Weekly Digest #16

The new side-channel attack can recover encryption keys from Google Titan security keys

The Google Titan and YubiKey hardware vulnerability allow threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations.

Once obtained, the two security researchers say the encryption key, an ECDSA private key, would allow threat actors to clone Titan, YubiKey, and other keys to bypass 2FA procedures.

Read more

Ryuk gang estimated to have made more than $150 million from ransomware attacks

A lot of companies continue to suffer from ransomware attacks. Hackers make their money on vulnerabilities in the infrastructures of companies that do not properly monitor their cybersecurity.

Regular penetration testing of your infrastructure will help reduce the risks of such attacks.

The Ryuk ransomware operators earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies worldwide.

Ryuk converted Bitcoin into real fiat currency using accounts on two very well-established crypto-portals, such as Binance and Huobi, most likely using stolen identities.

Read more

JetBrains denies being involved in SolarWinds hack

It is always interesting to read different variants of the SolarWinds hack. How could hackers have access? Interesting?

Well, known company JetBrains with Russian founders is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies worldwide.

The  US officials are looking at a scenario where Russian hackers breached JetBrains and then launched attacks on its customers, one of which was SolarWinds.

Read more

SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server

The US Department of Justice confirmed this week that the hackers behind the SolarWinds supply chain attack targeted its IT systems. They escalated access from the trojanized SolarWinds Orion app to move across its internal network and access some of its employees’ email accounts.

With DOJ employee numbers estimated at around 100,000 to 115,000, the number of impacted DOJ employees is currently believed to be approximately 3,000 to 3,450. The DOJ said it has now blocked the attacker’s point of entry.

Read more

Hackers target cryptocurrency users with new ElectroRAT malware

This week one security firm discovered a covert year-long malware operation.  Hackers created fake cryptocurrency apps to trick users into installing a new strain of malware on their systems named ElectroRAT, with the end goal of stealing victims’ funds.

The fake apps were named Jamm, DaoPoker and eTrade/Kintum, and were hosted on dedicated websites. We always tell you to download your apps, only official stores AppStore and GooglePlay.

They were available mostly in all versions for Windows, Mac, and Linux, and were built on top of Electron, an app-building framework.

Read more

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Major browsers get an update to fix separate bugs that allow for remote attacks, potentially letting hackers take over targeted devices.

Makers of the Chrome, Firefox and Edge browsers urge users to patch critical vulnerabilities that if exploited, allow hackers to hijack systems running the software.

The Mozilla Firefox vulnerability (CVE-2020-16044) is separate from a bug reported in Google’s browser engine Chromium, which is used in the Google Chrome browser and Microsoft’s latest version Edge browser.

Twelve additional bugs were reported by Google, impacting its Chromium browser engine. Both Google and Microsoft featured the same list of vulnerabilities (CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021-21114, CVE-2021-21115, CVE-2021-21116, CVE-2020-16043).

The majority of the bugs were rated high-severity and tied to use-after-free bugs. Three of the vulnerabilities earned bug hunters $20,000 for their efforts. 

Read more