Zyxel Warns Of Critical Vulnerabilities In Firewall And VPN Devices

Posted in Commentary with tags on May 27, 2023 by itnerd

Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products. Unpatched, a threat actor could leverage the vulnerability without authentication. Here are the vulnerabilities:

CVE-2023-33009

A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 

CVE-2023-33010

A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even a remote code execution on an affected device. 

Here’s a list of affected devices:

  • Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)

Zyxel has released patches for their firewalls. I’d strongly suggest installing them ASAP.

Hisense Launches Its latest Mini LED Televisions In Canada

Posted in Commentary with tags on May 26, 2023 by itnerd

The next generation of high performance, innovative and smart 4K televisions from Hisense have arrived in Canada.

Hisense introduced its new ULED series featuring innovative Mini LEDs earlier this year at the Consumer Electronics Show in Las Vegas. The Hisense TVs that boast this premium technology are now arriving at Canadian retailers, with options across the budget spectrum. 

Hisense Mini LED backlighting technology combined with Full-Array Local Dimming is engineered for high brightness levels with vibrant and accurate colour reproduction,” says Puneet Jain, Senior Director and Head of Marketing, Public Relations & E-commerce with Hisense Canada. “The result is a superior television with enhanced image quality with more precise and true-to-life images on the screen.”

Televisions with Mini LEDs produce an image that has more detail and brightness; the Mini LEDs used in Hisense televisions are much smaller than a conventional LED, allowing more LEDs to be installed on each panel delivering better processing of visuals. The outcome is sharper, brighter, and crisper picture quality for an enhanced viewing experience.

Hisense Canada is introducing three series of televisions with Mini LED technology for consumers to choose from, based on their needs and preferences:

  • U88KM Series — The U88KM Quantum Dot Mini LED is the flagship series making this an ideal choice for home entertainment and gaming. The native 144Hz refresh rate is great for action movies, sports, and gaming. The Mini LED backlighting technology with high brightness levels and accurate colour reproduction will make this TV stand out in any room. The U88KM features more local dimming zones, higher peak brightness, and picture upgrades like IMAX enhanced, Filmmaker Mode, Dolby Vision IQ, and HDR10+ to elevate the entertainment experience. 
  • U78KM Series — The U78KM brings next-level gaming upgrades with the native 144Hz refresh rate combined with enhanced on-screen response time, making this series an ideal choice for gaming, and watching sports. It also features Dolby Vision & Dolby Atmos, Filmmaker Mode as well as gaming features like Variable Refresh Rate (VRR), Auto Low Latency Mode (ALLM), and Game Mode Pro to eliminate lagging and frame tearing.
  • U68KM Series — The U68KM features Quantum Dot Mini-LED technology, Filmmaker Mode, Bluetooth connectivity, higher peak brightness, and Google Assistant.

The Hisense Mini LED Series price starts at $799.99 for a 55-inch U68 series and will be available in stores and online at several national and regional retailers across Canada including Visions, Best Buy, Costco, The Brick, Amazon, London Drugs, and other authorized retailers.

Hisense is the no. 2 TV brand in the North American market based on unit share and is the fastest growing TV brand in Canada. With its lineup earning 50+ awards in 2022, Hisense is taking its ULED technology even further with the launch of an innovative line of TVs to bring the most immersive entertainment experience to consumers.

Twitter To Academics: Delete Twitter Data Or Pay $42K/Month…. And Another Senior Figure At Twitter Leaves

Posted in Commentary with tags on May 26, 2023 by itnerd

I am of two minds on this on. I can’t decide if this is another attempt by Elon Musk to grab as much cash as he can. Or if Elon is trying to cover up how much of a racist, sexist, homophobic train wreck next to a dumpster fire it it. Either way, The Independent is reporting that Elon wants academics who got data from Twitter to either delete it, or pay him $42K a month:

An email, seen by the i, says researchers who don’t sign the new contract “will need to expunge all Twitter data stored and cached in your systems”. Researchers will be required to post screenshots “that showcase evidence of removal”. They have been given 30 days after their agreement expires to complete the process.

The requirement to delete the data was included in the original contract signed by researchers when they agreed to access the decahose, but it signals a U-turn on previous openness to scrutiny by academics. 

The contracts were signed with the previous Twitter regime, which had historically welcomed academic scrutiny of its platform and valued the importance of transparency. The researchers had no reason to believe that the contracts would ever end – nor that they would be asked to delete data they had previously obtained under its terms, regardless of what the text said.

“There is quite a bit of research underway to illuminate what has happened on Twitter the last several years, so it’s devastating both to that research, and to the transparency of the platform, and for the historical record of the public discussion on Twitter,” said one academic who received the demand. They asked not to be named because they are concerned about the ramifications. “It’s sort of the big data equivalent of book burning.”

