CyberWire Daily - From secure to clone-tastic.
Episode Date: September 4, 2024Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsuppo...rted vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC) Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens) Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine) CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop) How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Researchers find YubiKeys vulnerable to cloning.
Google warns of a serious zero-day Android vulnerability.
Zyzel releases patches for multiple vulnerabilities.
D-Link urges customers to retire unsupported vulnerable routers.
Hackers linked to Russia and Belarus target Latvian websites.
The FTC reports a sharp rise in Bitcoin ATM-related scams.
The FTC reports a sharp rise in Bitcoin ATM-related scams.
Dutch authorities fine Clearview AI over 30 million euros over GDPR violations.
Threat actors are misusing the Macropack Red Team tool to deploy malware.
CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and former Deputy Director of NSA,
discussing his experience at the agency
and now in the VC world.
And unauthorized
Wi-Fi on a Navy warship
leads to court-martial.
It's Wednesday, September 4th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us once again.
It is great to have you with us.
The YubiKey 5, a widely used two-factor authentication device,
contains a cryptographic vulnerability that allows it to be cloned
if an attacker gains temporary physical access.
The flaw, called a side-channel attack,
exists in the microcontroller used in YubiKeys and other
security devices like smart cards and passports. Researchers from Ninja Lab found that YubiKeys
running firmware versions before 5.7 are vulnerable due to issues in Infineon's cryptographic library.
This flaw allows attackers to extract secret keys by measuring electromagnetic radiation
during authentication. Cloning the device requires specialized equipment costing about $11,000
and physical access to the key, making it a highly sophisticated attack. While Yubico has
updated its firmware, affected Yubikeys can't be patched, leaving them permanently vulnerable.
The attack is unlikely to be widespread but poses a significant risk in targeted, high-stakes scenarios.
Despite the flaw, FIDO-compliant authentication remains one of the most secure methods when used carefully.
when used carefully.
Google has released the September 2024 Android security update warning users of a serious zero-day vulnerability.
This high-severity flaw affects the Android framework
and could lead to local privilege escalation,
allowing attackers to gain elevated access
without additional execution permissions.
The vulnerability was first identified in the June Pixel security update
and has since been exploited in limited targeted attacks.
It's now been added to the U.S. Cybersecurity and Infrastructure Security Agency's
known Exploited Vulnerabilities Catalog.
Google urges all Android users to update their devices immediately to mitigate the risk.
In total, the September update addresses 10 high-severity vulnerabilities all Android users to update their devices immediately to mitigate the risk.
In total, the September update addresses 10 high-severity vulnerabilities within the Android framework and system.
ZyZell has released patches for multiple vulnerabilities in its networking devices,
including a critical OS command injection flaw affecting 28 access points and one security router model.
This flaw, with a CVSS score of 9.8, allows remote unauthenticated attackers to exploit the devices via crafted cookies.
Additionally, ZyZle fixed seven vulnerabilities in its firewall products, with some requiring authentication.
and its firewall products, with some requiring authentication.
A high-severity buffer overflow issue impacting over 50 products was also addressed.
Hatches are available, but some users must contact support for updates.
D-Link has issued a warning about four remote code execution vulnerabilities
affecting all hardware and firmware versions of its DIR-846W router.
These flaws, three of which are critical and require no authentication,
will not be fixed as the product has reached end of life and is no longer supported.
Although no proof-of-concept exploits have been published yet,
D-Link advises users to retire the router immediately due to security risks. If replacement is not feasible, users should update the firmware,
use strong passwords, and enable Wi-Fi encryption. These vulnerabilities could be exploited by
malware botnets like Mirai, making it crucial to secure devices before further exploitation.
Latvian government and critical infrastructure websites are facing increased cyberattacks from
politically motivated hackers linked to Russia and Belarus, according to Latvian cybersecurity
officials. The goal is to disrupt access primarily through DDoS attacks rather than steal sensitive data.
The attacks have surged since Latvia's recent aid package to Ukraine, which includes drones and air defense systems.
Activist groups like NoName05716 have claimed responsibility, openly supporting Russian aggression.
openly supporting Russian aggression.
Latvia has been targeted frequently since Russia's invasion of Ukraine with attacks on government, critical infrastructure, and businesses.
Despite being well-prepared, Latvia's CERT acknowledges the challenge as attackers frequently adapt.
