October 10, 2022
David Redekop

This Week In Nerd News October 10, 2022

TWINN #93 Watch those Drivers

TWINN 93 Watch those Drivers

Happy Thanksgiving Canada! Even though is an official holiday for it, practicing gratitude daily has incredible benefits, including:

  • Expressing gratitude can improve our mood
  • Showing gratitude can make us more optimistic
  • Sharing gratitude can improve social bonds
  • Practicing gratitude can improve our physical health

I personally am thankful for technological advancement, but it comes with a great deal of responsibility as well.

Nearly every device has drivers written by a third party. Drivers are needed to make peripherals work, or for security software to be able to do its job properly. A device driver with kernel level privileges is common. What is unfortunately common as well, is that such device drivers have been poorly developed, and therefore can be hijacked to abuse its power to disable security and monitoring software and that’s exactly what a number of ransomware groups have turned to:

YouTube video

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions.

This is just another lesson in making sure that defense is down in depth. Zero Trust connectivity prevents the C2 connection from ever even starting.

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions.

 

“The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection,” Sophos threat researcher Andreas Klopsch said in a new technical write-up.

 

BYOVD is an attack technique that involves threat actors abusing vulnerabilities in legitimate, signed drivers to achieve successful kernel-mode exploitation and seize control of compromised machines.

 

Read More: BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

 

Former Uber security chief convicted of covering up 2016 data breach.

This is so much more about lying to regulators than it is about lack of breach notification.

A former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016.

 

Read More: Former Uber security chief convicted of covering up 2016 data breach

 

Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast.

It may not seem like a big deal, but it is. Ikea has released a fix, though,

Researchers have demonstrated how an attacker could take over control of light bulbs in the Ikea Trådfri smart lighting system, ultimately turning the bulbs up to full brightness — and users can’t turn them down through the app or the remote control.

 

Read More: Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast

 

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite.

“The vulnerability is due to the method (cpio) in which Zimbra’s antivirus engine (Amavis) scans inbound emails,” cybersecurity firm Rapid7 said.

A severe remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.

 

The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.

 

“The vulnerability is due to the method (cpio) in which Zimbra’s antivirus engine (Amavis) scans inbound emails,” cybersecurity firm Rapid7 said in an analysis published this week.

 

Read More: Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

 

Netwalker ransomware affiliate sentenced to 20 years in prison.

This shows how far law enforcement is willing to go after cyber criminals. We are used to seeing judgements stay well within, even below sentencing guidelines, but this judge went above and beyond the usual 12-15 year guideline.

Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.

 

Vachon-Desjardins, a 34 Canadian man extradited from Quebec, was sentenced today in a Florida court after pleading guilty to ‘Conspiracy to commit Computer Fraud’, ‘Conspiracy to Commit Wire Fraud’, ‘Intentional Damage to Protected Computer,’ and ‘Transmitting a Demand in Relation to Damaging a Protected Computer.’

 

“The Defendant is hereby committed to the custody of the United States Bureau of Prisons to be imprisoned for a term of TWO HUNDRED FORTY (240) MONTHS,” reads the court’s judgment.

 

Read More: Netwalker ransomware affiliate sentenced to 20 years in prison

 

Did you know?

We are on the path of achieving some IoT harmony. Matter is a specification to connect all kinds of devices over a variety of protocols. Most importantly, when combined with Home Assistant, all the data can stay within your own control and not even touch the hands of big tech.

Need an IT professional? Request service today.