KazukiLabs NewsBites Vol.3 Num. 04
The Russia Edition
Oh boy have these last couple weeks been interesting, specially the last week, where i had to change over to doing OSINT/Info work most of the days and spend most of the days in the Discord VC with others trying to sort through everything that was happening and still are happening, and for first time since i started this newsletter i had to put aside the newsletter two weeks in a row.
In a single week, a lot of things have turned on its head and have forced countries and people to not only make unprecedented decisions and actions both in the physical and digital domain, where even countries such as Sweden and Switzerland decided to get involved, but also seriously consider how they stand in regard to future events that may happen, not only in regards to Russia itself, but other countries as well.
With all the things going on at the moment with the current world situation still being highly volatile, it will be a interesting weeks, months and possible years ahead where everything can happen, and as someone on twitter mentioned, the parody news “The Onion” must be really sweating at the moment, as almost anything they write will be filed under “it’s possible” category.
Oh, also, was planning to tell this a little later when i actually have manage to improve it some more, but heck, may as well tell it here, i got tired of keep missing things that happens either due to i forgot about them or never was aware it was happening in the first place, so i decided to make a Tracker in excel to try keep track of everything called “World Event Tracker” which you can find a link to in the “projects” section on my blog
it’s still very much a work in process, but it can only get better by people actually knowing about it and contribute to it, so if you know of any events(regardless what it is such as conference, convention, talk, meet, etc) that is not already listed on it, do consider contribute to it using the method described in the README sheet, if you want editor role, let me know and i will add you if you’re know trustworthy :).
Cisco inferno: Networking giant reveals three 10/10 rated critical router bugs
Kazu: Uh-oh, there's been discovered 5 new critical vulnerabilities in Cisco's business routers (RV160, RV260, RV340 and RV345) with 3 of them having being 10/10 score, some of which are not even a patch out for yet such as RV160 or RV260, if you got any of them, not much you can do then turn them off and wait for a patch, if you got the other ones, a patch is currently available and you should really consider patching asap.
Cisco joins long list of security companies supporting Ukraine
Kazu: to absolute no-one surprise, after Putin decided to be a dick, most countries and companies decided to take actions against Russia by suspending their services to the country, the effect it will have on Russia is still uncertain, but consider that Cisco is everywhere, i would imagine some companies in the country will feel it....and the government itself if they run Cisco.
Suspected Ransomware Cyber Attack Disrupts Expeditors International’s Logistics Operations Worldwide
Kazu: seems another large international company was hit with something that can only be assumed to be ransomware, although Expeditors themselves, which offer services related to transportation, warehousing, distribution, and customs, will not as of yet confirm such, it does have all the hallmarks of such attack and the company decided to shut down all it's infrastructure to limit the possible damage and work on restoring the systems and the company said they should be soon back up to normal operational capacity.
BBC points Russians to the Tor version of itself
Kazu: Internet in Russia have always been a heavily monitored and censored, but amids putin's attack on Ukraine and increasing amount of sanctions against Russia, it appears the government is blocking even more non-Russia sites in a attempt to keep their population in the dark on what is really happening,
in fact, it's gotten so bad that BBC, which are owned by the british government itself, have decided to tell russians on how to circumvent their own Geo-restriction by pointing russias to a tor version of itself(as well as recommending a android/iphone vpn app) so Russia can get access to news outside Russia.
Leaked stolen Nvidia cert can sign Windows malware
Kazu: Nvidia recently suffered from a ransomware attack by the ATP group known as Lapsus$, but this is not you typical one, instead of currency, they want Nvidia to remove their cryptomining limit on their cards, or they would leak everything they stolen, well, Nvidia seems to not want to play ball and thus a lot of Nvidia's data have been leaked which contains a lot of interesting things (in addition to NTLM and employees creds) such as secret source code, documentation, etc.
One of the things that was part of the leak was old Nvidia certs that are still accepted by windows despite they technically have expired, which can allow malicious drivers to be installed into the windows kernel.
CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog
Kazu: CISA have a catalog called "Actively Exploited Vulnerabilities" which is a list of vulnerabilities which are currently being actively exploited in the wild,and now CISA have added additional 95 flaws to it, so if you haven't already, now may be a good time to give the catalog another view and check which may affect systems you are responsible for.
Hackers leak 190GB of alleged Samsung data, source code
Kazu: To be honest, I had to do a double take when I read this, Lapsus$ getting Nvidia was one thing, but seeing them appear again with Samsung in the same week? Now that surprised me, they seem to really been gunning for it recently and I can only assume the same vulnerability got both Samsung and Nvidia, as I can not see how they would manage to find a way to get them both in the same week if not.
Conti Ransomware Decryptor, TrickBot Source Code Leaked
Kazu: There's been a lot of things which have happened both outside and inside the digital domain since Russia decided to invade Ukraine, mostly negative things, but there's some "positive" things that have come out of it as well, such as the ATP group known as "Conti" have found all of their internal information leaked due to (allegedly) Ukrainen member who did not like rest of the teams pro-Russia stance.
A new iron curtain is descending across Russia’s Internet
As russia’s war against Ukraine continues, more and more services, social media and news related places get severely limited or blocked outright by the Russian government and quickly turn the country into a closed one where most people will not be able to find out what is happening, communicate or interact with people or services outside russia’s borders affecting millions of ordinary people,
but this problem is also accelerated by the ones outside of the countries with companies all over the world suspending services to the country and thus further isolate the country from the internet even more, while it’s understandable that companies want to not help the Russian government doing their thing, they also sadly decrease the ability for ordinary people to learn about things happening and communicate to do something about it, so it’s a double edged sword sadly..
OTHER INTERESTING THINGS WORTH A LOOK:
How neutral is Kaspersky in the Ukraine cyberwar?
Kazu: This article are one of those i purposely decided to look for instead of just coming across it as i normally does as i had to wonder how Kaspersky are doing with all this war with Ukraine Russia is doing and all the sanctions and such being applied to Russia, and while the company state it have no affiliation with the government/secret stuff beyond what most companies in most countries have with the Law, people have started to have certain doubts consider everything.
'Ticking time bomb': Russian ransomware attacks are coming. What small businesses should do right now.
Kazu: as the Russia attacks on Ukraine and the world's increasingly tougher sanctions on Russia, it is predicted that ransomware activity from Russia will only increase and be even worse than before, and specially for smaller businesses, and while i have to somewhat concur, i have to also wonder how many of them will now be seriously affected by all the sanctions, rubble crashing and burning and Russia government now seeming to move closer to block all internet access to the outside world, only time will tell i guess.
AssemblyAI snags $28M for all-in-one API to transcribe, summarize and moderate audio
Kazu: While initially it all sounds interesting from a technical perspective, as a person with focus on not only security but also privacy, I can't help but have concerns in regards to a lot of things, such as censorship, safety, security, etc....
i know companies like amazon and Microsoft is already doing research into this area, but i don't really like what they do either tbh, as the technology are bound to be included into more and more places, with increased safety/privacy/security risk if something goes wrong, such as the AI thinking it heard something different from what was actually said or it tries to analyze the speech to determine the meaning behind what is said which are bound to be wrong.
The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
Kazu: In today's world, now more then even in current times, and specially lately, it can be hard to separate truth from fiction more than ever, specially on social media,
and while it will never be easy and it's hard to know for sure, there's a method out there to help you make better decisions on whether to believe something or not, and in this short article, ullrich will go through some of the things you can do to try to separate truth from fictions.
Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again
Kazu: ReBreakCaptcha is back, and better and more reliable then before, initially it was shelved as no longer being reliable enough, but now it have come back out of retirement and now even more reliable before against google's ReCaptcha v2.....by using google's own services against itself.