These cyberattacks are part of a broader hybrid war
aimed at destabilizing society and undermining trust
in state institutions. The Federal Trade Commission reports a sharp rise in Bitcoin
ATM-related scams, with consumer losses jumping nearly tenfold since 2020, reaching over $110
million in 2023. In the first half of 2024 alone, scam losses exceeded $65 million,
with older adults being particularly targeted. Scammers impersonate government or business
officials and pressure victims to deposit cash into Bitcoin ATMs, which then transfers the money
directly to the scammers. The median loss in these scams is $10,000.
The FTC urges caution and provides tips to avoid falling victim.
The Dutch Data Protection Authority has fined Clearview AI 30.5 million euros
for violating the General Data Protection Regulation
by building an illegal
facial recognition database with billions of photos, including those of Dutch citizens.
Clearview automatically scraped these photos from the internet without individuals' consent
and converted them into unique biometric codes. The DPA also issued penalties for non-compliance, potentially adding 5.1 million
euros. The DPA warns Dutch organizations against using Clearview's services, stating it's illegal
under GDPR. Despite previous fines from other authorities, Clearview has not changed its
practices. The Dutch DPA is investigating holding Clearview's management
personally responsible for the violations.
Cisco Talos researchers have found
that threat actors are misusing a red team tool,
Macropack, to deploy malware
via malicious Microsoft documents.
These documents, uploaded to VirusTotal
between May and July 2024, originated from various countries including China, Pakistan, and Russia.
Macropack, originally intended for Red Team exercises, generates payloads that can evade anti-malware tools by obfuscating code and renaming variables.
and renaming variables.
The malicious files delivered payloads like the Havoc and BruteRatel frameworks
and a variant of the Phantom Core remote access Trojan.
While MacroPack is designed for legitimate security testing,
its free version is being exploited for malicious purposes.
The documents used different lures,
including military themes,
leading researchers to conclude that
multiple threat actors are leveraging Macropack to deploy their malware. In a briefing with
reporters Tuesday, CISA leaders expressed confidence in the security of U.S. election
infrastructure for the 2024 elections, citing significant improvements since 2016. However, the agency will no longer petition
social media platforms to remove false or misleading posts about elections. CISA Director
Jen Easterly clarified that their role is to address threats to election infrastructure,
not content removal. Instead, CISA will focus on collaborating with tech companies and election
officials on security measures while directing voters to accurate information sources. This marks
a shift from previous efforts, as the agency faced criticism and legal challenges regarding
content moderation. CISA now emphasizes proactive communication by election officials to combat misinformation, citing recent successful coordination in New Hampshire as a model for responding to disinformation campaigns.
Coming up after the break, my conversation with George Barnes,
Cyber Practice President and Partner at Red Cell Partners and former Deputy Director of NSA.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
George Barnes is Cyber Practice President and Partner at Red Cell Partners. He's former Deputy Director of NSA and Judge of the upcoming 2024 Data Tribe Challenge.
Well, actually, this is my first introduction to the Data Tribe Challenge.
I just retired from the National Security Agency back in September, almost a year ago,
and I joined the world of startups and cybersecurity startups.
And so I'm in, I guess, what you might refer to as a bit of a sister company called Red Cell
Partners. And so I ended up meeting one of the co-founders, Mike Janke, because of my new position
and because of my past. And so I have not had much exposure to Data Tribe other than through its reputation,
which stands tall.
A great reputation many years now in the business.
Wonderful companies that have been started,
some of which I actually work with today.
And so I just was very interested in joining up
and working with them as peers
so we can learn from each other.
I should mention for full disclosure that N2K CyberWire is a DataTribe company.
There you go.
This is, I suppose many would describe it as being sort of a Shark Tank-like event
where a number of hopeful startups, founders get in front of an audience of judges,
but then a few hundred people there as well in the crowd.
And they give their best pitch.
They make their case for why they should move forward
and be funded by DataTribe.
Why do you suppose this format is an effective one
for this sort of thing?
I think one of the things this format can do is it can enable a founder, A, to be exposed
and communicate about what they hope to be their offering.
But likewise, it gives us, the judges, and then the decision makers, in this case, of
course, the data tribe, an ability to really understand what's the depth behind the voice.
Many people can speak very eloquently,
but when tested in bidirectional Q&A, we test depth.
