The Good, the Bad and the Ugly in Cybersecurity – Week 33
U.S. Cyber Command continues to fight the good fight by sharing malware samples with the rest of the industry. This week, the military unit shared samples of ElectricFish malware, a tunneling tool discovered in May and attributed to APT38, a North Korean affiliated group said to focus on financial theft. ElectricFish is a Windows 32-bit command line tool that enables attackers to use tunneling to exfiltrate data from a backdoored system.
Nice to see some good news this week concerning Bluetooth, particularly after the recent revelation that iOS devices allow snoops to leverage the protocol to surreptitiously gather device data. Turning the tables, researchers have developed an app that can sniff out credit card skimmers at gas stations. Dubbed ‘Bluetana‘, the app is currently only available to gas pump inspectors but has already been used to flush out 64 skimmers in Arizona, California, Nevada and Maryland.
Long before most people started to think too much about computer security – well, 2001 anyway – Microsoft introduced a nice feature for multilingual users of Office XP. The feature helpfully pops up a small ‘composition’ window that tries to predict a foreign language character (think Simplified Chinese, Korean or Japanese characters) based on the Roman characters you type. Sounds great. Fast forward to 2019 and Project Zero’s discovery that the underlying protocol for this feature – the Text Services Framework – exposes users of every version of Windows ever since, regardless of whether you have installed foreign language support or not, to a privilege elevation vulnerability. An attacker needs login credentials first (so, no RCE here), but any user can quickly and reliably elevate to root. The bug is fixed in the latest available patch and all Windows users are urged to patch without delay.
Huawei, another company that are not in the US government’s good books at the moment, have reportedly been aiding at least two African nations in their attempts to suppress political opponents and restrict internet freedoms. The company’s employees apparently lent their assistance to intelligence agencies in Zambia and Uganda to hack WhatsApp and Skype communications and shutdown news sites unfavorable to the Ugandan government. For their part, Huawei have denied the allegations.
Read more about Cyber Security
Reversing Malware on macOS
Endpoint Protection Platform Free Demo