Risky Biz News: Russia blocks Cloudflare ECH connections - Risky Bulletin

Summary5 min read

Risky Business News: Russia Blocks Cloudflare ECH Connections

Episode Release Date: November 7, 2024
Host: Risky.biz (Read by Claire)

1. Russia Blocks Cloudflare’s Encrypted Client Hello (ECH) Connections

At the outset of the episode, Claire highlights a significant development in internet censorship:

“[00:04] Russia's Internet watchdog agency, Roskomnadzor, has blocked traffic to Cloudflare-hosted websites that use the new encrypted client hello technology.”

Roskomnadzor implemented this block on November 6th, responding to Cloudflare's decision to enable Encrypted Client Hello (ECH) by default in October. ECH, formerly known as Encrypted Server Name Indication (SNI), is a TLS standard enhancement that conceals metadata about the destination of a connection, thereby preventing censorship circumvention. This move mirrors China's earlier decision in mid-2020 to block ECH for similar reasons.

2. Canadian Government Orders TikTok to Shutdown Operations

Claire reports that the Canadian government has taken decisive action against TikTok following a national security review:

“The Canadian government has ordered TikTok to shut down its operations there following a national security review.”

While the app remains accessible to Canadians, the government has instructed the physical offices in Toronto and Vancouver to cease operations. Officials warn Canadians about potential data misuse by an app controlled by an adversarial nation, emphasizing the risks of data collection and abuse.

3. Australia’s Proposed Ban on Social Media for Under-16s

Addressing concerns over the impact of social media on youth, Claire discusses Australia's legislative efforts:

“The Australian government is preparing legislation that would ban under 16s from using social media.”

This proposed bill aims to hold online platforms accountable for enforcing the age restriction, with plans to present the legislation in Parliament the following week. Government officials cite the detrimental effects of social media on Australian children as the primary motivation behind this initiative.

4. Germany’s New Legislation to Shield Security Researchers

In a move to foster cybersecurity research, Claire outlines Germany’s legislative draft:

“The German government has drafted legislation to protect security researchers who discover and report vulnerabilities.”

The proposed law intends to shield cybersecurity researchers from criminal liability provided they responsibly disclose vulnerabilities to vendors. Conversely, it introduces stringent penalties, including prison terms ranging from three months to five years, for researchers who cause significant financial harm or disrupt critical infrastructure during their investigations.

5. FBI Reports Surge in Compromised Law Enforcement Credentials

Highlighting emerging cyber threats, Claire informs listeners about the FBI’s recent observations:

“The FBI says it's seeing an uptick in posts on criminal forums advertising compromised law enforcement credentials.”

Threat actors exploit these compromised accounts to submit emergency data requests to tech companies, obtaining sensitive information about high-value targets. This data is subsequently used for sophisticated social engineering or SIM swapping attacks. The FBI has advised companies interfacing with law enforcement to enhance their security measures in response.

6. Chinese Hackers Breach Singtel in Singapore

Claire brings attention to cyber espionage activities targeting telecommunications:

“Chinese state-sponsored hackers breached Singapore's largest telecommunications provider Singtel in June.”

Attributed to the Vault Typhoon group, this breach is believed to have been a preliminary operation preceding attacks on US telecommunications companies. The implications of such breaches underscore the growing cyber threats posed by state-sponsored actors.

7. Ransomware Attack Disrupts Washington State Court Systems

Detailing recent ransomware activities, Claire reports on disruptions within the US judicial system:

“A cyber attack has taken down court systems across the US state of Washington.”

The incident, presumed to be a ransomware attack, affected multiple cities over the weekend, causing delays in fine payments and court hearings. Authorities responded by disabling affected systems as a precautionary measure and have commenced restoration efforts to mitigate the outage.

8. UK Prison Vans Hit by Ransomware Attack

Expanding on the theme of ransomware impacts, Claire discusses an attack affecting UK correctional facilities:

“A cyber attack has disrupted tracking devices and panic alarms in prison vans operated by Serco across the UK.”

The downtime resulted from a ransomware breach last week targeting Microlise, a UK-based transport technology provider. Additionally, DHL’s UK division suffered disruptions, losing access to its package tracking tools, highlighting the widespread ramifications of such attacks on critical infrastructure.

9. Cisco Patches Critical Vulnerability in Wireless Access Points

Turning to corporate cybersecurity, Claire outlines Cisco’s recent security measures:

“Cisco has patched a critical vulnerability that allowed threat actors to run commands as root on its ultra-reliable wireless backhaul access points.”

This vulnerability, rated with a severity score of 10, affected the web-based management interface of ruggedized access points commonly used in manufacturing, ports, and mines. This patch is one of fifteen bugs Cisco addressed within the week, emphasizing the company's commitment to securing its infrastructure.

10. Andro Ghost Malware Linked to Defunct Mozzie Botnet

Claire delves into malware evolution and its implications:

“Indian security firm Cloudsec has linked the new Andro Ghost malware to the defunct Mozzie botnet.”

Originally identified this year attacking web servers and Laravel-based applications, Andro Ghost has begun deploying Mozzie-like payloads targeting IoT devices. The original Mozzie botnet, active between 2019 and 2021, was dismantled following the detention of its Chinese administrators. Currently, over 2,700 vulnerable linear, emerge, smart door, and access control systems—95% located in the US—are exposed to a command injection flaw disclosed in September. Despite the availability of a proof-of-concept exploit, vendors have opted not to patch the vulnerability, advising against internet exposure of the affected devices.

11. Replit Confirms Security Breach Impacting User Passwords

Addressing vulnerabilities in AI platforms, Claire discusses Replit’s recent security incident:

“AI coding platform Replit has emailed customers to disclose a security breach.”

