Over 490% VPN Demand Surge in Venezuela After Government Bans Twitter

Posted in Commentary with tags on August 12, 2024 by itnerd

Following the government’s contentious decision to block access to Twitter and the threat of blocking WhatsApp along with it, the VPN Mentor research team conducted an analysis of VPNs demand data in Venezuela, and they observed a surge of 494% in the country. They have published a research concerning this remarkable increase.

You will find all the details to their findings here: https://www.vpnmentor.com/news/vpn-demand-surge-venezuela/

Leave a comment »

Whose Chips Are Worse? Intel Or AMD?

Posted in Commentary with tags , on August 11, 2024 by itnerd

This week has had a lot of bad news for Intel and AMD. In both cases, they have bad news about the quality of the chips that they make. Let’s start with AMD and their “Sinkclose” vulnerability:

The Sinkclose vulnerability allows hackers to execute code within the System Management Mode (SMM) of AMD processors, a highly privileged area typically reserved for critical firmware operations. To exploit this flaw, attackers must first gain access to a system’s kernel, which isn’t easy, but it is possible. However, the system must already have been compromised by some other attack. 

Once this access is secured, the Sinkclose vulnerability allows the perpetrators to install bootkit malware that evades detection by standard antivirus tools, remaining nearly invisible within the system and can persist even after the operating system is reinstalled.  

The vulnerability leverages an ambiguous feature in AMD chips known as TClose, which is meant to maintain compatibility with older devices. By manipulating this feature, the researchers were able to redirect the processor to execute their own code at the SMM level. This method is complex but provides attackers with deep and persistent control over the system. 

This is pretty bad. But to be clear, a threat actor needs to already have access to your system to pull off this attacks. But AMD has acknowledged this and has said that they will push out fixes for these soon, if they’re not already out.

Now let’s go over to Intel who has some serious stability issues with their processors:

Alderon Games revealed that it had observed a nearly 100% failure rate of Raptor Lake processors in its own testing. Telemetry from end customers reports thousands of Raptor Lake CPUs crashing in customers’ gaming PCs. Alderon Game’s own development systems utilizing Raptor Lake CPUs also suffer from frequent instability, leading to SSD and memory corruption. On top of this, the studio’s dedicated game servers leveraging Raptor Lake parts experience “constant crashes” to the point where they are taking entire servers down. 

The studio’s benchmarking tools also show failures with Raptor Lake parts, specifically decompression and memory tests unrelated to its Path of Titans game, which the company is developing.

The worst part is that Alderon Gamers has observed CPU deterioration over time, specifically over three to four months. Initially, the chips will work fine but eventually start failing. Microcode, BIOS, and firmware updates have failed to resolve these stability problems for the game studio.

So, unlike AMD who can push out fixes that will address their issues, Intel’s chips will eventually fail. That’s in my mind makes Intel’s issues worse than AMD. And after a lot of inaction from Intel, the company is finally admitting to the issue, which dates back to 2022, and is doing something about it:

Intel has announced that it has found the root cause of the crashing issues plaguing its CPUs. The company will issue a microcode update to address the issues by mid-August, ostensibly ending the long-running saga that began when the first sporadic reports of CPU crashing errors surfaced in December 2022 and grew to a crescendo by the end of 2023. Intel’s response comes after complaints about the issue, which causes PCs to inexplicably crash/BSOD during gaming and other workloads, reached a fever pitch in recent weeks. However, the microcode update will not repair impacted processors. Intel also confirmed a rumored issue with via oxidation in its 7nm node, but said those issues were corrected in 2023 and didn’t contribute to the failures.

Intel’s advisory says an erroneous CPU microcode is the root cause of the incessant instability issues. The microcode caused the CPU to request elevated voltage levels, resulting in the processor operating outside its safe boundaries. Intel is now validating a microcode patch to correct the issues, with its release slated for mid-August. This patch will be distributed through BIOS updates from motherboard OEMs and via Windows updates, so the timing for end-user availability could vary. 

The bug causes irreversible degradation of the impacted processors. We’re told that the microcode patch will not repair processors already experiencing crashes, but it is expected to prevent issues on processors that aren’t currently impacted by the issue. For now, it is unclear if CPUs exposed to excessive voltage have suffered from invisible degradation or damage that hasn’t resulted in crashes yet but could lead to errors or crashes in the future.

