Weekly in Security 202228

2022-07-11 to 2022-07-18

4 min read - 779 words

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-07-11 to 2022-07-18.

Vulnerabilities

Retbleed

The researchers from ETH Zurich COMSEC published a new speculative execution attack dubbed Retbleed. It is a variant of the Spectre vulnerability and exploits return instructions. Intel Gen 6 - 8, from Skylake through Coffee Lake, are affected. Also, AMD Zen 1, Zen 1+, and Zen 2 processors are affected. Microsoft Windows is not affected, as they are already using Indirect Branch Restricted Speculation (IBRS). For Linux a patch was pulled into the mainline kernel. The measured performance loss was in the range of 14 to 39%.

News

Callback campaign impersonating Cyber Security Companies

Currently a callback campaign employs emails that appear to originate from cyber security companies. To bait the hook the message claims a potential compromise in the recipient’s network was detected. The operators provide a phone number for the recipient to call back.

TikTok prank using vishing

Currently, a popular prank on TikTok is mimicking voice phishing methods. People call their friends using an automated answering machine voice. They tell them that a large amount of money is about to be debited from their account. No matter how the victim replies, the next thing the answering machine says is, “Thank you, your order has been confirmed.” The victim think the funds are going to be withdrawn and panic

Jian huang shi - Combining the power of humans and AI

In China, watching porn is a crime. The authorities use AI, which makes mistakes based on the limits of the image recognition algorithms. At the same time, a large number of professional censors are employed. The censors are known as jian huang shi, or “porn appraiser” and can quickly grow tired. To combine the power of human and AI researchers at Beijing Jiaotong University in China have developed a ‘mind-reading’ device. Using the EEG cap, a jian huang shi only needed to sit in front of a screen. The paper lists an accuracy of over 80 percent. More training would be needed to improve the performance.

Generally, China is clearly following this path. The PLA is funding development of future helmets that support a mind-reading brain-computer interface. Some factories in China used brain wave monitoring devices to monitor attention and emotions to prevent work accidents. Generally, more than a dozen Chinese companies are reportedly using the technology to monitor the emotions of workers in high-stress jobs.

CuteBoi

CuteBoi is utilizing automated NPM account creation to publish a large amount of malicious packages. Checkmarx detected 2532 packages that mostly utilize XMRig miners.

NIST and Post-Quantum Cryptography

The third round of the selection process of the NIST Post-Quantum Cryptography Standardization has concluded. NIST recommends CRYSTALS–Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE.

Tools

Purple Dome

Purple Dome aims to create a simulated computer network based on a config file. The tool will spin up some attacker virtual machines and have them run attacks on those systems. The take-away for us will be logs and information containing the traces the attackers left.

Salus - Microsoft SBOM

Microsoft published an Software Bill of Materials (SBOM) tool. The tool supports the standard Software Package Data Exchange (SPDX). Based on this the data can be imported in any supporting toolkit.

OpenDroneMap

A command line toolkit to generate maps, point clouds, 3D models and DEMs from drone, balloon or kite images.