Daily Drop (896): Samsung Galaxy 0-Day | Jeff Bezo | Hugging Face | Eurogas | Pwn2Own Ireland | TSMC: Sophgo | Georgian Dream (GD) party |
10-27-24
Sunday, Oct 27 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
Washington Post’s Non-Endorsement Sparks Controversy
Bottom Line Up Front (BLUF): Jeff Bezos’s decision to end The Washington Post’s presidential endorsement policy has sparked internal tension just weeks before the 2024 election. Staff criticized the shift, saying it may reflect management interference and risks compromising editorial independence.
Analyst Comments: A move like this suggests a significant departure from the Post's longstanding role in political endorsements, adding to a growing trend of major media owners reshaping traditional policies. Amid rising polarization, the decision reflects broader debates over neutrality, influence, and the media's role in elections.
FROM THE MEDIA: This decision is the first in over 30 years where the Post will remain neutral, a shift explained by CEO Will Lewis as a return to the publication's roots. Despite this, journalists and union representatives argue the move may influence editorial independence. The backlash mirrors a similar situation at the Los Angeles Times, where management blocked a planned endorsement of Harris, leading to editorial resignations.
READ THE STORY: FT
European Gas Industry Halts Worker Retraining Agreement
Bottom Line Up Front (BLUF): The European gas industry has withdrawn from a planned agreement, backed by the European Commission, to support worker retraining for roles in a low-carbon economy. This decision disrupts the "Just Transition" framework, initially intended to aid 220,000 workers amid the EU's decarbonization drive.
Analyst Comments: Eurogas’s withdrawal reflects industry reluctance over legally binding commitments. Without this framework, gas sector workers face fewer protections as fossil fuel demand declines, which could delay progress toward workforce adaptation in green industries.
FROM THE MEDIA: Since mid-2023, Eurogas and labor unions negotiated a binding framework to secure training and job protection as gas roles are phased out. Eurogas, representing firms like Shell and TotalEnergies, cited legal concerns in its decision to back out, proposing a non-binding approach instead. Unions, including EPSU and IndustriALL, criticized the move as undermining EU climate goals and worker support.
READ THE STORY: FT
Samsung Galaxy Zero-Day Exploited in the Wild
Bottom Line Up Front (BLUF): A 2023 investigation revealed the use of Russian commercial spyware against ta A critical zero-day vulnerability, CVE-2024-44068, affecting Samsung Galaxy devices using specific Exynos processors, is actively exploited in an attack chain allowing privilege escalation and remote code execution. Samsung patched the vulnerability on October 7, 2024, but users remain at risk if unpatched.
Analyst Comments: The exploitation of CVE-2024-44068 underscores increasing threats to mobile device security, primarily through privilege escalation in widely used hardware. While Samsung addressed the vulnerability in a recent patch, many devices may remain vulnerable if users delay updates. This incident highlights persistent risks posed by zero-days and emphasizes the need for rapid patch adoption in the mobile ecosystem.
FROM THE MEDIA: Google’s Threat Analysis Group (TAG) and security researchers Xingyu Jin and Clement Lecigene disclosed the use-after-free vulnerability in the Exynos processors, impacting models like Exynos 9820, 9825, and 990. Attackers have combined this flaw with others to target the privileged camera server process, disguising the process name for forensic evasion. To mitigate the threat, Samsung advised users to update devices with the October 2024 patch. This incident aligns with broader TAG observations on mobile zero-day exploitation, often used by spyware vendors and state-linked actors for espionage.
READ THE STORY: The Register // SECVUL // Google Project Zero
Pwn2Own Ireland 2024: Over $1 Million Awarded for Device Exploits
Bottom Line Up Front (BLUF): At the 2024 Pwn2Own competition in Ireland, ethical hackers earned over $1 million for identifying new vulnerabilities across multiple devices, including Samsung Galaxy smartphones, NAS devices, cameras, and printers.
Analyst Comments: The Viettel Cyber Security team topped the leaderboard, securing rewards for exploits across various devices, including printers, NAS devices, and more. Over the event, competitors demonstrated 70 new vulnerabilities, bringing the total payout to over $1 million. Despite high bounties for Pixel and iPhone vulnerabilities, no one pursued these targets, reflecting the technical challenge and ongoing defensive improvements.