Intel advises all customers having issues to seek help from its customer support. Because the microcode update will not repair impacted processors, the company will continue to replace them. Intel has pledged to grant RMAs to all impacted customers.

Here’s another reason why Intel’s issues are worse than AMD’s issues:

Intel’s problems are beginning to catch up in a major way with the chipmaking behemoth. Just a couple of days after the company revealed via a community board post that the cause of 13th Gen “Raptor Lake” and 14th Gen “Raptor Lake Refresh” desktop processor (CPU) instability had been discovered in more chips than first thought, the Abington Cole + Ellery law firm began a class action lawsuit investigation.

The law firm — based in Tulsa, Oklahoma, with a focus on class action litigation — is currently gathering information from users who have experienced issues with the Raptor Lake chips.

And yet another reason:

Intel’s nightmare year continues. Fresh on the heels of laying off 15,000 employees and amidst a class action lawsuit about failing 13th Gen and 14th Gen CPUs, Intel now faces a lawsuit from its shareholders. The lawsuit claims that Intel hid issues that led to the company’s market value dropping $32 billion in one day.

“[The] company’s materially false or misleading statements regarding the business and its manufacturing capabilities inflated its stock price from Jan. 25 to Aug. 1,” claims the suit.

Intel CEO Patrick Gelsinger and CFO David Zinsner are the respondents of the lawsuit, which was filed on Wednesday, August 7, 2024 in San Francisco federal court. According to Reuters, Intel shareholders were blindsided by the fact that Intel’s foundry services are “floundering,” in the words of the shareholders.

So while AMD can fix the issues with their products and eventually move on, Intel is facing so much trouble that it could “end” them. Or at the very least hobble them to such a degree that they are never going to be anywhere near the top of the pile when it comes to chipmaking ever again.

Sucks to be Intel.

Leave a comment »

Vulnerabilities In Google’s Quick Share Data Transfer Utility For Windows Outlined At DEF CON

Posted in Commentary with tags on August 10, 2024 by itnerd

This year at DEF CON 32, two members of the SafeBreach Labs team, Or Yair and Shmuel Cohen will present their research “QuickShell: Sharing is caring about an RCE attack chain on Quick Share” by Or Yair and Shmuel Cohen.” This research will explore Google’s Quick Share, a peer–to-peer data-transfer utility for Android, Windows, and Chrome operating systems. Leveraging communication protocols like Bluetooth, Wi-Fi, Wi-Fi Direct, Web real-time communication (WebRTC), and near-field communication (NFC), Quick Share supports file transfers between compatible, nearby devices. 

The research revealed ten vulnerabilities in Quick Share’s Windows application that the researchers were able to assemble into a remote code execution (RCE) attack chain that allowed them to run code on Windows computers with Quick Share installed. In response to the findings, Google assigned two CVEs: one regarding a forced persistent Wi-Fi connection exploit (CVE-2024-38271) and another for a file approval dialog bypass in Windows (CVE-2024-38272). This research reveals the security challenges introduced by the complexity of a data-transfer utility attempting to support so many communication protocols and devices. It also underscores the critical security risks that can be created by chaining seemingly low-risk, known, or unfixed vulnerabilities together.

You can read the research here.

Leave a comment »

Iran Is Trying To Mess With The US Elections Says Microsoft

Posted in Commentary with tags on August 9, 2024 by itnerd

From the “why am I not surprised” department comes this from Microsoft. Researchers for Microsoft said that Iran government-tied hackers tried breaking into the account of a “high ranking official” on the U.S. presidential campaign in June:

“A group run by the Islamic Revolutionary Guard Corps (IRGC) intelligence unit sent a spear-phishing email to a high-ranking official of a presidential campaign” and “another group with assessed links to the IRGC compromised a user account with minimal access permissions at a county-level government,” the report said.

It said the activity appeared part of a broader push by Iranian groups to gain intelligence on U.S. political campaigns and target U.S. swing states. It said the county employee’s account was breached in May as part of a wider “password spray operation” – one where hackers use common or leaked passwords en masse on many accounts until they can break into one.

The hackers weren’t able to access any other accounts through that breach and the targets were notified, the report added.

And that’s not all. It looks like Iran is trying to use other means to bend the US election in ways that help Iran:

The researchers also said another Iranian group had been launching “covert” news sites that used artificial intelligence to lift content from legitimate news sites, and targeted U.S. voters on opposite sides of the political spectrum. It named the two sites as Nio Thinker — a left-leaning site — and a conservative site called Savannah Time.

When browsed on Friday, both websites had similar formats on their ‘About Us’ page, and neither listed any contact detail. Nio Thinker calls itself “your go-to destination for insightful, progressive news and analysis that challenges the status quo”, while Savannah Time says it is “a reflection of the values that make Savannah unique” and a place “where conservative values meet local insight.”

None of this surprises me. I fully expected threat actors from countries like Iran, Russia and China to try and mess with the US elections. The only thing that does surprise me that none of these warnings are new. But they seem to have gone unheeded. That’s a huge problem as it is pretty clear that the country isn’t prepared for something that they should have been prepared for.

1 Comment »

Palo Alto’s 2024 Incident Response Report From Unit 42 Is Out

Posted in Commentary with tags on August 8, 2024 by itnerd

Palo Alto Networks , the leader in cybersecurity, has released a new 2024 Incident Response Report from Unit 42.

This report details the most exploited attack vectors of the past year. It also spotlights the cybercriminal group known as Muddled Libra and analyzes its most successful attack patterns to determine how the most sophisticated attackers may attempt to breach your defenses.

Unit 42 found that software vulnerabilities are often the main attack entry point, sophisticated attacks often involve the exploitation of multiple attack vectors, including compromised credentials, phishing, and brute force methods.

While cybersecurity can often feel like an endless battle between attackers and defenders. At Unit 42, we believe intelligence, insight, and preparation still gives defenders the edge needed to protect themselves.

You can read the report here.

Leave a comment »

Ticked Off Delta Passengers Sue Delta Over The CrowdStrike Snafu

Posted in Commentary with tags on August 8, 2024 by itnerd

Here’s a new twist in the Delta Airlines gets taken down by the CrowdStrike snafu. Passengers who were affected by Delta getting taken down by the CrowdStrike snafu are now suing Delta. The lawsuit, filed by Sauder Schelkopf and Webb, Klase & Lemond on behalf of Delta passengers whose flights were canceled, alleges the following:

“[b]y the end of the weekend, nearly every airline had managed to recover and resume normal operations. Delta, however, did not resume normal operations. By the start of the workweek, Delta continued to cancel a staggering number of flights. On Monday, July 22, it was reported that Delta canceled more than 1,250 flights. These cancellations accounted for nearly 70% of all flights within, to, or from the United States that had been canceled on Monday. No other US airline had canceled one-tenth as many flights.”  It is further alleged that Delta failed to give some affected passengers automatic refunds for canceled flights and often times conditioned its offer of partial reimbursements to passengers on a waiver releasing Delta of all legal claims passengers have against Delta.

And:

“While nearly every other airline recovered quickly from the July 19th ‘Tech Outage,’ Delta’s passengers remained stranded, waiting in lines for days trying to get to their destinations. When our clients sought refunds, Delta again failed to deliver. We look forward to litigating the case on their behalf,” said Joe Sauder of Sauder Schelkopf, an attorney for the passengers.

You can bet that Delta saw this coming. Which is likely why they are going after CrowdStrike for compensation. It will be interesting to see two things. One, if this gets certified as a class action lawsuit. And two, If Delta somehow drags CrowdStrike into this on top of their other pending legal action against them.

Leave a comment »

Introducing SanicDNS: The Ultra-Fast Open-Source DNS Scanner

Posted in Commentary with tags on August 8, 2024 by itnerd

Netherlands-based cybersecurity service Hadrian has launched SanicDNS, the latest open-source DNS scanning tool developed that redefines speed and efficiency in network enumeration.

DNS resolution is a critical process in offensive security, enabling the discovery of DNS records, subdomains, and IP addresses essential for identifying vulnerabilities and potential attack vectors. Traditional tools have often been limited by slow scanning speeds, hindering the ability of security practitioners to conduct thorough and timely assessments.

Enter SanicDNS, developed by cybersecurity innovators Jasper Insinger and Geert Custers. SanicDNS leverages cutting-edge parallelization techniques and advanced networking methodologies, including DPDK (Data Plane Development Kit), to achieve speeds up to 100 times faster. This remarkable enhancement enables security professionals to perform DNS scanning tasks with unprecedented efficiency, significantly reducing the time required to identify misconfigurations and potential threats across networks.

