Tech Brew Ride Home - Tue. 03/22 – A Day Of All The Infosec News
Episode Date: March 22, 2022When it rains, it pours cybersecurity news. The White House warns that Russian hacks may be incoming. Lapsus$ has now allegedly hit Okta and Microsoft. A big alleged hack to HubSpot might hurt a bunch... of crypto companies. And why does that Apple Studio display have 64GB of storage it’s (mostly) not using? Sponsors: RocketLawyer.com/workconfidently Links: Statement by President Biden on our Nation’s Cybersecurity (WhiteHouse.gov) Is Russia exploring cyberattacks against U.S. in response to hacktivists? (VentureBeat) Okta hack puts thousands of businesses on high alert (The Verge) Lapsus$ hackers leak 37GB of Microsoft's alleged source code (BleepingComputer) Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms (Decrypt) Alphabet’s quantum tech group Sandbox spins off into an independent company (CNBC) Apple Studio Display Contains 64GB of Storage, But Only 2GB Used (MacRumors) Roku OS 11 will let you set your own photos as a screensaver (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Tech meme right home for Tuesday, March 22nd, 2020. I'm Brian McCullough today. When it rains, it pours
cybersecurity news. The White House warns that Russian hacks may be incoming. Lapsis has now allegedly
hit Octa and Microsoft. A big alleged hack to HubSpot might hurt a bunch of crypto companies,
and why does that Apple Studio display have 64 gigabytes of storage it's mostly not using? Here's what you
miss today in the world of tech.
One of the surprises so far with the Russia-Ukraine war has been the relative lack of cyber warfare.
This is not to say that there's been none of it.
It's just that thus far, it seems to have largely been limited to within the theater of war generally.
The fear has always been that if things don't go the Russians way, they could lash out globally,
and that simply hasn't happened yet.
Yesterday, the White House put out a statement again, warning that Russia may expand cyber attacks against the U.S., citing
quote, evolving intelligence that the Russian government is exploring options.
Quoting from the statement from President Biden.
I have previously warned about the potential that Russia could conduct malicious cyber activity
against the United States, including as a response to the unprecedented economic costs
we've imposed on Russia alongside our allies and partners.
It's part of Russia's playbook.
Today, my administration is reiterating those warnings based on evolving intelligence that
the Russian government is exploring options for potential cyber attacks.
If you have not already done so, I urge our private sector partners to harden your cyber defenses
immediately by implementing the best practices we have developed together over the last year, end quote.
And quoting from Venture Beat.
As we are nearly a month into Russia's assault on Ukraine, this raises the question, why now?
And are such attacks potentially coming as a response to sanctions against Russia over Ukraine, or something more?
Cybersecurity industry veteran Mike Hamilton thinks it's likely to be the latter.
and that's something more, he says, could be the hacking efforts by volunteers such as the
anonymous hacktivist group. Part of this may be driven by the pretext that has been provided by
an army of volunteers, said Hamilton, founder and CISO at Security Firm Critical Insight, and
formerly the vice chair for the DHS state, local, tribal, and territorial government coordinating
council. After Anonymous has gone after pipelines, the Russian Space Agency, electric vehicle
charging stations, broadcast television, and unsecured printers, it is a lot of
credible to claim that this is an aggressive action by the United States and retaliation may be under
consideration. Hamilton said in comments provided via email, cyber experts, however, have also been
suggesting for weeks that there's a risk of Russia misattributing or otherwise holding the U.S.
responsible for the cyber attacks that hacktivists and other Ukraine-supporting hackers have been
carrying out against Russia. It's difficult, if not impossible, to quickly determine where an attack
came from or who was behind the attack, said John Dixon, vice president at coal fire in a previous
email to venture beat. Things can get messy quickly, and the risk of hackback cyber attacks from
the Russians directed toward the U.S. and West becomes more likely, end quote. With Biden's
statement today, that likelihood seems to now be higher. The language in the announcement by the
White House is beginning to edge up on specific and credible threats. Hamilton said, though,
he says it's notable that the statement does cite evolving intelligence.
end quote. Quoting Nicole Pearlroth on Twitter, shields up. Until now you've been told to prepare,
despite there being no credible threats of cyber attacks to the U.S., now evolving intelligence suggests
Russia is exploring options for potential cyber attacks. Don't panic, prepare right now, end quote.
It's another one of those days, I guess, where we're getting all the cybersecurity stories at once.
And the last time that happened was, I believe also the day we first heard about last
Lapsus. They were the folks that allegedly hacked deeply into NVIDIA systems and also allegedly leaked source
code from Samsung. Well, hear about them again with two big possible stories today. First,
ACTA says it is investigating reports of a breach after LAPS posted screenshots of alleged internal systems.
The ACTA CEO says it's likely related to a January incident, but still quoting the verge.
Octa, an authentication company used by thousands of organizations around the world,
says it's investigating news of a potential breach, Reuters reports.