At some point Elon is going to get called on this. Likely by the EU who has rules about this sort of thing. But Twitter has other issues at the moment. As in news that the head of engineering at Twitter has resigned following the debacle related to Ron DeSantis launching his bid for The White House on Twitter, and that turning into a train wreck next to a dumpster fire:

Foad Dabiri, the engineering lead for Twitter’s Growth organisation, tweeted: “After almost four incredible years at Twitter, I decided to leave the nest yesterday.”

And:

Mr Dabiri did not say why he had decided to leave the company, or whether it was linked to the problems with Mr DeSantis’s campaign.

In a thread on Twitter, he thanked his “remarkable” colleagues for their friendship, stating the company had experienced “massive and rapid” change under Mr Musk.

“We came through and emerged stronger,” he added. “To say it was challenging at the outset would be an understatement.”

He added that working with the Tesla founder “has been highly educational”, and that it was “enlightening” to see how his plans were shaping the future of Twitter.

It sounds like he was made to walk the plank because of the gong show that was the DeSantis campaign launch. Too bad for him. But it illustrates that Elon isn’t the type of person who takes responsibility for anything, seeing as he mass fired a lot of the people who likely could have supported this campaign launch and make sure that it went off without a hitch. However, Elon is also not a guy who thinks that far ahead. And that is starting to bite him as you have to wonder what Republicans think of the guy at the moment based on what happened with this brutal campaign launch.

SMBs Targeted By State-Aligned Actors Through Their MSPs: Proofpoint

Posted in Commentary with tags on May 25, 2023 by itnerd

new study by Proofpoint researchers found that Advanced persistent threat (APT) actors are increasingly using vulnerable regional managed service providers (MSPs) to leverage attacks on the small and medium-sized businesses (SMB’s) they service. Once through the MSP’s defenses, the attackers are feeding off of the less well defended SMB’s for financial gain.

The report published this week found that the state aligned actors from Russia, Iran and North Korea were increasingly using this supply chain approach to breach SMB’s defenses.

Proofpoint: “Regional MSPs often protect hundreds of SMBs that are local to their geography and a number of these maintain limited and often non-enterprise grade cyber security defenses. APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end-user environments.”

David Mitchell, Chief Technical Officer, HYAS starts off the commentary with this:

   “MSP/MSSPs have been a concern for quite some time, primarily due to the access required into a customer network, along with varying degrees of technical and security expertise on the provider side. Managed services is no longer a high margin business and as such, many MSPs are still utilizing legacy technologies to provide services to their customers, which leaves everyone in that chain exposed.

   “Understanding the security posture of your third party providers is a difficult, if not impossible undertaking for small and medium businesses. Until there is a more scalable way of continuously auditing your service providers, the risk fully lies with whether the customer chose a capable MSP or not.“

Roy Akerman, Co-Founder & CEO, Rezonate adds this:

   “We’ve seen the increased risk around third-party access and supply chain risk increasing for the past few years. The Kaseya VSA software vulnerability used by many MSPs was a key part of distributing REvil ransomware all the way to SMB organizations managed by MSPs. So was the SolarWinds security breach. “Watching-the-watcher” was and will continue to be a focus for organizations who outsource their work externally while always being able to identify who’s doing what and for what reason. Zero trust principles can help tackle and reduce risk by limiting MSPs to only do what they need to and not take the path of a yet-another-superadmin across your network.”

For many small and midsize companies, having someone else remotely monitor and manage their computer network is perceived as a no-brainer. The managed service provider can improve efficiency, reliability, security, and maintenance — all while lowering costs and freeing up IT staff to work on more strategic projects. But there are risks, and this Proofpoint research illustrates that in black and white.

Apria Healthcare Was Pwned…. But You’re Finding Out About It Two Years After The Fact…. WTF??

Posted in Commentary with tags on May 25, 2023 by itnerd

This week, Apria Healthcare alerted nearly 1.9 million patients and employees that their personal and financial data may have been accessed by hackers who breached the company’s networks between April 5, 2019 to May 7, 2019, and then a second time from August 27, 2021 to October 10, 2021. It’s unclear, however, why Apria has only sent letters about the incident two years later.

Information potentially accessed may have included personal, medical, health insurance or financial information such as bank account and credit card numbers in combination with security codes, access codes, passwords and account PINs. 