Key features of SanicDNS include:

  • Ultra-fast Scanning: Capable of processing up to 5 million packets per second (Mpps), compared to 0.05 Mpps of traditional tools.
  • Modular Design: Flexible architecture supporting diverse scanning scenarios and use cases.
  • Real-time Feedback: An intuitive interface provides live statistics and JSON output for easy integration into existing workflows.

SanicDNS is being released as open-source software, available for download and implementation by cybersecurity professionals, researchers, and enthusiasts worldwide. It promises to empower security teams with a robust tool for comprehensive network reconnaissance and proactive threat mitigation.

For more information about SanicDNS and to download the tool, visit https://github.com/hadriansecurity/sanicdns

Leave a comment »

Guest Post: Expanding Our Presence in Canada: New Procore Partnerships Aim to Advance Diversity and Inclusion in the Construction Industry

Posted in Commentary with tags on August 8, 2024 by itnerd

Diversity and inclusion are at the heart of Procore’s values. We recognize the importance of creating opportunities for underrepresented groups within the construction industry – and today we are proud to announce our deepened expansion into Canada through strategic partnerships with the Afro Canadian Contractors Association (ACCA) and the Canadian Association of Women in Construction (CAWIC). These partnerships mark a significant milestone in our commitment to supporting diversity, inclusion, and innovation within the construction industry. By joining forces with ACCA and CAWIC, we aim to empower Canadian contractors and construction professionals with the tools, resources, and support they need to thrive in today’s dynamic market. 

Through our partnerships, we will provide training, technology solutions, and support to minority contractors, diverse-owned firms, and women in construction across Canada. Procore will offer comprehensive training programs, access to our industry-leading construction management platform, and discounted buying programs to eligible members. These initiatives aim to equip contractors and construction professionals with the skills and resources they need to succeed in today’s competitive landscape. Whether it’s project management, collaboration, or resource planning, Procore’s platform is designed to streamline workflows and drive efficiency at every stage of the construction process.

“As the President of the Afro Canadian Contractors Association, I am proud to partner with Procore in this significant initiative. This collaboration is a testament to our shared commitment to fostering diversity and inclusion within the construction industry. By providing minority contractors with cutting-edge technology and comprehensive training, we are equipping them with the tools they need to thrive in a competitive market. Together, we are paving the way for a more equitable and innovative future in construction,” said Stephen Callender. 

“We are excited to partner with ACCA and CAWIC to empower minority contractors and diverse firms in Canada with the technical tools and skills they need to thrive in the construction industry,” said Dr. Irish Horsey, Procore’s director of industry advancement. “By providing access to Procore’s innovative construction management solutions and training resources, we aim to break down barriers and foster a more inclusive ecosystem.”

In addition to providing access to technology and training, Procore, ACCA, and CAWIC will collaborate on thought leadership initiatives, including webinars, articles, and industry insights. These efforts will provide valuable insights and best practices to support the growth and success of our partners and their members. By sharing knowledge and expertise, we can collectively drive innovation and excellence within the Canadian construction industry. 

“I am thrilled to see Procore’s commitment to diversity and inclusion within the construction industry. This partnership with Procore represents a powerful step towards providing women in Canada with the resources and opportunities they need to succeed. Together, we can break down barriers and foster a more inclusive and innovative construction industry,” said Lisa Laronde, President, Canadian Association of Women in Construction (CAWIC).

Procore is proud to partner with ACCA and CAWIC in expanding our presence in Canada and supporting the growth and success of contractors and construction professionals across the country. Together, we will empower diversity, foster innovation, and build a brighter future for the construction industry in Canada. 

We invite contractors, construction professionals, and industry stakeholders across Canada to join us in building a better future for the construction industry. Together with ACCA, CAWIC, and our valued partners, we can drive innovation, diversity, and inclusion within the Canadian construction industry. To learn more about Procore’s commitment to empowering diversity and inclusion, visit procore.org

More about Procore.org:

In Canada, Procore.org currently works with 15 colleges and universities, offering free accounts with unlimited user licenses, access to all of Procore’s tools and features, and several complimentary training sessions for professors led by Procore’s implementation training team. These educational institutions in Canada include Red Deer Polytechnic, Northern Alberta Institute of Technology, Southern Alberta Institute of Technology, University of Alberta, Centennial College, Conestoga College, Algonquin College, George Brown College, Lambton College, Cégep de Saint-Laurent, Concordia University, Cégep du Vieux-Montréal, La Cité Collégiale, New Brunswick Community College and University of New Brunswick.

