Tag: Loop | SpinSafe

OODA Loop – Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax

March 22, 2024/in Internet Security

The Rhysida ransomware group has claimed responsibility for a recent cyberattack on boat dealer MarineMax and is offering to sell allegedly stolen data from the company for a significant sum, starting at 15 bitcoin ($950,000). MarineMax, one of the largest retailers of recreational boats and yachts globally, reported being targeted in a cyberattack that caused some disruption, as disclosed in an SEC filing. Although MarineMax has not provided extensive details about the incident, screenshots of financial documents and spreadsheets have been published by the cybercriminals to demonstrate the theft of valuable data. However, MarineMax stated in its regulatory filing that sensitive data is not stored in the compromised environment. The Rhysida ransomware group, known for targeting various sectors including government, IT, manufacturing, healthcare, and education, encrypts files on compromised systems and demands ransom. Despite researchers developing a decryption tool for Rhysida in February 2024, it is uncertain if the cybercriminals have since updated the malware to render the tool ineffective. The extent of file encryption or data theft in the MarineMax attack remains unclear, and further information from the company is awaited.

Source…

OODA Loop – North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities

June 23, 2023/in Computer Security

Read more: https://www.securityweek.com/north-korean-hackers-caught-malware-with-microphone-wiretapping-capabilities/Cybersecurity firm AhnLab has reported that a hacking group, identified as APT37 and linked to the North Korean government, has been using new wiretapping malware in recent surveillance attacks. The group employed a Go-based backdoor exploiting the Ably messaging platform, as well as an information stealer with microphone wiretapping capabilities. Spear phishing emails delivering a password-protected document and a disguised CHM payload were used to lure victims into executing the malicious script. The malware exfiltrates files, takes screenshots, steals data from removable devices, logs keystrokes, and conducts unauthorized wiretapping. APT37 has targeted North Korean defectors, human rights activists, journalists, and policymakers for surveillance purposes.

Source…

OODA Loop – Joseph Menn: Observations From Two Decades Of Tech Journalism

October 1, 2022/in Computer Security

Covering technology issues, and specifically cybersecurity as a journalist is a tough endeavor. Some of these technologies are complex as are the security vulnerabilities often inherent in their deployment and making these topics broadly accessible can be a challenge. Many of the underlying issues touch upon national security and civil liberties creating an interesting nexus that must be highlighted in the proper context. Lastly, it can be a challenge to create trusted relationships with the hacker community, but they provide essential perspectives and leads.

Joseph Menn has established himself as one of the top journalists covering these issues for over two decades at organizations like the Financial Times, Los Angeles Times, Bloomberg, Reuters, and now at the Washington Post. He’s spoken at conferences like Black Hat, Def Con, and RSA. He’s written three books covering topics like Napster, cybercrime, and most recently the infamous hacker group cDC in his book “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World”.

In the OODAcast, Joseph provides insights from his career as a journalist covering technology and cybersecurity. We explore how he first got involved with Def Con Black Hat and the value of attending the events. Joseph discusses how he first got introduced to the cDC and why he decided to write a book about the group and developed an overall positive outlook in the critical role hackers will play in saving the world.

Official Bio:

Joseph Menn joined The Washington Post in 2022 where he specializes in computer security, hacking, privacy and surveillance. He has perhaps the longest running track record among professional journalists covering cyber security and cyber conflict issues, having over two decades of experience on the topic. Prior to the Washington Post he covered cybersecurity and technology for Reuters, the Financial Times and the Los Angeles Times

His books include “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World” (2019) and “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet” (2010).

Podcast Version:

External Links:

Cult of the Dead Cow book

Source…

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

March 31, 2022/in Computer Security

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.

“An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS,” the company said in an advisory published on March 29, 2022. “If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices.

QNAP, which is currently investigating its line-up, said it affects the following operating system versions –

QTS 5.0.x and later
QTS 4.5.4 and later
QTS 4.3.6 and later
QTS 4.3.4 and later
QTS 4.3.3 and later
QTS 4.2.6 and later
QuTS hero h5.0.x and later
QuTS hero h4.5.4 and later, and
QuTScloud c5.0.x

To date, there is no evidence that the vulnerability has been exploited in the wild. Although Italy’s Computer Security Incident Response Team (CSIRT) released an advisory to the contrary on March 16, the agency clarified to The Hacker News that it has “updated the alert with an errata corrige.”

The advisory comes a week after QNAP released security updates for QuTS hero (version h5.0.0.1949 build 20220215 and later) to address the “Dirty Pipe” local privilege escalation flaw impacting its devices. Patches for QTS and QuTScloud operating systems are expected to be released soon.

Tag Archive for: Loop