Happy Friday! This week again, keep yourself on top of the latest news on APT, Darket, Cryptocurrencies, General Security and Privacy by reading our weekly news recap in less than 1,000 words.
This week, some APT activity and DoJ announcements related to Iran, KuCoin is back in business after its hack last month, and Apple had a pretty bad week multiple critical vulnerabilities, including in its latest T2 chip were found. Finally, H&M was fined 35.3 million Euro for data protection violation, and some France, Belgium, and UK spying laws were judged unlawful by the European Court of Justice.
APT#
Microsoft: Iranian hackers actively exploiting Windows Zerologon flaw
Microsoft warned that the CVE-2020-1472 (ZeroLogon) discovered in August this year, and having a critical severity (10/10) is being actively used by the Iran-related APT MuddyWater since at least two weeks ago. ZeroLogon allows attackers to elevate privileges to domain administrator.
United States Seizes Domain Names Used by Iran’s Islamic Revolutionary Guard Corps
The US Department of Justice announced the seizure of 92 domain names that were used by Iran’s Islamic Revolutionary Guard Corps to engage in a global disinformation campaign. The investigation was initiated by intelligence law enforcement received from Google. The investigation was carried on by the FBI, with the help of Google, Facebook, and Twitter.
Cryptocurrencies and Darknet#
Kucoin CEO Says Exchange Hack Suspects ‘Found,’ $204 Million Recovered
When KuCoin got hacked at the end of September, the value of stolen coins was believed to be over USD 150 million. It seems that this number was underestimated. On October 3, the CEO twitted that the company managed to recover the equivalent of USD 204 million. “Substantial proof” pointing to some suspects have allegedly been found, and the police is involved.
On October 7, the company restarted accepting BTC, ETC, and USDT deposits and withdrawals, after they achieved some “wallet security strategy upgrade”.
Europol’s Internet Organized Crime Assessment - Dark Web and Crypto Currencies
Europol published its new report with the trends when it comes from cybercrime. It mentions that cryptocurrencies are still playing an essential role as a payment facilitator in cybercrime. CoinJoin mixers usage is also rising and is causing difficulties for law enforcement agencies. They also mentioned that it is hard for them to disrupt the darkweb, as it is challenging to anticipate its various developments.
The price of stolen remote login passwords is dropping. That’s a bad sign
Researchers at Armor, a security firm, found that the average price for RDP credentials dropped from over $20 in 2019, to between $16 and $25 by analyzing 15 different markets and forums. This might be a bad sign, as it could signal an increase of accesses for sale due to poor security practices by companies (and potentially more breaches).
General Security#
Hackers claim they can now jailbreak Apple’s T2 security chip
Security research claims to be able to jailbreak Apple computers by combining two exploits used to jailbreak iPhones. All the devices shipping T2 security chips (sold since 2018) are affected, and the issue is not patchable. This exploit is possible thanks to a debugging interface on the chip left open by Apple, but the jailbreak requires physical access to be exploited.
We Hacked Apple for 3 Months: Here’s What We Found
This week is not so good for Apple. In addition to the alleged problem with the T2 chips, a group of five security researchers found a consequent amount of flaws. The team has been searching for vulnerabilities within Apple’s systems for three months, starting July 6th, and found 55 of them: eleven critical, twenty-nine highly severe, thirteen mediumly severe, and two lowly severe. So far, Apple awarded USD 288,500 for these discoveries.
Google Prepares Security Team to Investigate Third-Party Apps
Google is reportedly preparing a new security initiative whee they would investigate sensitive applications through the Google Play Store. As of now, Google already analyses applications on its store, but numbers of malware applications are still regularly found.
The United Nations’ International Marine Organization was Hacked
The IMO announced that web services became unavailable on September 30 following a hack, and were restored on October 2 after being shut down to prevent further damages. Who attacked the organization, how, and what they had access to is not disclosed, but the agency says it was a “sophisticated cyber-attack”, and claims that other systems such as the emails were not impacted.
Privacy#
35.3 Million Euro Fine for Data Protection Violations in H&M’s Service Center
The Hamburg Commissioner for Data Protection and Freedom of Information issued a 35,258,707 EUR fine. Since 2014, the company has been recording extensive details about its employees’ private lives. Records included things like concrete vacation experiences, symptoms of illness and diagnoses, family issues, and religious beliefs. The total weight of this database was 60 Go.
UK, French, Belgian blanket spying systems ruled illegal by Europe’s top court
The European Court of Justice announced earlier this week that the laws allowing French, UK, and Belgian governments to demand traffic data from ISPs and mobile providers break EU privacy laws when it is done indiscriminately. The CJEU however added that the Member States may derogate to their obligation to ensure confidentiality of electronic communications for a limited period in time if Member State are facing a “serious threat to national security that proves to be genuine and present or foreseeable”.