Innofactor Cybersecurity Studio – Week 42
Innofactor’s Cybersecurity Consultants Janne Nevalainen and Marcus Söderblom discuss the most topical cybersecurity news from all over the globe in our monthly Cybersecurity Studio. This week’s episode covers news from week 42.
- Critical vulnerabilities discovered in October
- China targeted cyber assaults on Taiwan ahead of a political visit
- Intel Alder Lake BIOS Source code leaked
- Microsoft named a Leader in the Gartner® Magic Quadrant™ for SIEM
- Binance-linked blockchain hacked – Up to 100 million USD worth of crypto stolen
- A Chinese YouTube channel was distributing malicious Tor Browser
Patch it up, baby – Critical vulnerabilities discovered in October
There have been a number of critical vulnerabilities as of late, but the following in particular are worth mentioning.
Zimbra collaboration suite vulnerability allows an attacker to get hold of Zimbra server by sending a malicious email attachment, allowing the attacker to run an arbitrary code on the server while bypassing any antivirus checks. Zimbra has released a security fix that replaces the vulnerable component.
An equally severe incident is the Fortinet authentication bypass, a vulnerability where an attacker can bypass the admin interface in FortiOS, FortiProxy, and Fortiswitchmanager. Fortnet has released a patch for this vulnerability.
As with vulnerabilities in general, there are three ways to tackle this issue: patching, patching, patching!
China targeted cyber assaults on Taiwan ahead of a political visit
China started targeting cyberattacks against Taiwan ahead of American politician Nancy Pelosi’s visit to the small island in August. Attacks included hacking attempts as well as disinformation, which was spread on multiple social media platforms, such as Facebook, YouTube, and LINE, an instant messaging app popular in Taiwan.
The motive of the attacks is to hurt the Taiwanese morale, sway the public opinion, and sow distrust of the U.S., which is one of Taiwan’s strongest allies. Similar type of attacks are known to be used by Russia in its invasion of Ukraine.
Intel Alder Lake BIOS Source code leaked
Cybersecurity researchers are concerned about a source code leak for the UEFI BIOS of Alder Lake CPU, which has been confirmed by Intel.
Intel has downplayed the leak by stating that the most sensitive data has been scrubbed from the source code before it was released to external partners. However, the leak is very severe: once the source code is publicly available, the adversaries can verify it and come up with attacks using very low-level attack types.
Intel is now reaching out to both customers and the security research community to keep them informed of the situation.
Microsoft named a Leader in the Gartner® Magic Quadrant™ for SIEM
Microsoft was named a Leader in the 2022 Gartner® Magic QuadrantTM for Security Information and Event Management (SIEM) and is positioned highest on the measure of Ability to Execute axis.
Microsoft’s SIEM solution is called Microsoft Sentinel, which collects security data from an entire organization. The cloud-native Sentinel includes user and entity behavior analytics (UEBA) and security orchestration, automation, and response (SOAR) capabilities.
To learn more about modern Security Monitoring solutions and key concepts, we strongly recommend signing up for our upcoming webinar on November 24.
Binance-linked blockchain hacked – Up to 100 million USD worth of crypto stolen
In early October, hackers managed to steal about 100 million dollars’ worth of crypto from Binance, the world's largest crypto exchange. The attack is the latest in a series of hacks to hit the crypto sector this year.
The attack did not hit Binance’s service itself, i.e., customer assets were not impacted. Instead, the attack happened in a so called a blockchain "bridge" used in the BNB Chain, where the actual crypto trades happen. The value of the threatened crypto was significantly higher than what the attackers actually stole, but Binance was able to freeze most of the tokens, thus limiting the damages.
These types of attacks have been on the rise during 2022, and hackers are intentionally targeting the blockchain bridges. According to estimations, up to two billion dollars has been lost in crypto currency in 13 different attacks this year.
A Chinese YouTube channel was distributing malicious Tor Browser
A popular Chinese-language YouTube channel with 181,000 subscribers was revealed to be distributing a trojanized version of a Windows installer for the Tor Browser. All of the victims are located in China, but the scale of the attack remains unclear for now.
The malicious version of the Tor Browser installer was distributed via a link present in the video description. As the actual Tor Browser website is blocked in China, the trick was to lure people on YouTube searching for Tor Browser solutions into downloading the rogue variant. The link redirected to an executable that, once installed, collects various personal data, and sends it to a command-and-control server.
The lesson to be learned here? Whenever searching for a particular solution on the Internet – particularly anything as sensitive as a Tor Browser – always rely on the original source instead of a 3rd party, such as YouTube.
The full episode of Cybersecurity Studio – Week 42 is available here.