Squeeze Volume 11 - Google bounties, TrickBot, Iranian hackers & more!

The Secjuice Squeeze, a curated selection of interesting infosec articles that you may have missed.

Squeeze Volume 11 - Google bounties, TrickBot, Iranian hackers & more!

Welcome to the Eleventh edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles, curated for your reading enjoyment, just in case you missed them! This week's volume was written and compiled by Bhumish Gajjar, Guise Bule, Mike Peterson, Miguel Calles and Manmeet Singh Bhatia.

UN Was Hacked, Didn't Inform It's Employees

The United Nations' IT systems were penetrated by hackers 6 months ago. Still, the UN didn't bother to tell the public or even its own staff about the July 2019 hack -- despite staff records having been compromised. What's worse, the whole thing could have been prevented with a simple software patch. The breach, at least at the human rights office, appears to have been limited to the so-called active directory - including a staff list and details like e-mail addresses - but not access to passwords. No domain administrator's account was compromised, officials said.

Link: https://boingboing.net/2020/01/29/united-nations-was-hacked-in-j.html

Google Paid $6.5M In Bug Bounties In 2019

Google today announced it has paid out over $21 million since launching its bug bounty program in November 2010. In the past year alone, the company distributed $6.5 million to 461 different security researchers, almost double the previous record set in 2018: $3.4 million to 317 various security researchers. Google breaks down the $6.5 million into four categories: $800,000 for Google Play, $1.0 million for Chrome, $1.9 million for Android, and $2.1 million across other Google products. Google added that security researchers decided to donate an all-time-high of $507,000 to charity in 2019. That’s five times the amount ever previously given in a single year.

Link: https://venturebeat.com/2020/01/28/google-has-paid-security-researchers-over-21-million-for-bug-bounties-6-5-million-in-2019-alone/

US Wawa Breach: 30mn Customers Data Exposed

Hackers have put up for sale the payment card details of more than 30 million Americans and over one million foreigners on Joker's Stash, the Internet's largest carding fraud forum. The card data was traced back to Wawa, a US East Coast convenience store chain. Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019. Gemini Advisory said that, after analyzing the data, the Wawa card dump appears to include "30 million US records across more than 40 states, as well as over one million non-US records from more than 100 countries."

Link: https://www.zdnet.com/article/wawa-card-breach-may-rank-as-one-of-the-biggest-of-all-times/

Google open-sources firmware needed to build hardware security keys.

Google has open-sourced a new project called OpenSK that will make it easier for hobbyists and hardware vendors to build their own security key. The open-sourced GitHub project contains Rust-based firmware that can be installed on Nordic chip dongles and effectively convert the dongle into a FIDO U2F and FIDO2-compliant security key. Furthermore, Google also published stereolithography source code files. Users can use these files to 3D-print a physical case, and place the Nordic chip dongle to assemble a real-life security key they can carry around.

Link: https://www.zdnet.com/article/google-open-sources-the-firmware-needed-to-build-hardware-security-keys/

TrickBot Trojan Uses a New W10 UAC Bypass

The TrickBot Trojan has switched to a new Windows 10 UAC bypass to execute itself with elevated privileges without showing a User Account Control prompt. Windows uses a security mechanism called User Account Control (UAC) that will display a prompt every time a program is run with administrative privileges. These UAC bypasses are found in legitimate Microsoft Windows programs that are used by the operating system to launch other applications.

Link: https://www.bleepingcomputer.com/news/security/trickbot-uses-a-new-windows-10-uac-bypass-to-launch-quietly

Our friend Marco is doing some fantastic work over on his own cybersecurity blog and just published a brilliant dashboard used to visualize and monitor trends over thousands even millions of samples providing quantitative analyses on what has observed during the performed automatic analyses. Head on over and check it out, he welcomes your thoughts, feedback and feature requests!


Someone's sneaking malware into 'coronavirus prevention' documents.

IBM X-Force and Kaspersky have discovered a new campaign of botnet-driven emails trying to trick users by posing as documents with coronavirus-prevention measures distributed by a Japanese welfare service. Under the hood researchers found that the documents are actually just spreading the Emotet trojan. People should know better than to click on documents in emails. But, unfortunately, tactics like these will likely continue to be effective – particularly if they continue using current events as lures.

Link: https://threatpost.com/coronavirus-propagate-emotet/152404/

Users exposed by 2015 Ashley Madison breach hit with extortion campaign.

Back in 2015, a data breach exposed the personal information of around 32 million users of extramarital affair site Ashley Madison. Now, five years later, some of those users are being hit again with highly customized extortion attempts. The extortion messages, which are laden with highly personal and financial information, demand around $1,000 worth of Bitcoin. If not, the extortioners threaten to share compromising information with their friends, family, and employers.

Link: https://www.darkreading.com/attacks-breaches/ashley-madison-breach-returns-with-extortion-campaign/d/d-id/1336937

State-sponsored Iranian hackers continue to go after U.S. government targets.

Iranian government-backed hackers connected to APT34, a state-sponsored cyberespionage group, appear to be going after Westat, a private firm that provides "research services" to the U.S. government and other clients. Specifically, it looks that employees of Westet are being targeted with malware-laden spear-phishing emails, according to researchers at Intezer. For the time being, it seems like state-sponsored groups out of Iran are going to continue going after U.S. targets.

Link: https://www.zdnet.com/article/iranian-hackers-target-us-government-workers-in-new-campaign/

"Cache Out" Vulnerability Discovered in Intel Processors.

Many modern Intel built CPUs are vulnerable to a hardware issue that could allow attackers to disclose sensitive data related to OS kernel and even VMs. Dubbed as "Cache Out," the vulnerability is associated with CVE-2020-0549.

Link: https://thehackernews.com/2020/01/new-cacheout-attack-leaks-data-from.html

The awesome images used in this article is called The Night Garden and it was created by Sid Storoy.