CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 63: July 10 2023

Links
https://thehackernews.com/2023/07/google-releases-android-patch-update.html
https://thehackernews.com/2023/04/cisa-warns-of-5-actively-exploited.html
https://source.android.com/docs/security/bulletin/2023-07-01
https://nvd.nist.gov/vuln/detail/CVE-2021-29256
https://www.helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
https://www.scmagazine.com/news/application-security/still-no-specifics-on-this-weeks-jumpcloud-security-incident
https://twitter.com/leereichardt/status/1676739855454461952
https://thehackernews.com/2023/07/jumpcloud-resets-api-keys-amid-ongoing.html

ndroid Patches 3 Actively Exploited Vulnerabilities

  • July Android Update
    • addresses 46 new software vulnerabilities.
      • 3 needs to pay attention.
    • CVE-2023-26083
      • memory leak flaw
        • Arm Mali GPU driver
          • Bifrost, Avalon and Valhall chipsets
        • Used in Dec 2022 Samsung spyware issue.
        • April 2023 first warning CISA (CyberSecurity & Infrastructure Security Agency)
        • CVE-2021-29256
          • Bifrost and Midgard Arm Mali GPU kernel drivers
          • unprivileged user to gain unauthorized access to sensitive data
          • escalate privileges to the root level.
        • CVE-2023-2136
          • Skia, Google’s open-source multi-platform 2D graphics library
          • Found as Zero-Day on Chrome
          • allows a remote attacker to perform a sandbox escape and implement remote code on Android devices.
        • Not Active but serious
          • CVE-2023-21250
          • remote code execution without user interaction or additional execution privileges

Voice authentication broken with 99% success

  • University of Waterloo
    • Computer scientists
    • discovered a method of attack that can successfully bypass voice authentication security.
      • up to a 99% success rate after only six tries
    • Voice Authentication
      • allows companies to verify the identity of their people.
        • via their unique “voiceprint”
          • increasingly been used in remote banking, call centers and other security-critical scenarios.
        • Usually based off a phrase
          • Repeated like training a voice assistant.
        • Vulnerability
          • Deepfakes
            • generate convincing copies of a victim’s voice using as little as five minutes of recorded audio.
            • Still need the passphrase though
          • developers introduced “spoofing countermeasures.”
            • hope to determine whether it was created by a human or a machine.
          • Waterloo Team
            • evades spoofing countermeasures.
              • identified the markers in deepfake audio that shows it is computer-generated.
                • wrote a program that removes these markers.
                • making it indistinguishable from authentic audio.
              • test against Amazon Connect’s voice authentication system
                • 10% success rate in one four-second attack
                  • rising to over 40% in less than thirty seconds
                • Other systems
                  • less sophisticated voice authentication systems
                  • achieved a 99 % success rate after six attempts.

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

  • JumpCloud
    • provider of cloud-based identity and access management solutions
    • cloud-based Active Directory (AD) services are utilized by over 180,000 organizations globally.
  • Incident
    • ongoing cybersecurity incident that impacted some of its clients
    • What it is…we do not know.
    • Sent a tweet out to their customers (in notes)
    • Theories about lost Admin API keys leaked.
      • Not confirmed
    • Remediation
      • invalidating its API keys
        • You do not want to cut customers off…lightly.
        • Stops everything from working.
        • Customers need to regenerate keys.
          • Links to admin API theory
        • Incident
          • No transparency
            • Might be for good.
            • Might be bad communication.
              • But bonus for tweet
            • Protect
              • Lock API’s down from certain location
                • Should be for most available firewall rules.
              • Ensure data.
                • Is encrypted well.
                • Is encrypted at rest and in transit.

TeamsPhisher Tool Exploits Microsoft Teams to Deploy Malware

  • GitHub
    • TeamsPhisher
    • new tool available on can enable attackers to misuse a vulnerability in Microsoft Teams
    • automatically deliver malicious files to users’ systems.
    • operates seamlessly in environments permitting communication between internal and external Teams users.
  • How did the tool come into existence?
    • Last month
    • two researchers at Jumpsec
      • highlighted the issue by explaining that attackers could bypass a security feature in Microsoft Teams
      • achieved by changing the internal and external recipient ID in the POST request of a message.
        • tricks the system into treating an external user as an internal one.
      • S. Navy’s red team published the TeamsPhisher exploit tool.
    • Modus operandi
      • TeamsPhisher is a Python-based tool that provides a fully automated attack.
      • The tool first checks a Teams user and verifies that the user can receive external messages.
      • It then creates a new thread with the target user and sends a message with a Sharepoint attachment link.
      • This new thread appears in the sender’s Teams interface for manual interaction, initiating the attack.
      • other features and optional arguments to refine the attack.
        • sending secure file links that can only be viewed by the intended recipient.
        • specifying a delay between message transmissions
          • to bypass the restriction and modifying outputs to a log file.
        • Conclusion
          • While Microsoft is yet to take action to resolve the security issue
            • it has advised practicing good cybersecurity hygiene, including exercising caution when clicking on links to web pages.

further warned users to be cautious when opening unknown files or engaging in file transfers. Besides, organizations using Microsoft Teams are advised to disable communications with external tenants if not needed. They can create a list of trusted domains, which would limit the risk of exploitation.