Weekly in Security 202225

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-06-20 to 2022-06-27.

News and Articles

Challenging Initial Access Model

Traditionally, in a phishing campaign the success condition is the callback. Then we know, the user clicked a thingy. The article proposes a phishing for persistence. So, instead of the immediate callback a delayed reaction should be utilized. This situation creates a delay between action and outcome. Does this break alert logic?

• Hang Fire: Challenging our Mental Model of Initial Access | by Matt Hand | Jun, 2022 | Posts By SpecterOps Team Members

Deepfake-Klitschko

Berlin Mayor Franziska Giffey spoke for 15 minutes with a man posing as Kyiv Mayor Vitali Klitschko

• Senatskanzlei Berlin on Twitter
• Senatskanzlei Berlin on Twitter
• Vitali Klitschko fake tricks Berlin mayor in video call | News | DW | 24.06.2022
• Giffey fällt auf “Deepfake-Klitschko” herein

Alexa dead grandma audio deepfake

Child’s grandma comes out of the speaker to read a tale. The system can learn to imitate someone’s voice from just one minute of recorded audio.

• Amazon uses kid’s dead grandma in morbid demo of Alexa audio deepfake | Ars Technica

Malicious Python packages

Sonatype discovered multiple Python packages exfiltrate your secrets — AWS credentials and environment variables. Additionally, quite a few CVEs popped up in NVD with a reference to the malicious request package.

• Python packages upload your AWS keys, env vars, secrets to the web
• PyPI package ‘keep’ mistakenly included a password stealer