April 7th, cyber summary

                        April 8, 2022

            April 7th, cyber summary 

Stupid security reactions.
Corey Quinn @QuinnyPig
In which I break down just what @Ubiquiti is alleging against @briankrebs:

lastweekinaws.comUbiquiti Teaches AWS Security and Crisis Comms Via CounterexampleUbiquiti filed a lawsuit against Brian Krebs for reporting he’d done previously around an alleged Ubiquiti security breach.2:49 PM ∙ Apr 6, 2022
173Likes48Retweets

Looks like more stupid security disclosure stuff.
Ars Technica @arstechnicaWatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers arstechnica.com/information-te… by @dangoodin001
arstechnica.comWatchGuard failed to explicitly disclose critical flaw exploited by Russian hackersSilently fixed authentication bypass remained a secret even after it was under attack.12:10 AM ∙ Apr 7, 2022
40Likes23Retweets

Logistics is a superpower. The ability to project power sometimes means things like: adopting pallets and forklifts. And then it reveals itself in things like: can send arbitrary quantities of any item to anywhere in the world in under a week. 
Andrew deGrandpré @adegrandpreUpdated: Pentagon says that, on average, it's taking 4 days to ship weapons to pass-off points outside Ukraine + another 1-2 days for those shipments to enter the country. 

Such transfers have “never been done that fast before” 

Via @karoun & @DanLamothe washingtonpost.comPentagon: Russia has fully withdrawn from Kyiv, ChernihivU.S. and European officials believe Moscow is preparing to concentrate its invading forces in the eastern part of Ukraine.8:32 PM ∙ Apr 6, 2022
566Likes189Retweets
Truth bomb
Terry Zhang | #StandWithUkraine 🇺🇦 @pnig0s
Auth bypass is the new RCE.1:26 PM ∙ Apr 6, 2022
61Likes12Retweets
There is a market for knowing how to use the tools people already have. 
David O'Brien (he/him) @david_obrien
Today I learned that there are "Security Consultants" that sell Azure cloud security reviews for ISO, PCI etc, where it turns out all they do is export the Azure Policy Security Benchmark findings to pdf and say "Here, that's $15,000 please."
The amount of charlatans is amazing.8:47 AM ∙ Apr 6, 2022
1,764Likes226Retweets
An interesting issue with NFT trading platform UI/UX. By making it easy to impersonate a verified check mark and hard to examine the provenance chain KiwiSwap enabled a fraudulent swap. In this case the loss was over half a million dollars in NFTs. It’s a ridiculous amount for ugly ape jpegs, but that just makes the surrounding security even more more important. Anyone who’d pay that money for an NFT is probably not the most security savvy person. Case in point, almost all the security ppl I know stayed away from NFTs and most avoided crypto… now they’re all not-multimillionaires. So. Just goes to show…
quit.pcc.eth @0xQuit
5/ There's nothing inherently wrong with KiwiSwap.  The contract is safe & does what it's supposed to.  But there are fatal flaws with the UI/UX.  Here's what it looks like when proposing a trade.  Notice how the "verified collection" check is right there on top of the image: 
4:25 AM ∙ Apr 5, 2022
298Likes21Retweets
An interesting issue with an NFT trading platform enabling fraud. No this is not a repeat from one entry ago.
quit.pcc.eth @0xQuit
There's a new scam going around that tries playing off of your fear in order to trick you into signing away your valuable assets.  Expect these to become more popular in the future.  This is how it works 1/🧵6:29 PM ∙ Apr 6, 2022
5,325Likes3,290Retweets
quit.pcc.eth @0xQuit2/ A user posts about an OpenSea vulnerability, claiming they lost a large amount because of an approval to "OpenSea API".  They direct you to revoke your approvals, and link a site to do so.  The site is NOT legitimate. Bookmark revoke.cash, or just use etherscan. 
6:29 PM ∙ Apr 6, 2022
480Likes101Retweets
There are weird parts of the cyber war. This one, the availability of apps where the government disapproves, is a very important part. We saw this during the Hong Kong protests. 
Censorship is not just about websites, but about apps. Making something inconvenient is a way of limiting the audience. Limiting the audience limits the dissemination of information. Restricting dissemination of information is the whole point of censorship. Which is to say, “adding friction to discovery and access is information warfare.” App availability in App Stores is actually part of the cyber warfare domain.
Joseph Menn @josephmenn
Apple has quietly put @navalny's app back in the Russian app store after criticism it was helping the Kremlin censor the opposition figure. 
 washingtonpost.comUkrainian officials begin urging evacuations amid reports of new attacks in eastNew sanctions that will include two of the country’s largest banks as well as Russian President Vladimir Putin’s adult children.8:20 PM ∙ Apr 6, 2022
626Likes250Retweets
Here’s something worth reading. This examines how the Ukrainians and NATO exploited Russian military corruption to gain access to the new Russian encrypted radios. Analysis of the devices uncovered critical problems:
enabling encryption halved the effective range
range was abysmal and required repeaters to work any distance
Also, Ukraine keeps destroying all the repeaters.
In addition, there simply aren’t enough radios to go around. The solutions adopted by the Russians to mitigate all these problems have created vulnerabilities the Ukrainians are exploiting.
Soldiers disable encryption so they could get better range. 
Exploit: This allowed SIGINT collection of the classic kind. 
Soldiers used mobile phones with Ukrainian SIM cards
Exploit: The phones are geolocated through the phone network and hit with fires
Soldiers brought Chinese walkie-talkies for tactical level communications 
Exploit: SIGINT by everyone mad easier by the fact that Ukrainians all speak Russian
Exploit: primitive electronic warfare as everyone can flood the channels with noise
Generals moved closer to the front lines to compensate for the limited C2 range
Exploit: the generals and other commanding officers get killed
A truly beautiful set of moving the enemy and exploiting some serious problems in their communications technology.

https://www.strategypage.com/htmw/htecm/articles/20220328.aspx

Russian is starting to have some success in the infowar department. So far it’s nothing too amazing, they have lost the sort of capacity they wielded in 2016-17. 
Lukasz Olejnik @lukOlejnikInformation warfare operations in context of Russian war on Ukraine. Special accounts were tasked with disseminating fake propaganda that allegedly (fake!) Poland mistreated migrants. Some big Western media also ended up sharing the narrative, by the way. about.fb.com/wp-content/upl… 
1:47 PM ∙ Apr 7, 2022
2Likes1Retweet

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts