CyberWire Daily - The 18-year stowaway.
Episode Date: August 9, 2024Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. el...ections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024. Selected Reading ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (WIRED) Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities (SecurityWeek) Series Of Solar Power System Vulnerabilities Impacts Millions Of Installations (Cyber Security News) Microsoft: Iran makes late play to meddle in U.S. elections (CyberScoop) UN cybercrime treaty passes in unanimous vote (The Record) ADT confirms data breach after customer info leaked on hacking forum (Bleeping Computer) It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 (The Register) Computer Crash Reports Are an Untapped Hacker Gold Mine (WIRED) USPS Text Scammers Duped His Wife, So He Hacked Their Operation (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Deep firmware vulnerabilities affect chips from AMD.
CISA warns of actively exploited Cisco devices.
Solar inverters are found vulnerable to disruption.
Iran steps up efforts to interfere with U.S. elections.
The U.N. passes its first global cybercrime treaty.
ADT confirms a data breach.
A long-standing browser flaw is finally fixed.
Crash reports help unlock the truth.
Rob Boyce of Extensure shares his thoughts live from Las Vegas at the Black Hat Conference.
And these scammers messed with the wrong guy.
It's Friday, August 9th, 2024.
I'm Dave Bittner, and this is your you for joining us here today.
In a story for Wired, Andy Greenberg writes that security researchers from IOactive have discovered a critical vulnerability in AMD processors,
called SYNC-CLOSE, that has existed in AMD chips since 2006. This flaw allows malware to deeply embed itself into a computer's memory,
potentially making it nearly impossible to remove without specialized hardware tools.
Sync close affects a highly privileged mode of AMD processors
known as system management mode,
which is usually reserved for secure firmware operations.
Exploiting this flaw could allow hackers to install undetectable malware, surviving even
after reinstalling the operating system. Although exploiting SYNC close requires prior deep access
to a machine, the vulnerability could be particularly dangerous if used by sophisticated attackers. AMD has acknowledged the issue and released some mitigations,
but complete fixes are still forthcoming.
The researchers emphasize the importance of patching affected systems quickly,
as the flaw could significantly compromise the security of millions of devices worldwide.
CISA has warned organizations about threat actors exploiting improperly configured Cisco
devices, specifically targeting the legacy Cisco Smart Install feature.
Malicious hackers are acquiring system configuration files, which can lead to network compromises.
CISA noted the continued use of weak password types on Cisco devices, making them vulnerable to password-cracking attacks.
Additionally, Cisco disclosed critical vulnerabilities in their end-of-life small business SPA IP phones, which can be remotely exploited but will not receive patches.
patches. The global electricity network's integration with rapidly expanding solar power infrastructure and Internet of Things creates a complex and potentially vulnerable
system. Key components like inverters and controllers are essential for converting
solar-generated power and maintaining grid stability. However, recent research by Bitdefender has uncovered serious vulnerabilities
in the SolarMAN and D solar inverter platforms,
affecting millions of installations and exposing 195 gigawatts
of global solar capacity to cyber threats.
These vulnerabilities could allow attackers to hijack solar systems,
disrupt electricity generation, and even destabilize
entire power grids. Given the critical role of these devices in balancing supply and demand
and the increasing reliance on solar energy, robust cybersecurity measures are essential
to safeguard grid stability and national security. Iran is intensifying efforts to interfere in the 2024
U.S. elections, according to a recent report from Microsoft. Iranian hackers are conducting
spear phishing campaigns, targeting high-ranking political figures, and laying the groundwork for
fake news campaigns. Microsoft identified four different hacking groups involved, with one group attempting
to breach the accounts of a former presidential candidate and a current campaign official.
The influence operations are focused on stirring up controversy, especially in swing states,
and have included creating fake news sites targeting both liberal and conservative audiences.
These operations appear to follow a pattern of Iran's
later-stage election interference compared to other countries like Russia. Microsoft warns
that some groups may escalate to more extreme actions, such as inciting violence, with the
goal of undermining election integrity and creating chaos. The United Nations has passed its first global cybercrime treaty,
initially proposed by Russia, establishing a legal framework for cybercrime and data access.
The treaty, adopted unanimously by the UN's Ad Hoc Committee on Cybercrime,
will go to the General Assembly for a vote in the fall, where it is expected to pass.
Despite the treaty's significance, it has faced opposition from human rights organizations and big tech companies due
to concerns over provisions allowing cross-border access to electronic evidence and potential
misuse of surveillance powers. Critics argue that the treaty lacks strong human rights safeguards,
potentially enabling increased surveillance and undermining digital trust.
The treaty marks a milestone in global efforts to address cybercrime.
American building security company ADT confirmed a data breach
after threat actors leaked customer data on a hacking forum.
The breach involved unauthorized access to ADT databases,
exposing limited customer information, including email addresses, phone numbers, and postal
addresses. ADT quickly responded by shutting down the access and launching an investigation
with cybersecurity experts. The breach affected a small percentage of ADT's 6 million customers,
but there's no evidence that home security systems, credit card, or banking information were compromised.
A long-standing security issue affecting major web browsers,
Chromium-based browsers like Chrome and Edge, WebKit browsers like Safari and Mozilla Firefox,
has finally been addressed.
The vulnerability related to the 0000 IP4 address allows malicious websites to access local services on macOS and Linux systems.
Identified by Oligo Security as the 000-day flaw, it's been exploited since the late 2000s.
While Chrome and Safari have implemented fixes,
Mozilla is still working on a solution.
The issue highlights the need for better security mechanisms
like private network access to prevent external sites
from reaching local host services,
a change that browsers are now gradually adopting
to close this loophole
and enhance cybersecurity. When a bad software update from CrowdStrike caused global chaos,
Windows computers started showing the infamous blue screen of death. As confusion spread with
rumors and misinformation running wild, Mac security researcher Patrick Wardle knew exactly where to find the truth,
crash reports from the affected systems.
Wardle, despite not being a Windows expert,
was intrigued by the situation and turned to crash reports to uncover the real cause.
While some others speculated about Microsoft being at fault,
Wardle's deep dive into these reports revealed the true culprit
long before CrowdStrike made an official announcement.
At the Black Hat security conference, Wardle shared his findings,
arguing that crash reports are an underutilized goldmine
for uncovering software vulnerabilities.
He presented multiple examples, including bugs in Apple's macOS
and the analysis tool Yara,
all discovered by simply examining crash reports.
These reports, available on most operating systems,
can provide developers and security professionals with invaluable insights.
Wardle emphasized that sophisticated hackers and state-backed actors
are likely already mining these reports to exploit potential weaknesses.
Even intelligence agencies like the NSA reportedly use crash logs to gather information.
Wardle's message was clear. Crash reports hold the truth.
And ignoring them is a missed opportunity to strengthen software security.
strengthen software security.
Coming up after the break, my conversation with Rob Boyce from Accenture with his thoughts live from Las Vegas at the Black Hat Conference.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
and it is always great for me to welcome back to the show robert boyce he is the global lead for cyber resilience and senior managing director at accenture security rob welcome back thanks dave
it's always fun being here so you are on the ground at Black Hat this year, and I understand it is quite the event.
It really, really is.
I have to say, I thought last year was busy.
This year is putting last year to shame.
There's so many people here, so there's a lot of enthusiasm around security.
I'm seeing more activity on the showroom floor than we've seen in years past.
And so I'm not sure if this is, again, finally getting out of that, you know, COVID years of years past, but I don't know. I just think it's
a phenomenal event. It's super well attended this year.
When you look at your calendar and the events that you choose to spend your time at, you know,
we have events like Black Hat, we have events like RSA. How does this fit into your thoughts looking at the year as a whole?
Yeah, this is honestly for me and just in my space and with my team, one of the most exciting events we get to participate in.
Because as you can imagine, this is where we get to really dive in and get a little bit more, go back to our technical roots in some ways.
And so we get to hear a lot more of the deep technical discussions,
which is a little different
than some of the other conferences that we attend.
And just the extreme focus on security is fantastic.
So like this is, you know,
one of the top of our lists each year
to be able to attend
and really be inspired by some of the innovations
that we're seeing come out of the security space,
as well as just some of the super smart people doing these really interesting talks. Are there any particular
topics that you have had your eye on exploring while you're there? Yeah, there's been a few
things that have really stood out to me. I think, you know, we had the privilege this year of having
Jenny Sterling from CISA as doing one of the keynotes. And, you know, one of the things,
and I'm not sure if it's just me or this just went unnoticed by me or not,
but the tagline that they're using at CISA
really caught my eye when I was on the floor this year,
which is America's Cyber Defense Agency.
And I had just not noticed that tagline before.
So again, I'm not sure if I just missed it, but I love it.
I think this is, it really caught my attention.
And I wasn't even sure, is that CISA's booth?
I'm not even sure.
It was really fascinating.
So I thought that was really cool.
And again, just to have them show up in such force,
again, for another year in a row is just fantastic.
And her discussion on election tampering
and election fraud was really, really great.
