← Risky Bulletin
Risky Bulletin
Risky Biz News: Remote fix feature for unbootable PCs coming to Windows
00:07:39
PLUS: Phobos ransomware admin arrested; US Library of Congress discloses breach; Microsoft to host in-person hacking contest.
Loading summary
Transcript1 lines
- [00:04]
Claire Aird
Microsoft announces a new way to recover from CrowdStrike like incidents US officials arrest the administrator of the Phobos ransomware, the Library of Congress discloses a breach and Palo Alto's Firewall bug is Stupid. It's very, very stupid. This is risky Business News prepared by Catalyn Kimpanu and read by me, Claire Aird. Today is November 20th and in today's top story at its Ignite at developer conference this week, Microsoft announced a new Windows 11 security feature that will allow admins to remotely fix PCs with booting issues. The company developed the feature as a way to tackle future cases like the CrowdStrike incident that crashed over 8.5 million PCs in July this year. The new Quick Machine Recovery feature will allow IT administrators to remotely deliver fixes for boot related bugs that normally require physical access to a machine. Quick Machine Recovery will be available for test via Windows Insider builds in early 2025. The feature is one of several new security features coming to Windows 11 next year. Palo Alto Network says the recent attacks against the management panels of its firewalls include not one but two zero days. The exploit chain consists of an authentication bypass and a privilege escalation that allows the attacker to pivot from the management panel into the firmware of the underlying firewall. The company says attackers are using the 2Zero days to gain access to Internet exposed firewalls and deploy a web shell for future access. Palo Alto learned of rumours about a zero day in its products two weeks ago and confirmed active exploitation last week. The Auth bypass is extremely dumb and involves just sending a header that asks for no authentication please. It released patches on Monday. A suspended Chinese cyber espionage group known as Liminal Panda has been hacking telcos across Africa and South east Asia since 2020, according to CrowdStrike. The group is stealthy, uses custom hacking tools and primarily focuses on intelligence collection. Most of the targets are associated with China's Belt and Road initiative. The Library of Congress has notified U.S. lawmakers that a threat actor breached its network and gained access to internal communications. The attacker is believed to have stolen email sent between congressional officers and library staff, according to the Associated Press. The breach lasted from January to September. Pakistan's Religious Advisory Board has ruled that VPN apps violate Sharia law. The announcement from the Council of Islamic Ideology comes weeks after the government announced plans to ban VPNs. VPN use exploded in Pakistan after the government deployed a national firewall in July to block access to unwanted information. US Authorities have charged a Russian national for allegedly running the Phobos ransomware operation. Eugenia Piertsyn was arrested in South Korea and extradited to the US earlier this month. Piertson operated on hacking forums under the monikers Dirksen and Zimmerman X, where he advertised access to the Phobos ransomware as a service. His operation catered to individuals who wanted to ransom home users and smaller companies, with most ransom demands being under $2,000 recorded. Future analys journalist Alexander Leslie says news of the arrest comes after detections of new Phobos infections stopped last month. A US judge has sentenced Heather Morgan to 18 months in prison for helping launder cryptocurrency from the 2016 Bitfinex hack. The hack was carried out by Morgan's husband, Ilya Lichtenstein. He was sentenced to five years last week. Thai officials have arrested a Chinese national for running a scam compound in the country's south. A 33 year old individual named Mr. Zhang was arrested on November10. Officials have described him as the leader of a compound they raided in May. Threat actors are abusing the Microsoft 365 admin portal to send out sextortion emails, According to Bleeping Computer, the attackers are abusing Personal Message, a feature of the admin portal that lets corporate admins send personal messages to any email address. The attackers are exploiting a coding mistake to bypass the feature's character limit and send extortion emails. A threat actor is hijacking misconfigured Jupiter notebook applications to host illegal sports streams. The attackers take over unsecured notebooks, install the FFMPEG library to capture video from legitimate streams, and then broadcast the captured stream through their own streaming website. Cloud security firm Aquisec says the hacks appear to support an illegal streaming service known as Ustream tv. Internet infrastructure company Lumen has started blocking all traffic coming from the NGO Web botnet. The company's decision comes after the botnet grew 10 times its initial size and is now estimated to infect over 35,000 systems. AT&T Lumen and Trend Micro say the botnet is the backbone of ensocs, a public website that rents access to proxy servers installed on NGO Web infected devices. These proxies have been linked to various cybercrime operations such as DDoS attacks, ransomware and malware command and control infrastructure. A new ransomware group named Hell down is exploiting a zero day in Zyxel firewalls to gain access to corporate systems. According to Trusec and Sequoia. The zero day seems to match a bug reported through Zyxel's public forum earlier this month. The group has been active since August and has listed over 30 victims on its Dark Web leak site so far. A threat actor has exploited 2zero days in the Vinto videoconferencing server in an attack against a Russian company. The attacks were discovered by Russian security firm Pol Positive Technologies. The zero days included an SQL injection and an arbitrary code execution vulnerability. Both issues were fixed by the vendor. Broadcom says threat actors are exploiting two VMware VCenter vulnerabilities the company patched back in September. The vulnerability was reported to Broadcom after it was initially used at a Chinese hacking contest in May. Broadcom has not provided any details about the nature of the recent attacks. Microsoft will host a new hacking contest next year that will focus on cloud and AI vulnerabilities. The new event is named the Microsoft Zero Day Quest and will have a prize pool of up to $4 million. Microsoft will run a submission process for researchers as well as invite people from its bug bounty leaderboards. The new hacking event was announced at Microsoft's Ignite Developer Conference and will be held at the company's headquarters in Redmond next year. And finally, GitHub has launched a new fund to help secure open source projects. The company is committing $1.25 million to the secure Open Source Fund to help pay for security features across 125 popular open source projects. Besides GitHub, other companies have also contributed to the fund, such as Microsoft One, Password, Shopify and American Express. And that is all for this podcast edition. Thanks to your.