Your Car and Your Sex Life, US Departments of State and Commerce Compromised, Iran and North Korea Hacking Crews, and Victories Over Russian Hackers
Sep 14, 2023
auto_awesome
Iran and North Korea hacking crews target security researchers, US Departments of State and Commerce compromised due to a Windows crash report, victories over Russian hackers, your car may have sensitive information about your sex life, Swiss insurer fined $3M for cyber security flaws
Hacker group APT 34 from Iran disguises itself as a marketing company to launch cyber attacks on enterprise targets.
North Korea-backed hacker group APT 34 targets security researchers using social engineering tactics.
Privacy concerns arise with modern cars requiring users to agree to conditions that violate their privacy.
Deep dives
Russian Infosec Boss Sentenced to 9 Years for Insider Trading
A Russian infosec boss, known as Vlad, has been sentenced to nine years in the US for stealing confidential financial information from top corporations to carry out insider trading. Vlad, a former GRU officer, used the stolen data to make $93 million through illegal stock trading. He was extradited to the US after being arrested in Switzerland. Two of his co-conspirators remain at large. Vlad's arrest serves as a warning to those engaged in insider trading that they will be caught and held accountable for their actions.
Russian Hacker Group Disguises as Marketing Company to Target Enterprises
A hacker group known as APT 34, Oil Rig, or Helix Kit has been posing as a marketing company to launch cyber attacks on enterprise targets. The group, believed to be originating from Iran, has been active since 2014 and specializes in cyber espionage and sabotage. They target finance, government, energy, chemical, and telecommunications sectors. By disguising themselves as a marketing company, they gain the trust of their victims and carry out attacks using zero-day exploits. Organizations need to ensure that their security policies cover all employees, as attackers may attempt to exploit individuals who are not part of the typical security-focused roles.
North Korean Hackers Target Security Researchers
North Korea-backed hacker group APT 34 has been targeting security researchers working on vulnerability research and development. The group uses social engineering tactics, such as building rapport on social media platforms and encrypted messaging apps, to establish relationships with targeted researchers. They then send malicious files containing zero-day exploits to compromise their systems. The campaign underscores the need for researchers and organizations to exercise caution and implement strict security measures, including scrutinizing files received from unknown sources.
Lack of Privacy in Car Ownership
The podcast episode discusses the issue of privacy when owning a car. The speaker expresses frustration that car manufacturers require agreement to privacy conditions that violate the buyer's privacy. The speaker shares personal experiences of having to accept privacy conditions every time they start their two different cars. The speaker suggests exploring vehicles that don't impose such privacy predicaments, even highlighting the absence of privacy concerns with a 55 Chevy pickup from 1955.
Microsoft's Explanation of a Major Breach
The podcast episode delves into the recent explanation provided by Microsoft regarding a significant breach. The breach occurred when a highly skilled threat actor hacked into a corporate account of one of Microsoft's engineers, obtaining a signing key. The signing key allows for the forging of tokens for Microsoft's Azure AD cloud service. The hacker, known as Storm 0558, was identified as a Chinese-based threat actor with espionage objectives. The targets of the breach included US and European diplomats, legislative government bodies, media companies, think tanks, and telecommunication equipment providers. Microsoft acknowledged that some safeguard breakdowns and flaws in the crash dump process enabled the exploit.
This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.
Links from the episode:
Insurer Fined $3M for Exposing Data of 650k Clients for Two Years
