*** The Security News Thread ***

[TTraveler]

Unfortunately I can't find a bigger version, but:

Attachment 61837

Interesting that Russia appears completely unscathed.

[harrybarracuda]

Interesting that Russia appears completely unscathed.

Indeed. But they are mates with the chinkies.

[harrybarracuda]

Had an interesting call this afternoon that leaned me further in the Russia direction.

*taps nose*

[TTraveler]

Had an interesting call this afternoon that leaned me further in the Russia direction.

*taps nose*

And what did you learn on the call?

[baldrick]

44% of the known targets are IT, Software or Equipment vendors.

was the md5 hash before or after the malicious code insertion ?

[harrybarracuda]

was the md5 hash before or after the malicious code insertion ?

Have you downloaded an nVidia update since April?

[harrybarracuda]

And what did you learn on the call?

Sorry TLP:Red not Chatham House rule.

[harrybarracuda]

Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware.

The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers.

The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.

Partial lists of organizations infected with Sunburst malware released online | ZDNet

[baldrick]

Have you downloaded an nVidia update since April?

yes - were nvidia drivers compromised ?

[harrybarracuda]

yes - were nvidia drivers compromised ?

nVidia were and it's a supply chain attack.

Imagine if they were able to insert a little bit of code into every nVidia update?

[baldrick]

nVidia were and it's a supply chain attack.

Imagine if they were able to insert a little bit of code into every nVidia update?

from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a network

what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?

[harrybarracuda]

from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a network

what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?

There's your problem right there.

The SolarWinds Malware was inserted in April.

No-one identified it for seven months.

Anyone that has been compromised could have been used in a similar attack.

Cisco is obviously the biggest threat of the lot.

Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.

[lom]

Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.

It is a titanic failure not having waterproof bulkheads between the internet and your product building computer, a computer which should be clean-roomed and only accessible by sneaker-net.
The same goes for all software developing computers, source code should not be accessible from outside.

[baldrick]

and did the IT crowd check the md5s before installation ?

[harrybarracuda]

and did the IT crowd check the md5s before installation ?

Probably not, and if they generated ones on the finished (and infected product) it would have passed muster anyway. And since it was signed by a legit SolarWinds certificate, it never raised a flag. There was no reason not to trust it.

It's a fucking shit show and a half. Now everyone and their aunties are having to query their vendors, especially in the OT space, asking for guarantees that they haven't been shipped bent code. And who the fuck wants to admit it?

The lawsuits coming SolarWinds way...

[harrybarracuda]

[OhOh]

Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.

No mention of Chinese companies.

Tight as an OZ grandmother:

https://daydaynews.cc/en/international/816152.html

[harrybarracuda]

No mention of Chinese companies.

Precisely why they are not excluded as suspects yet.

[harrybarracuda]

Let's finish the year with another sneaky fucking backdoor from a chinky company.

Zyxel undocumented account (CVE-2020-29583)

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges

Username: zyfwp
Password: PrOw!aN_fXp

[lom]

Let's finish the year with another sneaky fucking backdoor from a chinky company.

Zyxel is a Taiwanese company..

[OhOh]

Username: zyfwp
Password: PrOw!aN_fXp

can be found in cleartext in the firmware.

Well hidden then.



Probably the communal Zyxel Security advisor's login.

Security advisories | Zyxel

Zyxel is a Taiwanese company..

The vassal wanabe will have some reeducation one suspects, Jeopardising national security and pissing off the EU, may be the charges utilised.

[harrybarracuda]

Zyxel is a Taiwanese company..

Who like everyone else outsource manufacturing to Chinastan...

Security advisories | Zyxel

Yes, they have to do that after they've been rumbled... "Oh sorry, that was an accident". I expect this bloke will be looking for a new job soon, but he'll probably get one at another place that needs a new backdoor inserting.

https://www.linkedin.com/in/edward-y...alSubdomain=tw

[harrybarracuda]

I don't know how I missed this one, although in fairness it only affects companies in Chinastan forced to install "tax software" in Chinastan.

Fucking chinkies you cannot trust them for anything. That's why HooHoo will go for a Western vaccine.

In June, Trustwave reported the discovery of a dangerous new malware family dubbed GoldenSpy, hidden within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country.


This took an unexpected turn soon after Trustwave posted its findings and advice on how to defeat the unusually persistent malware. It quickly became apparent that the threat actors behind the malware had not only read Trustwave’s report, but then took swift action to reverse existing malware infections and attempt cover their tracks. In this Q&A, Brian Hussey, VP of cyber threat detection and response at Trustwave, discusses the ongoing game of cat and mouse between the security pros and threat actors.

New GoldenHelper malware found in official Chinese tax software

[TTraveler]

Tax software again.

Smells a bit like Notpetya, which ground much of Ukraine (and companies like Mersk) to a hard stop after hiding out in a widely-used Ukrainian tax software.

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica

[OhOh]

hidden within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country.

Well hidden then.

Simplified Chinese,

cleartext in the firmware.

Or simplified