Cybersecurity Newsletter, July 27 - August 1
Qrator

Greetings within our regular networking and cybersecurity newsletter! This time are going to have a closer look at articles and academic papers published between July 27 and August 1, 2020.

Follow-up on the Twitter incident last week:

Three Charged in July 15 Twitter Compromise

"Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam."
 

How the FBI tracked down the Twitter hackers

"After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers."
 

And the Garmin controversy:

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why

"Updated Garmin services appear to be in the process of being restored after the company was reportedly hit with ransomware, though its aviation services remain offline at the time of writing."
 

Confirmed: Garmin received decryptor for WastedLocker ransomware

"BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack."
 

There's a hole in the boot

""BootHole" vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with Secure Boot must release new installers and bootloaders."
 

Red Hat and CentOS systems aren’t booting due to BootHole patches

 

Announcing the Grace Hopper subsea cable, linking the U.S., U.K. and Spain

"Today, 98% of international internet traffic is ferried around the world by subsea cables. A vast underwater network of cables crisscrossing the ocean makes it possible to share, search, send, and receive information around the world at the speed of light. In today’s day and age, as the ways that we work, play and connect are becoming increasingly digital, reliable connectivity is more important than ever before. That’s why we’re excited to announce a new subsea cable—Grace Hopper—which will run between the United States, the United Kingdom and Spain, providing better resilience for the network that underpins Google’s consumer and enterprise products."

"The new cable is scheduled to go online in 2022 and will be built by SubCom, which Google also contracted for work on its Dunant and Curie cables." - TechCrunch.
 

Source code from dozens of companies leaked online

"A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing."

"Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month.
The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database."  - ZDNet.

"A massive leak of apparent Nintendo source code is giving gamers a rare, unauthorized look at Nintendo's development process dating back to the Super NES era." - ArsTechnica.
 

Survey of Supply Chain Attacks, Schneier on Security

 

Heads roll at Intel after 7nm delay

"The past few years have been tough times for Intel, and after last week's news that intel's 7nm parts had been delayed (again), this week the company is announcing a shakeup to the executive team. The biggest news is that Intel's chief engineering officer, Murthy Renduchintala, is leaving the company."
 

AMD is now following More's Law: More chips, more money, more pressure on Intel, more competition in the x86 space

"AMD on Tuesday said it had made it through a healthy second quarter of 2020 during which its Ryzen and Epyc microprocessor lines doubled their revenues."
 

Google has developed an M:N userspace threading subsystem backed by Google-private SwitchTo Linux Kernel API 

"This subsystem provides latency-sensitive services at Google with fine-grained user-space control/scheduling over what is running when, and this subsystem is used widely internally (called schedulers or fibers)."
 

AS10990 and the peerless CDN combined with routing optimization tale

"On the border of July 29 and 30, depending on where in the world you were, a routing anomaly occurred. Following the NANOG question regarding what exactly was happening, Qrator.Radar team loaded the researching instruments and dived into the investigation."

"Another BGP Incident Impacts TWC, Rogers, Charter and Others" - MANRS.

"BGP Hijack of July 30, 2020" - Telia.
 

CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data

 

Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)

 

Zoom Security Exploit – Cracking private meeting passwords

"Zoom meetings were default protected by a 6 digit numeric password, meaning 1 million maximum passwords. I discovered a vulnerability in the Zoom web client that allowed checking if a password is correct for a meeting, due to broken CSRF and no rate limiting.

This enabled an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private (password protected) Zoom meetings."
 

Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient ‘timeless timing’ attacks

"Presented at this year’s Usenix conference, the technique, named ‘Timeless Timing Attacks’, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side-channel attacks."
 

Apple tells app devs to use IPv6 as it's 1.4 times faster than IPv4

"Company also urges app devs to start using newer web tech like HTTP/2 and TLS 1.3, citing similar performance and speed improvements."
 

How we migrated Dropbox from Nginx to Envoy

"In this blogpost we’ll talk about the old Nginx-based traffic infrastructure, its pain points, and the benefits we gained by migrating to Envoy. We’ll compare Nginx to Envoy across many software engineering and operational dimensions. We’ll also briefly touch on the migration process, its current state, and some of the problems encountered on the way."
 

Repository of the week - BruteShark

 

Thank you for reading and sharing the newsletter!

For feedback, please write to us at cybersec@qrator.net.