CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 53: April 17 2023


Pentagon Document Leak

  • Documents
    • Various social media sites
      • Twitter
      • Telegram
    • Documents leaking at least since January.
      • Discord
      • 4Chan
    • Leaker
      • Jack Teixeira
        • 21 y/o
        • North Dighton, Massachusetts.
        • Massachusetts Air National Guard
      • Arrest
        • in connection to “unauthorized removal, retention and transmission of classified national defense information”
      • Discord Members
        • suspicious of law enforcement and the U.S. intelligence community
        • prone to ranting about “government overreach,”
      • Leak
        • photos of crumpled pieces of paper
          • laid on top of magazines.
            • or surrounded by household objects.
          • leaked documents numbers roughly 100 pages,
          • The documents illustrate U.S. efforts to spy on Ukraine’s government and military leaders.
            • lays out the U.S.’ extensive knowledge of Russian government intelligence.
              • could hurt U.S. spy efforts if Russia figures out where the information is coming from.
            • DLP?

NCR was the victim of BlackCat ransomware gang.

  • NCR Corporation
    • software, consulting and technology company providing several professional services and electronic products.
    • manufactures self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners.
  • Outage
    • Wednesday
    • DFW05 datacenter
    • outage on its Aloha point of sale platform
      • restaurant point-of-sale and management software
    • notified law enforcement and engaged third-party cybersecurity experts.
      • investigate the incident and determine the scope of the attack.
    • restaurants impacted are still able to serve their customers
      • impacted a specific functionality.
    • BlackCat/ALPHV
      • AKA UNC4466
      • Since November 2021
      • added NCR to the list of victims on its Tor data leak site
      • Dominic Alivieri, CyberSecurity researcher published a chat message related to the negotiation between NCR and the ransomware gang.
      • removed the name of NCR from its leak site
        • probably because of an ongoing negotiation.

Free Movie Sites are a bad idea

  • Movies 365
    • promise access to the latest movies
  • How they work
    • designed to lure users
    • make money by hosting forms and advertisements
      • possible malware
    • collecting personal information from users
      • survey or enter their email address or phone number
      • sold to third-party advertisers
    • Don’t just don’t

Vice Society Ransomware Using Stealthy PowerShell Exfiltration

  • Vice Society
    • Microsoft Tracks as DEV-0832
    • extortion-focused
    • May 2021
  • New Tool
    • bespoke PowerShell
      • avoids detection
        • living off the land binaries and scripts
          • no need to bring in external tools
        • automate exfil
      • ps1
        • identifying mounted drives
        • recursively searching through each of the root directories
        • focus on files over 10 KB
        • file extensions and in directories that meet its include list
        • Excludes
          • system files, backups, and folders pointing to web browsers
          • security solutions from Symantec, ESET, and Sophos
        • Utilizes multi-processing and queuing
          • ensures it does not consume too many system resources