Independent researcher reveals over 15,000 hardcoded secrets at Defcon. The Trump campaign gets hacked. There’s a new ransomware attack aimed at home users. And a new type of attack – GPS spoofing is hitting commercial aircraft in flight.
Welcome to Cyber Security Today. I’m your host, Jim Love.
As an update to our weekend panel discussion where we talked about US companies being tricked into hiring North Korean hackers.
Federal authorities arrested Matthew Isaac Knoot from Nashville for hosting laptops at his residence to help North Korean nationals deceive U.S. companies into hiring them as remote IT workers. The scheme involved using a stolen identity to pose as a U.S. citizen, with the income funneled to North Korea’s weapons program. Knoot allegedly installed remote desktop applications on company-issued laptops, enabling the foreign nationals to work from abroad while appearing to be in the U.S. He was paid fees for his services, including a percentage of the salaries..
Great to see the authorities taking this seriously
Source: ArsTechica
At the Defcon security conference in Las Vegas last week, independent researcher Bill Demirkapi revealed a massive trove of exposed corporate secrets and website vulnerabilities he discovered by tapping into overlooked data sources.
Demirkapi found over 15,000 hardcoded developer secrets, including passwords, API keys, and authentication tokens that could give cybercriminals access to company systems.
Additionally, he identified 66,000 websites with dangling subdomain issues. While many companies regularly create subdomains for a variety of purposes, including testing, failure to manage these creates a real exposure of exploitation or even takeovers of the subdomains. Â Even major websites like The New York Times had these weaknesses. Reportedly, Demirkapi was able to post a fictitious article about Russia and the US going to war on the site, an article that remained online for a week.
How did he do this? Demirkapi’s approach involved using unconventional datasets, for example, he used a service established by Google that allows developers to scan their code for malware called VirusTotal. Using the same approach that Google used to scan the untold millions of lines of code, he was able to look for exposed secrets and identify these at a massive scale.
There were credentials linked to Nebraska’s Supreme Court IT systems and Stanford University’s Slack channels. Other examples included a major smartphone manufacturer, customers of a fintech company, and a multibillion-dollar cybersecurity company. But there were thousands of other organizations that inadvertently exposed secrets including passwords, API keys and more.
As it would be impossible to notify all those who he found who were exposed, Demirkapi  developed methods to automatically revoke exposed secrets, working with companies like OpenAI to implement efficient reporting systems. Reportedly, others that he approached, such as GitHub and even a major cloud provider we less helpful even when he revealed the extend of issues affecting their customers.
Demirkapi’s work demonstrates the value of leveraging large data sources and in finding unconventional ways to improve cybersecurity across the web. But the sheer scale of errors is a wakeup call – despite the years of warnings and the increasing number of attacks, the sloppiness that allows a huge number of secrets to remain open and exposed is astonishing. But equally, the reluctance of organizations whose customers and members are exposed to engage with Demirkapi, is equally shocking.
Sources include: Wired
A surge in Magniber ransomware attacks is impacting home users worldwide, encrypting personal devices and demanding hefty ransoms. This campaign, which began on July 20, 2024, has seen nearly 720 submissions to the ransomware identification site ID-Ransomware.
Lawrence Abrams, a cybersecurity expert, explains: “Unlike the larger ransomware operations, Magniber has primarily targeted individual users who download malicious software and execute it on their home or small business systems.”
The ransomware typically spreads through software cracks and key generators, encrypting files and demanding $1,000 to $5,000 in Bitcoin for decryption. Unfortunately, there’s currently no free method to decrypt files affected by the latest Magniber variants.
Abrams warns: “It is strongly advised to avoid software cracks and key generators as it’s not only illegal but also a common method used to distribute malware and ransomware.”
As this Magniber campaign continues to target unsuspecting home users, cybersecurity experts stress backup strategies and cybersecurity awareness for individual users. And if it still needs to be said, cracked or illegal software is an open invitation to data loss – both personally and corporately.
Some of you might be old enough to remember – Don’t do the crime if you can’t do the time.
Sources include: Bleeping Computer
Here’s a new vulnerability that we might not think about, but which affects us all.
GPS spoofing attacks on commercial airlines have taken an alarming new turn, cybersecurity researchers warn. These digital assaults, which can divert planes off course, are now capable of “hacking time” on aircraft systems.
Ken Munro, founder of British cybersecurity firm Pen Test Partners, explains: “We think too much about GPS being a source of position, but it’s actually a source of time. We’re starting to see reports of the clocks on board airplanes during spoofing events start to do weird things.”
In one recent incident, a major Western airline’s plane had its onboard clocks suddenly jump forward by years, disrupting critical communication systems. The aircraft was grounded for weeks as engineers manually reset its systems.
These attacks have surged 400% in recent months, according to aviation advisory body OPSGROUP. While GPS spoofing won’t directly cause a crash, Munro cautions it could trigger a dangerous chain of events.
“You run the risk of starting what we call a cascade of events, where something minor happens, something else minor happens, and then something serious happens,” he said.
And up until now, I was only worried about getting sucked out the emergency door on a Boeing.
Sources include: Reuters
That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick.
I have to say that it’s an increase in workload, but I’m enjoying hosting this show. Let me know how we’re doing and what we need to do to keep this relevant for you.
I created an email editor@cybersecuritytoday.ca
Love to hear from you.
I’m your host, Jim Love. Thanks for listening.