - feel compelled to confidently answer any and every question put to them, whether they have any idea what they are talking about or not. Sufferers of Male Answer Syndrome seem to be physically incapable of uttering those three simple words, “I don’t know.”

Which brings me to a recent study that has found that larger, more advanced AI chatbots are great at giving correct answers—but also more prone to confidently spewing nonsense. Researchers at the Valencian Research Institute for Artificial Intelligence in Spain discovered that as chatbots like GPT and LLaMA grow in size and capability, they’re less likely to admit they don’t know something and more likely to guess—and guess wrong. The study also showed people often fail to recognize these bad answers, with many users mistaking them for accurate responses. The takeaway? While AI models are getting smarter, they’re also getting better at, well, “BSing” their way through tough questions. Developers are now urged to encourage these models to avoid answering tricky questions outright to reduce errors and help users better judge their reliability. In short, sometimes it’s better for a chatbot to just say, “I don’t know!”

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.