Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 6, 2023

Monday

Google Cloud Platform's Blind Spot for Data Exfiltration Attacks is Revealed by Experts

According to a recent study, malicious actors can use “insufficient” forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data.


In order to access the GCP environment, the adversary must be able to take control of an identity and access management (IAM) entity within the targeted organization using techniques like social engineering.


The main issue is that potential file access and read events are not sufficiently transparent in GCP’s storage access logs, which instead combine them together into a single “Object Get” action.


In a fictitious attack, a threat actor might transfer valuable data from the storage buckets of the victim organization to an external storage bucket within the attacker organization using Google’s command line interface (gsutil).


Since then, Google has offered mitigation advice, including the use of organization restriction headers to limit requests for cloud resources and Virtual Private Cloud (VPC) Service Controls.


The information was revealed at the same time that Sysdig discovered SCARLETEEL, a sophisticated assault campaign that targets containerized environments in order to steal proprietary data and software.

NEWS 1
Google Cloud Platform's Blind Spot for Data Exfiltration Attacks is Revealed by Experts

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Experts Find a Flaw in the Quantum-Resistant Encryption Algorithm Selected by the US Government

One of the encryption algorithms selected by the US government as quantum-resistant last year, CRYSTALS-Kyber, has been exposed by a group of researchers as having what it claims to be a vulnerability in a particular implementation.

The exploit involves “side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU,” according to a paper by Elena Dubrova, Kalle Ngo, and Joel Gärtner of the KTH Royal Institute of Technology.

The U.S. National Institute of Standards and Technology (NIST) has chosen CRYSTALS-Kyber as one of four post-quantum algorithms following a rigorous multi-year search for the next-generation encryption standards that can resist enormous increases in computing power.

The underlying concept is that sensitive information, such as ciphertext and encryption keys, can be decoded and inferred from the physical effects that a cryptographic implementation introduces.

One of the most widely used defense’s against physical attacks on cryptographic systems is masking, which randomizes computation and separates side-channel data from secret-dependent cryptographic variables.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 6, 2023 /

Monday

Hackerzhome News

2

Have you heard?
Abuse Of OneNote Embedded Files know more!

Mexican banks are the target of new FiXS ATM malware.

Mexican banks are the target of new FiXS ATM malware.

At the beginning of February 2023, Mexican banks have been the target of a brand-new ATM malware outbreak known as FiXS.

According to a tip provided with The Hacker News by Latin American cybersecurity firm Metabase Q, the ATM malware is concealed inside another programme that doesn’t appear harmful.

The Windows-based ATM malware is vendor-agnostic and capable of infecting any teller machine that supports CEN/XFS in addition to requiring input via an external keyboard (short for eXtensions for Financial Services).

Dan Regalado of Metabase Q told The Hacker News that while the precise method of penetration is still unknown, it’s likely that “attackers found a way to interface with the ATM through touchscreen.”

Another ATM malware outbreak known as Ploutus, which has allowed thieves to steal money from ATMs by using an external keyboard or by sending an SMS message, is claimed to be comparable to FiXS.

FiXS’s use of the Windows GetTickCount API allows it to disburse cash 30 minutes after the last ATM reboot, which is one of its standout features.
The sample used by Metabase Q for analysis is supplied by a dropper known as Neshta (conhost.exe), a virus that infects files and was first discovered in 2003.

NEWS 3

City of Oakland data taken by a ransomware gang is leaked

City of Oakland data taken by a ransomware gang is leaked
NEWS 4

Data that was recently stolen in a breach against the City of Oakland, California, has started to leak thanks to the Play ransomware gang.

The initial data breach consists of a 10GB multi-part RAR package purportedly containing private papers, employee data, passports, and identification documents.

Financial information, private and confidential information. IDs, passports, employee details, and information on human rights violations.
The crooks on their data leak website indicated that they have only partially published compressed 10gb as of yet.

We just learned that an unauthorised third party has obtained certain files from our network and plans to disseminate the information publicly, the City of Oakland stated in a statement, adding that the investigation into the extent of the incident impacting the City of Oakland is still underway.

On this matter, we are collaborating with third-party experts and law enforcement, and we are continuously reviewing the allegations made by the unauthorised third party to determine their veracity.

Despite the fact that the attack had no effect on 911 or emergency services, numerous other systems, including phone service and those used to process payments, process reports, and issue permits and licences, were taken offline.

How to stop Microsoft OneNote files from bringing malware into Windows

Hackers frequently utilise the seemingly innocent Microsoft OneNote file format to disseminate malware and infiltrate corporate networks. Here’s how to prevent Windows from becoming infected by malicious OneNote phishing attachments.

Threat actors have been downloading and installing malware on Windows devices for years by using macros in Microsoft Word and Excel documents.

Microsoft OneNote attachments, which have the “.one” file extension, are an intriguing option because they do not spread malware via macros or security flaws.

Nevertheless, the ‘Double Click to See File’ is actually concealing a number of embedded files that are located below the button layer, as can be seen from the attachment above.

Blocking the ‘.one’ file extension at your secure mail gateways or mail servers is the easiest technique to stop fraudulent Microsoft OneNote attachments from corrupting Windows.

To prevent the launching of embedded file attachments in Microsoft OneNote files, you can also use Microsoft Office group policies if that isn’t possible in your environment.

To begin using Microsoft OneNote policies, first install the Microsoft 365/Microsoft Office group policy templates.

You can now locate new Microsoft OneNote policies called “Disable embedded files” and “Embedded Files Banned Extensions” after the policies have been installed.

How to stop Microsoft OneNote files from bringing malware into Windows
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: