AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/12/2022

Samsung Galaxy S22 gets hacked in 55 seconds at Pwn2Own Toronto

On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. Security researchers representing penetration test provider Pentest Limited pulled this off after demoing a zero-day bug part of a successful Improper Input Validation attack against Samsung’s flagship device on Thursday. This earned them $25,000, 50% of the total cash award, as this was the fourth (and last) time the Galaxy S22 was hacked during the Pwn2Own Toronto 2022 contest.

Truebot Malware Activity Increases With Possible Evil Corp Connections

Threat group Silence has been spotted infecting an increasing number of devices using Truebot malware. The findings come from Cisco Talos researchers, who have also suggested a connection between Silence and the infamous hacking group Evil Corp (tracked by Cisco as TA505). According to an advisory published on Thursday, the campaigns observed by the firm have resulted in the creation of two botnets: one with infections distributed worldwide (particularly in Mexico and Brazil) and a more recent one focused on the US. “While we don’t have enough information to say that there is a specific focus on a sector, we noticed a number of compromised education sector organizations,” reads the advisory. Cisco Talos threat researcher Tiago Pereira believes Truebot to be a precursor to other threats that are known to have been responsible for attacks leading to high losses.  “Readers should consider this as an initial stage of what can be a serious attack, and keep in mind that the attackers demonstrate agility in incorporating new delivery vectors,” Pereira said.

Now you can go password-free in Chrome with passkeys

Passkeys are now available to use in Chrome. Google added the passwordless secure login standard this week to Chrome Stable M108 after going through a testing period that started in October. The feature now works using Chrome on both desktop and mobile running Windows 11, macOS, and Android. Google also lets you sync passkeys from Android to other devices through either the company’s own password manager or a third-party one that supports it, like 1Password or Dashlane.

Clop ransomware uses TrueBot malware for access to networks

Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. The Silence group is known for its big heists against financial institutions, and has begun to shift from phishing as an initial compromise vector. The threat actor is also using a new custom data exfiltration tool called Teleport. Analysis of Silence’s attacks over the past months revealed that the gang delivered Clop ransomware typically deployed by TA505 hackers, which are associated with the FIN11 group.

Air-gapped PCs vulnerable to data theft via power supply radiation

A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems, which are isolated from the internet, over a distance of at least two meters (6.5 ft), where it’s captured by a receiver. The information emanating from the isolated device could be picked up by a nearby smartphone or laptop, even if a wall separates the two. The COVID-bit attack was developed by Ben-Gurion University researcher Mordechai Guri, who has designed multiple methods to steal sensitive data from air-gapped systems stealthily. Prior work includes the “ETHERLED” and “SATAn” attacks.

Related Posts