A misconfiguration allowed Replit employees unauthorized access to plain-text passwords. While the company asserts that there is no evidence of these passwords being abused to access customer accounts, the breach affects over 30 million users, raising concerns about data protection practices within AI-driven services.

12. Mozilla Foundation Lays Off 30% of Staff Amid Strategic Shift

Concluding the episode, Claire reports on significant organizational changes within the Mozilla Foundation:

“The Mozilla foundation has laid off 30% of its staff. The layoffs impacted the organization’s advocacy and global programs.”

Earlier measures included reducing personnel in the Firefox browser division as Mozilla announced a strategic pivot towards artificial intelligence and ad-related technologies. These layoffs signal a substantial restructuring effort aimed at aligning the foundation’s resources with its evolving strategic priorities.

Conclusion

Claire succinctly wraps up the episode, reiterating the pivotal topics covered and acknowledging the episode’s sponsor:

“And that is all for this podcast edition.”

Today's show was brought to you by our sponsor, Nucleus Security. Find them @nucleussec.com. Thanks for your company.

This episode of Risky Business News provides a comprehensive overview of critical cybersecurity developments worldwide, from state-level internet censorship and legislative changes to significant breaches and corporate vulnerabilities. Whether you're a cybersecurity professional or an informed listener, the insights shared offer valuable perspectives on the evolving digital threat landscape.

Loading summary

Transcript1 lines

[00:04]
Claire
Russia blocks Cloudflare ECH connections A Chinese espionage group hacks Singtel Canada, orders TikTok to shut down its offices and more Mozilla layoffs this is Risky Business news prepared by Catalyn Kimpanu and read by me Claire aired today is the 8th of November and this podcast episode is brought to you by vulnerability management and analysis platform Nucleus Security. Russia's Internet watchdog agency, the roscomnadzor, has blocked traffic to Cloudflare hosted websites that use the new encrypted client hello technology. The block entered into effect on November 6th. Roscomnadzor says it took the decision after Cloudflare enabled ECH by default in October. The agency said ECH was being used by Russian citizens to bypass its censorship measures and access restricted resources. ECH is a new option in the TLS standard that allows website operators to hide metadata that previously revealed the destination of a connection. It was formerly known as Encrypted server name indication. China blocked ECH in mid-2020 for the same reason. In other news, the Canadian government has ordered TikTok to shut down its operations there following a national security review. The company has offices in Toronto and Vancouver. Officials have not blocked the app while Canadians are still free to access it. The government has urged Canadians to understand that they are using an app controlled by an adversary nation that may collect and abuse their data. The Australian government is preparing legislation that would ban under 16s from using social media. The bill would hold online platforms accountable for enforcing the ban. The government plans to table the bill in Parliament next week. Officials say they are introducing the bill because of the harm social media is causing Australian children. The German government has drafted legislation to protect security researchers who discover and report vulnerabilities. The proposed law would shield cybersecurity researchers from criminal liability as long as they responsibly disclose their bugs to vendors. The law will also introduce prison sentences from three months to five years for researchers who cause substantial financial damage or disrupt critical infrastructure during their research. The FBI says it's seeing an uptick in posts on criminal forums advertising compromised law enforcement credentials. Threat actors use the compromised accounts to file emergency data requests at tech companies and obtain sensitive data about high value targets. The information is later used for social engineering or SIM swapping attacks. The FBI has urged companies that deal with law enforcement requests to review their security. Chinese state sponsored hackers breached Singapore's largest telecommunications provider Singtel, in June. The attack is believed to be the work of the group known as Vault Typhoon. Officials believe the Singtel hack was a test run before hackers moved on to target US telcos. A cyber attack has taken down court systems across the US state of Washington. The outage is impacting court systems across several cities, delaying fine payments and hearings. The incident took place over the weekend and is believed to be a ransomware attack. Officials say they took down systems as a precaution and are now beginning the restoration process. A cyber attack has disrupted tracking devices and panic alarms in prison vans operated by Serco across the uk. The downtime was caused by a ransomware attack last week that hit Microlise, a UK based company that provides transport tech solutions. DHL's UK division was also impacted, losing access to its package tracking tool. Cisco has patched a critical vulnerability that allowed threat actors to run commands as root on its ultra reliable wireless backhaul access points. The vulnerability impacts the web based management interface. The ruggedized access points are typically used in manufacturing facilities, ports and mines. The issue has a severity score of 10 and is one of 15 bugs Cisco patched this week. Indian security firm Cloudsec has linked the new Andro Ghost malware to the defunct Mozzie bot. Andro Ghost was first spotted this year attacking web servers and Laravel based applications. The botnet was the subject of a CISA alert which warned against its attacks on cloud infrastructure. Cloudsec says it's now seeing Andro Ghost deploy Mozzie like payloads against IoT devices. Mozzie was a large IoT botnet that operated between 2019 and 2021 until Chinese authorities detained some of its administrators. More than 2,700 vulnerable linear, emerge, smart door and access control systems are exposed to the Internet. 95% of the devices are located in the US. The devices are vulnerable to a command injection flaw that was disclosed at the end of September. The issue was published by the SSD disclosure platform after the vendor decided not to patch the bug and instead told people to just not put them on the Internet. Then a proof of concept exploit is available. AI coding platform Replit has emailed customers to disclose a security breach. The company says that a misconfiguration in its service allowed its employees to access plain text passwords. For some customers, Replit says it's not discovered any instances where the passwords were abused to access customer accounts. The company claims to have over 30 million users and finally, the Mozilla foundation has laid off 30% of its staff. The layoffs impacted the organisation's advocacy and global programs. Earlier this year it laid off dozens of employees from its Firefox browser division the organisation previously announced a refocus on AI and ad related technologies. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Nucleus Security. Find them@nucleussec.com thanks for your company.