Daily Drop (506)

06-01-23

Thursday, Jun 01, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob

Worried about China, U.S. lays out ‘space diplomacy’ goals

Analyst Comments: The Strategic Framework for Space Policy reflects the growing concerns and competition between the United States and China in space activities. It underscores the need for international partnerships and a rules-based order to address the challenges and threats posed by advancements in space technology. The focus on commercial space travel highlights the changing dynamics and importance of satellite data for various global issues. However, the lack of specific details and potential tensions between promoting the U.S. space industry and protecting national security raises questions about the implementation and effectiveness of the framework.

FROM THE MEDIA: The U.S. State Department has unveiled a "Strategic Framework for Space Policy" to establish a "rules-based international framework" for managing competition in outer space, particularly with China. The document highlights China's assertive space policy and its intention to match or surpass the United States by 2045. The framework aims to build international partnerships, promote a rules-based international order, and secure the U.S. and its allies from space-enabled threats. It also addresses the rise of commercial space travel and the need to balance cooperation with competitors and rivals while protecting national security. However, the report lacks specific details on how the goals will be met or how compliance with norms of behavior will be ensured. The framework does not address unidentified aerial phenomena or possible future contacts with extraterrestrial civilizations.

READ THE STORY:   The Washington Post

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Analyst Comments: The discovery of the hidden firmware mechanism in Gigabyte motherboards underscores the importance of robust security practices in the design and implementation of the firmware. The insecure implementation of the updater mechanism creates opportunities for malicious actors to exploit the firmware to install unauthorized software or carry out supply chain attacks. The potential for man-in-the-middle attacks and the lack of proper authentication mechanisms highlight the need for stronger security measures in firmware updates. Gigabyte's response and efforts to address the vulnerabilities will be crucial in restoring user trust.

FROM THE MEDIA: Researchers from cybersecurity firm Eclypsium have discovered a hidden mechanism in the firmware of Gigabyte motherboards, commonly used in gaming PCs and high-performance computers, that allows for the installation of software without user involvement. While the code was intended to keep the motherboard firmware updated, it has been implemented insecurely, potentially allowing it to be hijacked by malicious actors to install malware. The firmware mechanism poses challenges for users to remove or detect, as it operates outside the operating system. Eclypsium has identified 271 models of Gigabyte motherboards that are affected.

READ THE STORY:   Wired

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

Analyst Comments: The targeting of Apache NiFi instances highlights the importance of securing critical infrastructure and applying necessary patches and security measures. The use of publicly disclosed vulnerabilities underscores the need for prompt patching and regular vulnerability management practices. Organizations using NiFi servers should ensure they have implemented appropriate security controls, such as access controls, network segmentation, and monitoring, to mitigate the risk of unauthorized access and data compromise. It is crucial to stay up to date with security advisories and promptly address any vulnerabilities or weaknesses in the software or systems being used.

FROM THE MEDIA: A financially motivated threat actor is actively targeting unprotected Apache NiFi instances to install a cryptocurrency miner and facilitate lateral movement. The SANS Internet Storm Center (ISC) observed a surge in HTTP requests for "/nifi" on May 19, 2023. The attacker gains persistence through timed processors or cron entries, ensuring the attack scripts remain in memory only. The initial foothold involves dropping a shell script to remove files, disable the firewall, terminate competing crypto-mining tools, and launch the Kinsing malware from a remote server. This campaign exploits publicly disclosed vulnerabilities in publicly accessible web applications. Attacks on NiFi servers also involve collecting SSH keys to access other systems within the victim's organization. The campaign originates from the IP address 109.207.200[.]43 on ports 8080 and 8443/TCP. NiFi servers, known for handling critical data processing tasks, are attractive targets if not properly secured.

READ THE STORY:   THN

U.S. Aims to Restrict Investment in Chinese Semiconductor, AI, and Quantum Computing Industries

Analyst Comments: The proposed rules to restrict investments and know-how transfer to Chinese companies working on advanced technologies reflect the U.S. government's growing concerns about national security and China's technological advancements. The focus on sectors such as semiconductors, artificial intelligence, and quantum computing highlights the strategic importance of these areas and the desire to prevent China from gaining a military advantage through access to American investments and expertise. The scrutiny of exports to Huawei and the denial of export license applications further indicate the U.S. government's efforts to limit China's access to sensitive technologies. These measures aim to counter the perceived risks associated with technology transfer and protect U.S. interests in the face of growing competition with China.