And so that's one of the things that this type of a format enables
is an ability to not only ensure that the would-be founder can
articulate the wherewithal about their product and their aspirations for its trajectory and perhaps
the research they've done about the market they hope to enter and conquer, but it also gives a
chance for us to really get a sense of how the fluidity with which they speak.
And the fluidity speaks to knowledge, depth, conviction.
And so a lot can come out from the interpersonal dynamics when you're talking.
But of course, in the end, it's all about the content too.
And it's all about the content too.
You know, I hear the folks at DataTribe talk about being right here in the shadow of NSA,
which is your former place of employment here. Can you touch on that element of it, this sort of startup energy that comes from having NSA right here in the midst of us?
Certainly. It is an energy. And I witnessed that from a
challenging perspective when I was at NSA as a leader, only because one of the things that NSA
has to do is try to keep talent on board and in place. And I think for the good of the country,
one of the things that has happened as various technical operational
pursuits that were taking place inside NSA found themselves really being necessitated by market
pressures. In this case, cybersecurity is something that affects every single one of us professionally
and personally. And so on the one hand, I was very proud that many people who got their start in NSA found an ability to understand the nature of the environment, the threat, the technology, and to turn that into prospects to create companies and value.
And in return, that value makes us all safer.
And so that was the good side.
Of course, the challenging side was trying to keep our attrition low
for those people that had those skills.
But bottom line, we were enriched.
And it was incumbent upon me as a leader at NSA and our leadership team
to create an environment where people felt they were engaged,
they were included, they had connectivity to the mission and its impacts.
And then some of them invariably took that out into the private sector
and it's paid dividends for them, but it's also paid dividends
for the various products and service offerings that many of them have had.
A lot of the, several of the companies
that Data Tribe has founded were founded by folks that left NSA. And so I'm proud of that.
And especially now that I'm on the other side, on the outside, I see the value. Again, my company
is based in McLean, Crystal, not Crystal City, but Tyson's Corner area.
But it's still in the greater Baltimore, Washington area, which has a lot of influence from NSA.
And I think that's a great thing.
As a judge for the upcoming Data Tribe Challenge, do you have any tips or words of wisdom for those who are going to be presenting and any specific things that
you'd like to see? Yeah, I think one of the key things gets into the connection, but the difference
between having a great technical solution and having a solution that can actually
get traction in the market and how big that market might be.
And a lot of founders have not founded before. Some have. And one of the things that tests every
founder is this whole issue of market pressure, market reality, market uptake, and really
understanding how to characterize the market opportunity in a way that doesn't fall apart at first contact.
And I think that's really the key. I've spoken to a lot of people who have had wonderful ideas,
but if there's not a receptive market or if the integration of your idea into the market is too disruptive,
you will have a hard time, in many cases, getting traction and therefore
having a viable company. And so I think that's really, there are a lot of wonderful technical
solutions out there, many of which unfortunately are not market worthy.
That's George Barnes, Cyber Practice President and Partner at Red Cell Partners and former
Deputy Director of NSA.
You can learn more about the Data Tribe Challenge through the link in our show notes.
Submit your startup to potentially be selected to be part of a startup competition like no other by September 27th, 2024. Thank you. thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And finally, imagine being stuck on a Navy ship in the middle of the ocean with no Wi-Fi.
For most sailors, that's a harsh reality during deployment.
But for the chiefs aboard the combat ship Manchester, that wasn't a problem.
They had their own secret Wi-Fi network, lovingly named Stinky.
In a plot that sounds straight out of a bad sitcom,
senior enlisted leaders, led by then-Command Senior Chief Grisel Morero, secretly installed a Starlink satellite dish for their private use.
While everyone else on board endured internet deprivation, the chiefs enjoyed streaming, texting, and checking sports scores.
streaming, texting, and checking sports scores.
The covert operation involved sneaking the dish onto the ship,
setting up payment plans, and even renaming the Wi-Fi to look like a harmless printer network when suspicions arose.
But eventually, the jig was up,
thanks to a nosy civilian tech installing authorized Navy equipment.
When the truth surfaced, Barrero tried to cover her tracks,
even doctoring data charts to hide her Internet use.
However, she finally confessed and was court-martialed,
stripped of rank,
and sentenced for her egregious misconduct.
In the end, the unauthorized Wi-Fi
may have helped the chiefs catch up on Netflix,
but it posed serious risks to the ship's
security. They say loose lips sink ships, but in this case, it was loose internet connections that
torpedoed the chiefs. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes
or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine
of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence
and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.