According to Apria, the company took immediate action including working with the FBI and hiring a reputable forensic investigation team to investigate. I’ll comment on this in a moment and I will let Willy Leichter, VP, Cyware start off the commentary:

This is another example of the fundamental flaws in our breach notification system. Learning that your personal data was breached two years ago is practically useless, and all the free credit reporting in the world won’t help. While we try to mandate how quickly an organization must report a breach, there are no clear standards on how quickly breaches need to be discovered. In fact, there’s a perverse disincentive – the more lackluster your security, the longer you can wait to discover or disclose breaches that can be damaging to your business.

Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:

   “Unfortunately, we see an example where time to report an incident is not measured in days but in years. Healthcare PII data is considered premium in the dark web forums as one cannot simply alter their information with a new one. It is critical now to complete the investigation and truly understand the chain of attacks that occurred in 2019 and 2021 and validate there is no additional stealthy adversaries hiding and no backdoors left behind.”

Apria needs to be slapped here. Fines, Congressional hearings, whatever. The thing is that they took way too long to tell the world about this breach. And who knows if they have truly addressed whatever issues led to the breach in the first place. The fact is that Apria failed miserably here and that not only needs to be addressed with this healthcare provider, but by better laws that force immediate disclosure of breaches.

TELUS Gives The Results Of Its Investigation Into A Cyber Incident From Earlier This Year

Posted in Commentary with tags on May 25, 2023 by itnerd

Earlier this year, news came out that TELUS might have been the victim of a cyberattack. Here’s what was said to be out in the wild at the time:

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company.

At the time, TELUS said that they were investigating this. And today we have the results of that investigation:

We have concluded our investigation of this incident and have discovered that no systems used to support our customers were impacted, and that TELUS Health and TELUS Agriculture & Consumer Goods were not impacted in any way. 

We also discovered that a small amount of customer data may have been accessed by an unauthorized third party. While our ongoing monitoring has not discovered evidence of any personal information appearing in any public forum, we will be notifying impacted customers in the coming days.

So this confirms that TELUS was pwned. And I have to wonder what “a small amount of customer data” means. Plus whatever amount of customer data that “may have been accessed by an unauthorized third party” is too much as no amount of customer data should ever get out into the wild. It will be interesting to see how many people get notified by TELUS. And finally, I have to wonder what effect this will have on TELUS as a brand. You can expect me to keep an eye on all of this.

Snake Malware Is Something That You Might Want To Keep An Eye On

Posted in Commentary with tags on May 25, 2023 by itnerd

While there’s always a new malware of the moment, Snake Malware, which is associated with Russian hackers affiliated to FSB is one that you might want to be concerned about. The CISA are so concerned about it that they have put out an advisory on this malware. And when you read the technical description on this malware, it should make you re-evaluate your defences.

Kevin Bocek, VP,Ecosystem and Community at Venafi had this comment on Snake:

“According to more information released about the Snake Ransomware uncovered by the U.S. Department of Justice earlier this month, cybercriminals appear to have fallen into a trap. Namely, they have neglected the basics of machine identity management. The CISA Advisory published a report suggesting that the OpenSSL library the group used for the Diffie-Hellman key exchange had a significant vulnerability. Snake’s key set generated during the exchange used a wholly inadequate prime length of only 128 bits. This made this process completely insecure for asymmetric key systems and vulnerable to today’s machine-to-machine operations, whether for malware or transactions. In addition, when Snake was hastily deployed, users failed to remove certain components, inadvertently exposing function names, plaintext strings, and developer comments.”

“This again shows how difficult it is to properly manage machine identities manually – both for developers and security teams. Even experienced attackers obviously make mistakes. In this case, the malware’s developers did not properly configure one. This allowed the machine identities to be exposed, making the communications no longer private or even open to another attacker and revealing who the operators of Snake were. At best, this could have rendered the entire campaign useless; at worst, the Snake developers could have been attacked by other cybercriminals themselves.”

“The lesson is that machine identity management requires developers, operations and security teams to work closely together. In a world where machines transact, protect and attack, machine identity management is increasingly important.”

Well it seems that even the bad guys have issues creating malware that doesn’t give away clues about what it’s all about. Defenders should take that as a hint that they should do better when it comes to ensuring that they are as secure as possible.

Public Mobile Launches Canada’s First 5G Subscription Phone Service 

Posted in Commentary with tags on May 25, 2023 by itnerd

Public Mobile has launched Canada’s first 5G subscription phone service, offering Canadians the unique opportunity to experience mobility differently on an award-winning network.

Different from traditional postpaid and prepaid plans, Public Mobile’s subscription service offers a number of features and benefits:

  • For the first time ever, Public Mobile customers have the ability to access premium 5G wireless service, backed by an award-winning wireless network.
  • The ability to choose between a monthly or 90-day subscription, the speed plan and premium features (like unlimited data) that best fits their needs.
  • No overage fees, no credit checks, no confusing contracts and no surprises 
  • An all-new Public Mobile app that lets you manage your Public Mobile experience  digitally . From activating in minutes with eSIM to 24/7 account management and digital support and rewards with Public Points, Canadians can do it all on the app any where, anytime. 