FROM THE MEDIA: The U.S. Treasury is considering new rules to restrict American investments and know-how in Chinese companies working on advanced semiconductors, artificial intelligence, and quantum computing. The proposed restrictions aim to curb investment that brings expertise to specific sectors, citing concerns about China's military. The Biden administration plans to ban investments in some Chinese technology companies and increase scrutiny of others to prevent the transfer of capital and valuable know-how that could advance Beijing's military. Additionally, the U.S. Commerce Department is analyzing the revocation of export licenses for supplying U.S.-origin goods to Chinese telecommunications company Huawei. Last year, a significant portion of export license applications to China were denied or returned without action to prevent sales that could contribute to Beijing's militarization.

READ THE STORY:   Reuters

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Analyst Comments: The discovery of potential backdoor-like behavior in Gigabyte systems raises concerns about the security of UEFI firmware. The insecure update mechanism and the ability for attackers to manipulate the firmware present significant risks, potentially leading to persistent malware and subversion of security controls. The large number of affected systems highlights the importance of prompt action to apply firmware updates and implement security measures to protect against potential attacks. The incident underscores the critical role of firmware security in safeguarding computer systems and the need for manufacturers to prioritize secure design and development practices.

FROM THE MEDIA: Researchers from Eclypsium have discovered a potential backdoor-like behavior in Gigabyte systems, which allows the UEFI firmware to drop a Windows executable and retrieve updates in an insecure format. The executable is embedded into the UEFI firmware and launched as an update service during the system boot process. However, the application is configured to download and execute a payload from Gigabyte update servers over plain HTTP, making it susceptible to man-in-the-middle attacks. The vulnerability affects around 364 Gigabyte systems and an estimated 7 million devices. The compromised firmware could enable stealthy UEFI bootkits and implants, persisting even if the drives are wiped and the operating system is reinstalled. Users are advised to apply firmware updates, disable the vulnerable feature, and set a BIOS password to mitigate risks.

READ THE STORY:   THN

Adversaries can reconstruct classified information from unclassified data, warns White House official

Analyst Comments: The warning from the acting national cyber director underscores the evolving nature of cyber threats and the challenges they pose to national security. The ability to reconstruct classified information from stolen unclassified data highlights the importance of robust security measures for both classified and unclassified information. The involvement of nation-state adversaries, such as China, in cyber theft and data manipulation raises concerns about the role of technology companies and the potential for them to support intelligence activities. The introduction of new contracting requirements, like the CMMC, is a step towards enhancing information security across defense supply chains.

FROM THE MEDIA: Kemba Walden, the acting national cyber director at the White House, has warned that the ability of nation-state adversaries to steal unclassified information and reconstruct classified information from it poses a major security challenge for NATO members. Walden highlighted that cyber spies can now steal unclassified data and use advanced data analysis techniques to piece together sensitive material with serious national security implications. The theft of defense contractor information and large datasets by hackers, attributed to China, has raised concerns about the role of Chinese technology companies in processing and utilizing the stolen data for intelligence purposes. The US is addressing these risks by implementing new contracting requirements, such as the Department of Defense's Cybersecurity Maturity Model Certification (CMMC), to ensure appropriate information security measures are met by all suppliers involved in handling sensitive data.

READ THE STORY:   The Record

Taiwan's Tech Giants Show Optimism for Alternatives to x86 in Data Centers and Further Applications

Analyst Comments: The presence of the ASRock motherboard and the interest shown by Taiwanese companies in Altra CPUs suggest a growing interest in Arm-based architectures for on-premises workloads. The developments showcased at Computex highlight the maturing competition in the enterprise workload space and the increasing choices available to consumers. These advancements may have significant implications for gaming and cloud technologies, signaling potential changes in the future. The engagement and support from Taiwan's major tech manufacturers reflect a positive outlook for Arm, Ampere, and Nvidia, indicating their potential as the next opportunity for the industry.

FROM THE MEDIA: The Computex exhibition in Taiwan, known for showcasing PC technologies, highlighted the country's influence in the tech industry. While gaming PCs dominated the show floor, The Register discovered ASRock's Rack ALTRAD8U-1L2T motherboard designed for Ampere's Altra and Altra Max CPUs based on the Arm architecture. Ampere has already gained prestigious customers like Oracle and Microsoft for its Altra architecture. Taiwanese OEM 7StarLake revealed rugged server designs using Altra, attracting interest from a major US aerospace company and a multinational railway infrastructure concern. The event also featured talks from Arm and Nvidia, indicating Taiwan's enthusiasm for server-class designs and accelerator architectures.

READ THE STORY:   The Register