And I think especially now,
which is of course,
as we're moving into an election,
I think it's a super important topic. And I think she did a great job of really being able to separate some of the
noise, signal from the noise. You know, she talked a little bit about, you know, how the election
managers managing the elections are really focused in just their job and their life of being crisis
managers. And so, you know, they're prepared for these types of activities, the potential crises that may happen. And I thought that was fascinating. And also
really educating people on, you know, the rumors versus reality. She was actually telling people,
hey, if you're curious about this, we've set up a website, Rumor Versus Reality,
and they're looking at how to separate, again, those different potential deep fakes and
misinformation from what's really happening in the election space. So I thought that was really fascinating for her to share all that
with everybody. Any other talks that caught your eye? Yeah, there's two other areas that I felt
were fascinating where I'm seeing big trends where we haven't seen this much, I would say,
much exposure from in the past. One of those is around supply chain. So everyone's talking about
third-party risk or supply chain risk for years now. But this year, I've really seen a lot of
vendors focus on that space. We've seen a lot of vendors talk about it. And what I think is really
super interesting here is they're also extending it not just to a rating system or a scaling system
to rate people, but they're really talking now about digging down into the open source aspect of this.
And so how do we secure the open source aspect?
It's really, as we all know, making up such a prominent part of software
that's being developed nowadays.
And how do we make sure that we're securing that entire lifecycle,
that entire supply chain, which I think was really fascinating
and great to finally start seeing some traction in that area.
And then the third
area that I thought was really interesting is, you know, and you and I have talked about this,
whether it's RSA or it's Black Hat, you know, the concept of AI everywhere. Every company is an AI
company, which is still the case here. We're still talking about a lot of AI. But what I'm starting
to see now is almost a shift to how do we secure AI? So all of these innovations that we've created
around chatbots and other things like that, there is now a lot of focus on, well, how do we make sure we're securing those innovations, securing those chatbots, and securing the AI that we've been creating over time?
So I think that has also been really interesting.
And it shows that AI is becoming more prominent for us in the field, that we're now talking about securing that aspect as well.
As you get ready to pack up and head home from this trip,
how do you feel? Is this something that energizes you? I think so. Honestly,
spending more than three days in Vegas is difficult a lot of times for many reasons.
And this is an exhausting event. But that's primarily because you are energized, you are
enthusiastic, and you want to be able to take in as much as you can. And there's just so much to do. So for me personally, I am energized
going home. I think, again, seeing these new innovations, a new focus in a couple of really
prominent areas, I think it was great. So yeah, for me, I think this was a great show,
great opportunity to connect with like-minded individuals and be able to share ideas in the cyberspace.
It was a really great show.
Robert Boyce is Global Lead for Cyber Resilience and Senior Managing Director at Accenture Security.
Rob, thanks so much for joining us. Thank you. partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
And finally, it all started with a simple, seemingly harmless text.
Your USPS package needs more details.
Click here and enter your credit card info.
But when this scam text landed on the phone
of Grant Smith's wife,
the scammers unknowingly poked the wrong bear.
A seasoned security researcher
with a bit of free time after the holidays,
Smith wasn't about to let this slide.
When his wife
inadvertently entered her details, Smith decided to take matters into his own hands. What followed
was a high-tech game of cat and mouse. Smith dove into the depths of the internet, tracking down the
culprits, a Chinese-speaking gang known as the Smishing Triad. These bad actors were running a massive scam operation,
duping people into handing over their credit card information.
But Smith wasn't just any victim.
With the skill set of a cybersecurity pro,
he hacked into the scammers' systems,
uncovering their secrets like a detective flipping through a villain's diary.
He found their weak spots, sloppy security, default passwords, and
vulnerabilities galore, and exploited them to gather crucial evidence. With over 438,000 stolen
credit cards and 50,000 email addresses in the scammer's database, Smith had his work cut out
for him, but he wasn't about to let the smishing triad get away. He handed everything over to USPS investigators and a major US bank,
helping to protect countless victims from fraud.
In the end, the scammers learned a hard lesson.
Messing with Grant Smith's family was the biggest mistake they could make.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. Be sure to check out this weekend's Research Saturday and my conversation with Shakar Manashe, Senior Director of Security Research at JFrog.
We're talking about their research, When go rogue, analyzing a prompt injection code execution
in Vanna.ai.
That's Research Saturday.
Check it out.
We'd love to know what you think of this podcast.
Your feedback helps us ensure
we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders
and operators in the public and private sector, from the Fortune 500 to many of the world's
preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at n2k.com. This episode was
produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot
Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter
Kilby is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here
next week. Thank you. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.