This launch addresses a growing consumer demand and pain point, with a new survey commissioned by Public Mobile uncovering that more than 60% of Canadians agree that having a subscription service provides them cost certainty, convenience and peace of mind. Furthermore, 94% of Canadians feel they deserve more options when it comes to mobile phone plans, furthering why Public Mobile’s unique offering is a game-changer for Canadian mobility.

Here’s a message from Jim Senko, Chief of the Unexpected Officer, Public Mobile, for more information on the new offering and what it means for Canadians.

Guest Post: ESET Research Reveals New Analysis Of AceCryptor: Used By Crimeware, It Hits Computers 10,000 Times Every Month

Posted in Commentary with tags on May 25, 2023 by itnerd

ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

“For malware authors, protecting their creations against detection is challenging. Cryptors are the first layer of defense for malware that gets distributed. Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors, it often may be time-consuming or technically difficult to maintain their cryptor in a fully undetectable state. Demand for such protection has created multiple cryptor-as-a-service options that pack malware,” says ESET researcher Jakub Kaloč, who analyzed AceCryptor.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor. Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. AceCryptor is heavily obfuscated and has incorporated many techniques to avoid detection throughout the years.

“Even though we don’t know the exact pricing of this service, with this number of detections, we assume that the gains to the AceCryptor authors aren’t negligible,” theorizes Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Since many threat actors use the malware, anyone can be affected. Because of the diversity of packed malware, it is difficult to estimate how severe the consequences are for a compromised victim. AceCryptor may have been dropped by other malware, already running on a victim’s machine, or, if the victim got directly afflicted by, for example, opening a malicious email attachment, any malware inside might have downloaded additional malware; thus, many malware families may be present simultaneously.

AceCryptor has multiple variants and currently uses a multistage, three-layer architecture.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

For more technical information about AceCryptor, check out the blogpost “Shedding light on AceCryptor and its operation” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Ron DeSantis Makes The Mistake Of Launching His Presidential Campaign On Twitter

Posted in Commentary with tags on May 25, 2023 by itnerd

Ron DeSantis is seen as a frontrunner for the Republican nomination to become President of the United States. And he decided to launch his bid for The White House on Twitter with is “friend” Elon Musk.

Bad move Ron. Here’s why:

The start of a much-anticipated Twitter event in which Florida Gov. Ron DeSantis planned to announce his 2024 Republican presidential bid was repeatedly disrupted Wednesday when Twitter’s servers apparently could not handle the surge in traffic. 

The app crashed repeatedly as Twitter users tried to listen to the event where Twitter owner Elon Musk joined DeSantis for the announcement. 

DeSantis eventually was able to speak, about 20 minutes after the scheduled start, after Musk closed the initial Twitter Spaces event and started a second one on the app. That space attracted about 161,000 users, according to Twitter’s public-facing data, as DeSantis read a short speech.

And:

Voices early in the Twitter Spaces event were openly concerned Trump would take advantage of the early glitches, a notable admission because the event was set up by DeSantis supporters.’

“This is going to be a stain that Trump is going to leverage for at least a few weeks,” one person could be heard saying amid the event’s early glitches.

As the first Twitter Spaces event kicked off, metrics published by Twitter indicated that more than 600,000 were attempting to listen. 

“We’ve got so many people here that I think we are kind of melting the servers,” Sacks said at one point.

“We’re reallocating some of the server capability to be able to handle the load here. It’s really going crazy,” Musk said.

By the time DeSantis got the moment his political team had spent weeks negotiating, there were fewer than 70,000 viewers remaining, a significantly smaller audience than is traditional for a major presidential campaign launch.

That’s a #fail. But the bad news doesn’t end there:

Trump aides and allies immediately — and gleefully — mocked the Florida governor for the initial tech fiasco.

“Glitchy. Tech issues. Uncomfortable silences. A complete failure to launch. And that’s just the candidate!” Steven Cheung, spokesman for former President Donald Trump’s campaign, told NBC News. 

President Joe Biden’s Twitter account posted a link to his own fundraising page, writing, “This link works.”

You have to think that Elon must be embarrassed that such a high profile event caused Twitter to pretty much implode. It illustrates just how badly Elon is running Twitter at the moment. And should serve as a warning to anyone who wants to do a high profile event to not do it on Twitter. Meanwhile, I am sure a bunch of Twitter employees who were fired by Elon in the early days of his takeover of Twitter are laughing at Elon because of this embarrassing situation. Sucks to be Elon.