The disclosure comes as hacking group lapses has posted screenshots to its telegram channel
claiming to be of Octa's internal systems, including one that appears to show Octa's Slack channels
and another with a cloud flare interface.
Any hack of Octa could have major ramifications for the companies, universities, and government
agencies that depend upon ACTA to authenticate user access to internal systems. Writing in its
telegram channel, LAPSys claims to have had superuser slash admin access to ACTA systems for two months,
but said its focus was, quote, only on ACTA customers, end quote. The Wall Street Journal notes
that in a recent filing, ACTA said it had over 15,000 customers around the world. It lists
the likes of Peloton, Sonos, T-Mobile, and the FCC as customers on its website.
In a statement sent to the verge, ACTA spokesperson Chris Hollis downplayed the incident and said
Octa has not found evidence of an ongoing attack.
Quote, in late January 2022, Octa detected an attempt to compromise the account of a third-party
customer support engineer working for one of our sub-processors.
The matter was investigated and contained by the sub-processor, Hollis said.
We believe the screenshots shared online are connected to this January event.
Based on our investigation to date, there is no evidence of ongoing malicious activity
beyond the activity detected in January. Hollis continued. However, writing in their telegram channel,
LAPSIS suggested that it had access for a few months, end quote. So, Octa potentially being breached,
would be a big enough story on its own, since everyone from FedEx to hospitals use them to authenticate
their users, but get this at the same time. The Lapsis group has also released around 37 gigabytes
of alleged source code from Microsoft, covering Bing, Cortana, other Microsoft services,
says it is investigating, quoting bleeping computer.
Early Sunday morning, the Lapsis gang posted a screenshot to their telegram channel,
indicating that they hacked Microsoft's Azure DevOps server containing source code for Bing,
Cortana, and various other internal projects.
Monday night, the hacking group posted a torrent for a 9-gabite 7-Zip archive
containing the source code of over 250 projects that they say belong to Microsoft.
When posting the torrent Lapsis said it contained 90% of the source code for
Bing and approximately 45% of the code for Bing Maps and Cortana.
Even though they say only some of the source code was leaked,
Bleeping Computer is told that the uncompressed archive contains approximately 37
gigabytes of source code allegedly belonging to Microsoft.
Security researchers who have poured over the leaked files told Bleeping Computer that they
appear to be legitimate internal source code from Microsoft.
Furthermore, we are told that some of the leaked projects contain emails and documentation
that were clearly used internally by Microsoft engineers to publish mobile apps.
The projects appear to be for web-based infrastructure, websites, or mobile apps with no source code
for Microsoft desktop software released, including Windows, Windows server, and Microsoft Office.
When we contacted Microsoft about tonight's source code leak, they continued to tell bleeping
computer that they are aware of the claims and are investigating, end quote.
And another one, because it's just one of those days.
third-party vendor HubSpot says it was hacked, leading to customer data breach notifications
to its customers at Circle, BlockFi, Pantara Capital, NYDIG, and other crypto firms.
As friend of the show, Jeff John Roberts tweeted, quote,
A very web 2.0 moment for Web 3.
A vendor's poor cybersecurity means a hacker now has buckets of crypto customer info, end quote.
Quoting from the site, Jeff is the executive editor,
of decrypt. In emails to clients, the companies revealed that HubSpot, a marketing and sales
platform, had informed them that a hacker had gained access to the personal data of their customers.
Pantera uses HubSpot as a client relationship management platform. The information that may
have been access includes first and last names, email addresses, mailing addresses,
phone numbers, and regulatory classifications, wrote Pantara Capital. Pantara added that
its internal systems were not affected by the incident and that the hacker didn't gain access
to any social security numbers or government IDs provided by customers.
In a weekend blog post, HubSpot described the attack as a, quote,
targeted incident focused on customers in the cryptocurrency industry and that a bad actor
had compromised an employee's account. HubSpot added that data was exported from fewer
than 30 HubSpot portals, but didn't provide a list of which client's accounts had been
compromised. The identities of some of the affected companies have instead been made known
as a result of the firms themselves alerting their customers, a common practice intended to both warn those
customers and to reduce legal exposure from such incidents, some of which result in class action suits,
and some of which result in fines from regulators like the Federal Trade Commission.
The full extent of the hack is so far unclear, in part because HubSpot hasn't disclosed how much data was stolen.
But given that the likes of BlockFi and Circle alone have millions of customers,
it's possible the hack was major, end quote.
Alphabet has revealed it is planning to spin off its quantum tech group known as Sandbox and led by founder Jack Hedary, quoting CNBC.
Alphabet has been relatively quiet about sandbox, which was launched in 2016 by Jack Hedary.
It operated as a separate group outside of Alphabet's well-known Moonshots Division, X, which has spun off a handful of its companies into its other bets segment.
Hederi will remain as CEO of Sandbox AQ.