Recently, Procore.org created an Educators’ Training Centre for instructors with educational resources such as presentations, student exercises, sample project data, and a special video certification course for Canadian students.

Leave a comment »

H-ISAC and AHA issue joint call-to-action after 3 ransomware attacks on mission-critical suppliers

Posted in Commentary on August 8, 2024 by itnerd

Health-ISAC and the American Hospital Association (AHA) have issued a joint threat bulletin following three ransomware attacks on blood suppliers, causing blood shortages and disrupting patient care.

  1. On July 30, the attack on OneBlood prompted the Florida Hospital Association to recommend hospitals activate their critical blood shortage protocols.
  2. On early June, the attack on UK based Synovis caused massive disruption with more than 800 operations and 700 outpatient appointments being canceled and resulted in major blood shortages.
  3. On April, the attack on Octapharma Plasma resulted in the temporary closure of its 190 U.S. plasma donation centers and plasma manufacturing facilities.

Ransomware groups have been increasingly targeting third-party infrastructure as the possible massive disruption caused by an attack increases the likelihood of a ransom being paid by the providers.

Health-ISAC and the AHA said the nature and proximity of these three attacks should serve as a wake-up call for the healthcare industry. while attacks prevent access to electronic health records and cause disruption, these three attacks demonstrated how attacks on suppliers can cause disruptions to patient care at multiple hospitals and health systems.

“The outcomes of these attacks highlight the need to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected healthcare ecosystem,” the bulletin reads.

Health systems should identify essential suppliers to the healthcare mission, and redundancy should be built into the supply chain strategy by identifying alternative suppliers or using multiple suppliers to minimize the impact of an attack on critical medical suppliers, the bulletin suggests.

Neal Dennis, Sr. Threat Intelligence Analyst, Cyware had this to say:

   “The recent ransomware attacks targeting blood suppliers underscore the critical importance of strengthening cybersecurity measures in the healthcare supply chain. ISACs play a vital role in providing health entities with access to real-time threat intelligence and resources, especially for organizations with limited capacity to manage these threats independently. Through information sharing and collaboration facilitated by ISACs, healthcare organizations can respond more effectively to cyber threats and protect patient care. By integrating mission-critical and life-critical third-party suppliers into their enterprise risk management plans, organizations can enhance resilience. Proactively identifying essential suppliers and establishing redundancy in the supply chain further mitigates the impact of cyberattacks on critical medical supplies.”

This highlights the need for health care organizations of all sorts to step up their game when it comes to cybersecurity. Because if they don’t step up their game, it will only be a matter of time before something really bad happens.

Leave a comment »

Apple Is Making A Change To Sequoia That You Won’t Like, But Will Make You Safer

Posted in Commentary with tags on August 7, 2024 by itnerd

Change sometimes sucks. But sometimes change is something that is needed to move the world forward. Today, I’m going to give you one of those changes.

At present, when you try to run an app that hasn’t been signed and notarized by Apple, you’ll get this error message:

This is meant to protect you from spyware, malware, etc. Which is fine. But there was always a way around this. If you held down the control key and then clicked on the app, you would get this:

Choosing Open would allow you to open the app. And by extension, also expose you to getting pwned by something nasty. That ability is about to go away as according to this note the upcoming macOS Sequoia will take away this ability. This will stop users from accidentally pwning themselves by running an unsigned app. And there is a way to get around this if forever reason you want to run an unsigned app. You can navigate to System Settings –> Privacy & Security to allow the app to run.

Now let me be clear, I do not recommend that you ever run unsigned, and un-notarized apps. Ever. It’s too big of a risk. And at the same time, I also want to say that even signed and notarized apps have some amount of risk associated with them as some sort of threat actor could leverage the fact that their evil app is signed and notarized to launch an attack. But this change is a good one as it will make macOS more secure in the long run. Even if a handful of users aren’t going to be happy with this change.

Leave a comment »

« Older Entries
Newer Entries »