CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 75: November 20 2023

November 21, 2023 Jim Guckin CyberSecurity News Byte Weekly 30:3743.29M Comments Off on Episode 75: November 20 2023

Links

https://www.bleepingcomputer.com/news/security/researchers-extract-rsa-keys-from-ssh-server-signing-errors/

https://www.darkreading.com/attacks-breaches/hack-for-hire-group-sprawling-web-global-cyberattacks

https://www.securityweek.com/over-a-dozen-exploitable-vulnerabilities-found-in-ai-ml-tools/

https://www.infosecurity-magazine.com/news/criminals-gaza-crisis-fake-charity/

Times

00:36

07:27

15:11

22:59

RSA keys extracted from signing errors

  • Paper Published
    • Keegan Ryan, Kaiwen He, Nadia Heninger, and George Arnold Sullivan
    • academic researchers from universities in California and Massachusetts
      • under certain conditions to retrieve secret RSA keys
      • naturally occurring errors leading to failed SSH (secure shell) connection attempts
    • Definitions
      • SSH is a cryptographic network protocol for secure communication, widely employed in remote system access, file transfers, and system administration tasks.
      • RSA is a public-key cryptosystem used in SSH for user authentication. It uses a private, secret key to decrypt communication that is encrypted with a public, shareable key.
      • Chinese Remainder Theorem (CRT) is used with the RSA algorithm to lower the bit size for the public key and speed up the decryption time.
    • Attack
      • using CRT-RSA
        • has a fault
          • during signature computation
        • may be able to compute the signer’s private key
      • Errors like this are rare
      • unavoidable due to hardware flaws
      • Does not impact
        • RSA-1024
        • SHA512
          • number of unknown bits in the hash
        • Similar
          • known problem that impacts older of TLS versions
            • addressed in TLS 1.3
            • encrypting the handshake that establishes the connection
            • preventing passive eavesdroppers from reading the signatures.
          • SSH was previously assumed to be safe

Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks

  • Reuters Journalist
    • Went through non-public records
    • collected detailed information on Appin operations and clients
      • multiple sources
        • logs connected to an Appin site called “MyCommando”.
          • clients used the site to order services
        • menu of options
          • breaking into
            • emails, phones, computers of targeted entities.
          • Appin
            • “No longer Exists”
            • New Delhi-based group
            • starting around 2009
            • Targets
              • businesses and business executives, politicians, high-value individuals, and government and military officials worldwide
            • Clients
              • private investigators, detectives, government organizations, corporate clients, and often entities engaged in major litigation battles from the US, UK, Israel, India, Switzerland, and several other countries.
            • Attacks
              • leakage of private emails
                • derailed a lucrative casino deal for a small Native American tribe in New York
              • network intrusion
                • Zurich-based consultant attempting to bring the 2012 soccer world cup to Australia
              • using a third-party outside contractor to acquire and manage the infrastructure
            • Now a Days
              • It no longer exists as Appin
                • As many groups do
                  • Rebranding
                  • employee transitions
                  • dissemination of skills
                • Several other groups
                  • hack-for-hire enterprises
                • Hack for Hire
                  • India, Russia, and the United Arab Emirates

Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools

  • Huntr bug bounty platform
    • August 2023
    • AI (Artificial Intelligence) and ML (Machine Learning)
  • Vulnerabilities
    • takeover and sensitive information theft.
    • Impact the entire AI/ML supply chain
  • Tools
    • Popular
      • H2O-3, MLflow, and Ray,
    • H2O-3
      • low-code machine learning platform
      • creation and deployment of ML models via a web interface.
      • Default configuration
        • exposed to the network
        • no authentication
        • attackers to supply malicious Java objects
      • CVE-2023-6016 (CVSS score of 10)
        • Remote Code Execution RCE
        • completely take over the server and steal models, credentials, and other data.
      • local file include flaw (CVE-2023-6038)
      • cross-site scripting (XSS) bug (CVE-2023-6013),
      • high-severity S3 bucket takeover vulnerability (CVE-2023-6017).
    • MLflow
      • open-source platform for the management of the end-to-end ML lifecycle
      • (CVE-2023-6018 and CVE-2023-6015, CVSS score of 10)
        • unauthenticated attacker to overwrite arbitrary files on the operating system
        • arbitrary file inclusion (CVE-2023-1177) and authentication bypass (CVE-2023-6014) vulnerabilities.
      • The Ray project
        • open-source framework for the distributed training of ML models
        • lacks default authentication set up
        • Code injection flaw in Ray’s cpu_profile format parameter (CVE-2023-6019, CVSS score of 10)
          • System compromise
        • read any files on the Ray system. The security defects are tracked as CVE-2023-6020 and CVE-2023-6021.

Cyber-Criminals Exploit Gaza Crisis With Fake Charity

  • charity attack
    • exploiting the ongoing events in Gaza and Israel
    • targeted 212 individuals.
      • 88 organizations
    • sympathy for children in Palestine to solicit fraudulent donations.
    • Set up website
      • “help-palestine[.]com
        • Links to news articles
          • Attempt to “legitimize”
        • Crypto
          • cryptocurrency donations
          • ranging from $100 to $5000
          • wallet addresses
            • Bitcoin
            • Litecoin
            • Ethereum
          • Social Engineering
            • exploits the heightened emotional response
              • emotionally charged language
              • challenges faced by children in Palestine
              • using inclusive terms to establish a shared identity with the recipients.
                • Not you but we
              • Tactics
                • multiple tactics
                • spoofing a legitimate email address
                  • Goodwill Wealth Management
                  • India-based stock brokerage
                  • a non-existent domain

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease