AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/12/2022

Undersea Cable Connecting Norway With Arctic Satellite Station Has Been Mysteriously Severed

An undersea fiberoptic cable located between mainland Norway and the Svalbard archipelago in the Arctic Ocean has been put out of action in a still-mysterious incident. The outage on the subsea communications cable — the furthest north of its kind anywhere in the world — follows an incident last year in which different cables linking an undersea surveillance network off the Norwegian coast were severed, a story that we covered in detail at the time. The latest disruption involves one of two fiberoptic cables that enable communications between the Norwegian mainland and Norwegian-administered Svalbard that lies between the mainland and the North Pole. The outage occurred on the morning of January 7, but was first widely reported yesterday. The extent of the damage is not clear from the official press release from Space Norway, the country’s space agency, which maintains the cables primarily in support of the Svalbard Satellite Station (SvalSat), but it is significant enough that it is expected to require the services of an ocean-going cable-laying vessel.

 

Raspberry Pi Detects Malware Using Electromagnetic Waves

A team of researchers from the Research Institute of Computer Science and Random Systems (IRISA) has developed a malware detection system using a Raspberry Pi that scans devices for specific electromagnetic (EM) waves. The group consists of Annelie Heuser, Matthieu Mastio, Duy-Phuc Pham, and Damien Marion. Because the Pi focuses on the EM field, users don’t need to install anything on the target device. Instead, everything is handled via physical, external forces and is outside any software-level control potential malware has on a given machine. The Raspberry Pi is trained with both safe and malicious data sets to help define the parameters of a potential threat. In addition, the Pi features an oscilloscope (Picoscope 6407) and an H-Field probe to detect EM field changes.

 

Microsoft: New critical Windows HTTP vulnerability is wormable

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. The bug, tracked as CVE-2022-21907 and patched during this month’s Patch Tuesday, was discovered in the HTTP Protocol Stack (HTTP.sys) used as a protocol listener for processing HTTP requests by the Windows Internet Information Services (IIS) web server. Successful exploitation requires threat actors to send maliciously crafted packets to targeted Windows servers, which use the vulnerable HTTP Protocol Stack for processing packets.

 

Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of popular end-user routers are at risk of remote code execution (RCE) due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables remote devices to connect to routers over IP and access any USB devices (such as printers, speakers, webcams, flash drives and other peripherals) that are plugged into them. This is made possible using the proprietary NetUSB protocol and a Linux kernel driver that launches a server, which makes the USB devices available via the network. For remote users, it’s as if the USB devices are physically plugged into their local systems. According to a Tuesday writeup from SentinelOne vulnerability researcher Max Van Amerongen, attackers could remotely exploit the vulnerability to execute code in the kernel via a pre-authentication buffer overflow security vulnerability, allowing device takeover.

 

Hotel chain switches to Chrome OS to recover from ransomware attack

A Scandinavian hotel chain that fell victim to a ransomware attack last month said it took a novel approach to recover from the incident by switching all affected systems to Chrome OS. Nordic Choice Hotels, which operates 200 hotels across Northern Europe, fell victim to a ransomware attack on December 2, when hackers encrypted some of its internal systems using the Conti ransomware strain. The attack prevented staff from accessing guest reservation data and from issuing key cards to newly arriving guests, as one of the hotel’s guests told The Record in an interview last month.

 

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks. “Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” the agencies said.

Related Posts