The company, which has already gained a number of high-profile investors and clients,
is pursuing enterprise software that at least partially uses quantum technology.
Based in Palo Alto, California, the company has 55 employees.
Investors include former Google CEO Eric Schmidt,
Breyer Capital, Salesforce chief Mark Benioff's, Time Ventures, and Tiro Price.
Schmidt is taking over as chairman of the board, the company said in its release.
customers include SoftBank Mobile, Vodafone, and New York's Mount Sinai Health System Sandbox said, end quote.
A developer has found that Apple's studio display has 64 gigabytes of onboard storage, but only uses two gigabytes of it.
The full 64 gigabytes might be related to the fact that the studio display has an A-13 bionic chip inside it.
As John Gruber says, basically this is an iPad 9 inside.
a display, quoting Mac rumors. As highlighted by developer Kausthian on Twitter, the studio display
uses only 2 gigabytes of its 64 gigabytes of internal storage. Some free space is likely needed
for firmware updates, but the 62 gigabytes of unused space is seemingly otherwise useless
at the current time. Apple has not confirmed the quantity of the studio displays internal storage
in its technical specifications. The discovery may be unsurprising given that the studio display
contains an A-13 Bionic chip. The A-13 bionic was introduced with the iPhone 11 lineup in 2019
before being offered in the second-generation iPhone SE and the ninth-generation iPad. None of these
devices have ever been available in any storage configuration below 64 gigabytes, which may suggest
that smaller quantities of storage are incompatible with the A-13's storage controller.
economies of scale may also be responsible with production costs for pairing the A13 with a smaller amount of storage potentially costing more than the same 64-gibytes system currently used in the iPhone 11 that is still on sale and the ninth-generation iPad.
The finding means that overall the studio display contains the exact same 2.65 gigahertz A-13 bionic chip, 12-mepixel ultra-wide front-facing camera setup with center stage, and 64-gigabytes base configuration of storage,
as the 9th generation iPad. It is also now clear that the studio display has better specifications
than the second-generation Apple TV 4K, which sports an A12 bionic chip and a base storage configuration
of just 32 gigabytes. Last week, it emerged that the studio display runs the full version of iOS
15.4 with the exact same build used by the iPhone and iPad, meaning that updates to the
display's functionality will come as part of iOS updates, end quote.
Finally today, Roku has announced OS11, which is rolling out in the coming weeks, and contains
custom screensavers, a curated what-to-watch hub, and expanded voice keyboard support.
The headline here is that you can put your own photos on the screensaver now, which,
I mean, how is that something they're just getting around to doing now?
Quoting the verge.
Firstly, when Roku OS11 rolls out two users in the weeks ahead, they'll be able to change their
screen saver to display their own photography or images with phone.
photo streams. Not only will photo streams allow users to display photos from their desktop or mobile
device on Roku, but users will also be able to share streams with other Roku device owners as well.
Once a stream is shared, other Roku owners will be able to add to it, allowing everyone to
collaborate on a shared album. Roku OS11 will also introduce a new What to Watch on Roku menu,
a personally curated hub added to the home screen menu that will suggest popular and recently
released TV and movies. Roku is rolling out a handful of other features.
as well, voice-enabled keyboards already supported on Roku will be available in Spanish,
German, and Portuguese with the OS11 update in the U.S. and other supported markets, and Roku's
mobile app will display additional information about TV shows and movies, including more details
about where to stream them for free or through existing paid accounts and images of cast and crew
attached to a given title. Lastly, Roku is introducing both a new automatic speech clarity
setting for clearer dialogue, as well as new sound modes for Roku stream bars and speakers.
Those sound settings include standard, dialogue, movie, music, and night modes, end quote.
Right, because it's not that you're getting old and your hearing is just increasingly getting bad,
it's that they've increasingly made movies hard to hear.
Yeah, that's it.
I woke up this morning at 2 a.m. and never fell back to sleep.
Ask me anything.
Actually, number one, shout out to the bird that started chirping at 3.15 a.m.
Early bird, something, something.
But I mean, come on, that's really kind of jumping the gun, isn't it?
And number two, do you wear an Apple Watch while sleeping?
Do you use the watch vibration alarm to wake up?
I've long suspected that like a minute or five minutes or so before your alarm is set to go off.
The watch will give you a short little vibration nudge.
I assume to help gently kick you out of REM, so you have an easier time waking up.
And I could swear this morning I felt the kick about a minute before the alarm, but I can't be sure.
You know how you get phantom vibrations in your pocket, where you think your phone is buzzing, but it's not.
So maybe this was a phantom sensation as well, because I was waiting to see if it would happen.
And my Googling around to see if this indeed is a feature was inconclusive.
So anyone else suspect something similar or have?
proof that the watch does indeed do this? If so, cool. That seems like a sensible feature,
or else I'm just imagining it, and it's a feature they should consider. Talk to you tomorrow.
