TheCyberThrone Security Week In Review

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, May 27, 2023.

1.BrutePrint Attack

Researchers have discovered a new type of attack targeting smartphones using brute-force attacks that can bypass fingerprint authentication called BrutePrint.

Brute-force attacks use numerous trial-and-error attempts to decipher a key or password in order to obtain access to accounts without authorization. The new method has been tested on a handful of smartphone models. These tests resulted in unlimited login attempts on all Android and Huawei phones and ten additional attempts on iOS devices.

The exploited two vulnerabilities in this attack are Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL) and the Serial Peripheral Interface (SPI) of the fingerprint sensors biometric data was insufficiently safeguarded, making it possible for a MITM attack to steal fingerprint images.

2. FIN7 Threat Operations Tracked as Sangria Tempst

Researchers have spotted the FIN7 hacking group is likely teaming up with another prolific ransomware group called DEV-0950 to exploit the famous Fortra GoAnywhere MFT Zeroday bug achieving it through Cl0p ransomware.

Microsoft which tracks the vulnerability as Sangria Tempest, likely worked with competing Clop and its affiliate DEV-0950, which it calls Lace Tempest. FIN7 used DEV-0950 tools to exploit the critical server vulnerability PaperCut.

Microsoft Security warned customers of its Defender Threat Intelligence platform documented DEV-0950/Lace Tempest tools being used as a tactic in initial exploitation of the PaperCut bug. It said it had not seen these two groups collaborating before.

3.DarkBERT – LLM for Dark Side of Internet

A team of South Korean researchers has indulged in developing and training an AI on the Dark Web called DarkBERT. It was unleashed to trawl and index what it could find to help shed light on ways to combat cybercrime.

With the rise of natural language processing programs like ChatGPT, such technology is increasingly used as a new kind of cybercrime. By developing an AI that can fight fire with fire, the researchers wanted to discover how large language models (LLM) could help.

DarkBERT has the potential to be employed for diverse cybersecurity purposes, including identifying websites that vend ransomware or release confidential data

4. Volt Typhoon – Chinese Threat Actor Targeting US Infra

Researchers at Microsoft detailed a sophisticated cyberattack aimed at critical U.S. infrastructure, orchestrated by an alleged China-based state-sponsored actor.

The threat actor goes by the name, Volt Typhoon, has been active since mid-2021 and is suspected of preparing to disrupt U.S.-Asia communication networks in potential future crises. The sectors affected by the campaign include communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education.

Its campaign emphasizes stealth, using advanced techniques such as living-off-the-land binaries of LOLBins and hands-on-keyboard activity. The TTP include gathering credentials, staging data for exfiltration, and maintaining persistence in compromised systems using valid credentials.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram