AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/25/2023

Novel Open Source Supply Chain Attacks Target Banking Sector 

Application security provider Checkmarx has identified what it described as the first open source software supply chain attacks targeting the banking sector. In a recent report, Checkmarx researchers analyzed two distinct, sophisticated supply chain attacks relying on open source toolsets. Both attacks’ targets were banks. The first attack started in February 2023, when a threat actor uploaded a package to NPM, the world’s largest software registry. This package contained a payload designed to latch onto a specific login form element on the targeted bank’s web page, stealthily intercepting login data and then transmitting it to a remote location.   

 

North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say 

Security researchers say they have high confidence that North Korean hackers were behind a recent intrusion at enterprise software company JumpCloud because of a mistake the hackers made. Mandiant, which is assisting one of JumpCloud’s affected customers, attributed the breach to hackers working for North Korea’s Reconnaissance General Bureau, or RGB, a hacking unit that targets cryptocurrency companies and steals passwords from executives and security teams. North Korea has long used crypto thefts to fund its sanctioned nuclear weapons program. 

 

Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say 

A recent North Korea-linked hack of a U.S. enterprise software company underscores the continued evolution and streamlining of North Korean cyber operators — and the difficulty of defending against them. On Monday, Google’s Mandiant tied the hack to a group it identifies as UNC4899, which the company says is a cryptocurrency-focused outfit inside North Korea’s Reconnaissance General Bureau. The attackers apparently infiltrated JumpCloud, a cloud-based IT management service company based in Colorado, in an effort to leapfrog into crypto-related companies. 

 

Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web 

Google’s newest proposed web standard is… DRM? Over the weekend the Internet got wind of this proposal for a “Web Environment Integrity API. ” The explainer is authored by four Googlers, including at least one person on Chrome’s “Privacy Sandbox” team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser. The intro to the Web Integrity API starts out: “Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it.” 

 

Data Breach Costs Hit Record High but Fall For Some 

The average global cost of a data breach now stands at a record $4.45m, up a little over 2% year on year (YoY), according to IBMNow in its 18th year, the tech giant’s annual Cost of a Data Breach Report was compiled by the Ponemon Institute from interviews with 553 organizations worldwide. It claimed that the main contributor to additional cost this year was detection and escalation activities, which include forensics and investigations, assessment and audit services, crisis management and communication to executives and boards. These costs surged 42% YoY. Disappointingly, the report noted that breached organizations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%). 

 

Zenbleed attack leaks sensitive data from AMD Zen2 processors 

Google’s security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. The vulnerability is tracked as CVE-2023-20593 and is caused by the improper handling of an instruction called ‘vzeroupper’ during speculative execution, a common performance-enhancing technique used in all modern processors. Ormandy used fuzzing and performance counters to discover specific hardware events and validated his results using an approach called “Oracle Serialization.” 

Related Posts