Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story:

The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social media platform WeChat. What she didn’t notice was that she’d included the QR code on her table, which the restaurant’s customers use to place their orders.

Even though the photo was only shared with her WeChat friends list and not the entire social network, someone—or a lot of someones—used that QR code to add a ridiculous amount of food to her order. Wang was absolutely shocked to learn that “her” meal soon included 1,850 orders of duck blood, 2,580 orders of squid, and an absolutely bonkers 9,990 orders of shrimp paste…

Continue reading Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Using Hacked LastPass Keys to Steal Cryptocurrency

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe…

Continue reading Using Hacked LastPass Keys to Steal Cryptocurrency

NSA on Supply Chain Security

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“:

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities…

Continue reading NSA on Supply Chain Security

Security Vulnerabilities in Covert CIA Websites

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.”

Citizen Lab did the research:

Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive’s Wayback Machine, we identified a network of 885 websites and have high confidence that the United States (US) Central Intelligence Agency (CIA) used these sites for covert communication…

Continue reading Security Vulnerabilities in Covert CIA Websites

Where Everything Old is New Again: Operational Technology and Ghost of Malware Past

This post was written with contributions from IBM Security’s Sameer Koranne and Elias Andre Carabaguiaz Gonzalez. Operational technology (OT) — the networks that control industrial control system processes — face a more complex challenge than their IT counterparts when it comes to updating operating systems and software to avoid known vulnerabilities. In some cases, implementation […]

The post Where Everything Old is New Again: Operational Technology and Ghost of Malware Past appeared first on Security Intelligence.

Continue reading Where Everything Old is New Again: Operational Technology and Ghost of Malware Past

IoT Security: Protecting Food and Agriculture Organizations

Ransomware actors are targeting food and agriculture organizations, potentially disrupting business. Luckily, there are already formal structures in place to boost the IoT security defenses they need. Knowing them keeps the lifeblood of industrial farms and food delivery going. Businesses in the sector could “suffer significant financial loss,” the FBI said. That loss is “resulting […]

The post IoT Security: Protecting Food and Agriculture Organizations appeared first on Security Intelligence.

Continue reading IoT Security: Protecting Food and Agriculture Organizations

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

This blog supplements a Black Hat USA 2021 talk given August 2021.  IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […]

The post ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group appeared first on Security Intelligence.

Continue reading ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group