FROM THE MEDIA: Across several days, participants demonstrated over 70 new exploits targeting popular consumer and enterprise devices, from QNAP NAS devices to Samsung Galaxy phones. The Vietnamese team, Viettel Cyber Security, led the event with $205,000 in earnings. Rewards for exploits were offered at up to $300,000, yet no teams pursued hacks against the Pixel 8, iPhone 15, or WhatsApp.
READ THE STORY: Security Week
TSMC Halts Chip Shipments to Sophgo Following Discovery of Huawei Processor
Bottom Line Up Front (BLUF): Taiwan Semiconductor Manufacturing Company (TSMC) has stopped supplying chips to Chinese tech firm Sophgo after discovering that its chips appeared in Huawei’s Ascend 910B AI processor. Due to national security concerns, the United States has barred Huawei from acquiring U.S.-based technologies, prompting TSMC to alert U.S. and Taiwanese authorities.
Analyst Comments: This incident underscores escalating geopolitical tension surrounding semiconductor access, particularly between China and the U.S. TSMC’s proactive measures highlight its cautious stance to avoid violating U.S. export controls and maintain regulatory compliance. Given China’s rising competitiveness in AI and semiconductor development, this issue could further strain cross-strait and international tech relations, potentially leading to stricter enforcement of export controls and heightened scrutiny on firms linked to Chinese tech advancements.
FROM THE MEDIA: TSMC halted shipments to Sophgo after the discovery of a TSMC-manufactured chip in Huawei’s Ascend 910B, as reported on October 26, 2024, by Reuters. During a teardown, techInsights initially discovered the TSMC chip within Huawei’s AI processor. In response, TSMC notified both the U.S. and Taiwanese authorities and initiated a shipment suspension to Sophgo, which was identified as an affiliate of Bitmain, a Chinese cryptocurrency and AI hardware company. Sophgo has yet to provide an official comment, while Huawei had stated that it had not used TSMC’s chips since 2020, when U.S. export restrictions were implemented. Both TSMC and Huawei emphasized compliance with these regulations, but this case has prompted further investigation and scrutiny from U.S. authorities.
READ THE STORY: Reuters
Georgia’s Election and Its Path Toward the EU or Russia
Bottom Line Up Front (BLUF): Georgia’s October 26 election could shape its future alignment, either reinforcing its relationship with the EU or drawing it closer to Russia. The election pits the ruling Georgian Dream (GD) party, led by the pro-Russian oligarch Bidzina Ivanishvili, against a pro-European coalition amid fears of voter intimidation and misinformation.
Analyst Comments: The stakes are high as GD’s anti-Western rhetoric and control of state institutions may lead to intensified repression if re-elected. An opposition victory could re-align Georgia with EU values but risks instability given GD’s influence and alleged manipulation.
FROM THE MEDIA: With EU accession at a standstill due to GD’s policies, President Salome Zourabichvili, the opposition, and pro-democracy groups are rallying against GD’s policies, framing the election as a choice between European integration and increased Russian influence. Concerns of election manipulation by GD are prompting calls for international attention to Georgia’s political trajectory.
READ THE STORY: FT
SMB Force-Authentication Vulnerability in OPA
Bottom Line Up Front (BLUF): Tenable Research discovered CVE-2024-8260, a Open Policy Agent (OPA) vulnerability that forces SMB authentication, potentially exposing NTLM credentials to attackers. This affects OPA CLI and Go SDK versions before v0.68.0.
Analyst Comments: This vulnerability underscores the risks of remote code execution when local tools are forced into SMB authentication routines. It emphasizes the importance of securing policy engines like OPA, mainly where integrations with third-party services can introduce credential exposure. The discovery also points to administrators’ need to restrict access to SMB servers and maintain software versions patched against credential relay vulnerabilities.
FROM THE MEDIA: Discovered during Tenable’s research into policy-as-code tools, CVE-2024-8260 affects OPA versions before v0.68.0 on Windows. When an attacker manipulates file-path arguments in OPA to pass a UNC path, the Windows authentication mechanism sends NTLM hashes to the attacker’s server. By setting up a responder on their machine, the attacker can capture these NTLM credentials, potentially using them in credential relay attacks or for offline cracking. The vulnerability was particularly prominent when OPA commands like opa eval were given remote UNC paths as arguments.
READ THE STORY: Tenable
Hugging Face’s HUGS vs. Nvidia's NIMs
Bottom Line Up Front (BLUF): Hugging Face launched HUGS, containerized inference microservices competing with Nvidia’s NIMs, supporting deployment on various hardware with lower costs than Nvidia’s ecosystem. HUGS runs on AMD GPUs, and will extend to other accelerators, unlike Nvidia's exclusive compatibility.
Analyst Comments: Hugging Face’s HUGS aims to broaden AI model deployment accessibility with flexible hardware support, making it an attractive option for cost-conscious developers, especially those using Meta’s and Google’s models. It signals a shift toward open-source, hardware-agnostic AI infrastructure.
FROM THE MEDIA: HUGS containers support a broad selection of models from Meta’s Llama 3.1 to Mistral's Mixtral, and pricing runs about $1/hour on AWS and Google Cloud, substantially undercutting Nvidia for large-scale model deployment.
READ THE STORY: The Register
Multiple Vulnerabilities in Siemens InterMesh Devices
Bottom Line Up Front (BLUF): Siemens has disclosed four critical vulnerabilities in InterMesh Subscriber devices, including CVE-2024-47901, which enables unauthenticated remote code execution with root privileges. Patches and mitigations are available, and Siemens advises updating devices immediately.
Analyst Comments: With a CVSS score of 10.0, CVE-2024-47901 poses a severe risk, particularly for industrial networks. The vulnerabilities highlight the need for heightened endpoint security on networked industrial devices to prevent unauthorized control.
FROM THE MEDIA: Siemens’ InterMesh devices, commonly used in industrial environments, are impacted by vulnerabilities that allow privilege escalation, remote code execution, and unauthorized file modifications. Patches are available, and Siemens advises restricting network access to trusted devices and updating to secure firmware versions for critical protection.
READ THE STORY: CERT Siemens
Radiant Capital Developer Device Compromise Leads to $50 Million Hack
Bottom Line Up Front (BLUF): Radiant Capital reported that a sophisticated malware injection on three core developers’ devices led to a $50 million exploit on BNB and Arbitrum networks. The attackers used this malware to approve malicious transactions disguised as legitimate multi-signature approvals.
Analyst Comments: This hack highlights risks in Web3 security models reliant on multi-signature setups. Compromised devices allowed the attackers to bypass traditional security interfaces, underscoring the need for stro
FROM THE MEDIA: Hackers used malware to compromise developer devices, allowing them to intercept and sign malicious transactions during a standard multi-signature adjustment. Although Safe{Wallet} remained secure, attackers used the developers' devices to create malicious transaction approvals. Security teams SEAL911 and Hyperactive verified the malware’s sophistication, which masked unauthorized approvals. Radiant Capital advised users to revoke approvals across all networks, including BNB, Ethereum, and Arbitrum.
READ THE STORY: Coin Telegraph
LinkedIn Fined €310 Million for GDPR Violations
Bottom Line Up Front (BLUF): Ireland’s Data Protection Commission fined LinkedIn €310 million ($335 million) for GDPR violations concerning its data handling and ad-targeting practices. The Microsoft-owned platform was cited for non-compliance with “lawfulness, fairness, and transparency” requirements under EU privacy laws.
Analyst Comments: This fine reflects the EU's commitment to enforcing GDPR, targeting practices that exploit user data without adequate legal grounds. The sizable penalty emphasizes regulators’ focus on holding major platforms accountable and may prompt stricter data processing policies across the industry.
FROM THE MEDIA: The DPC, LinkedIn’s lead EU regulator due to its Dublin headquarters, investigated LinkedIn’s ad-targeting practices and found it lacked a legal basis to process data for personalized advertising. LinkedIn maintains that it has complied with GDPR but is adjusting its ad practices to meet DPC standards.
READ THE STORY: Security Week
CVE’s 25th Anniversary Report
Bottom Line Up Front (BLUF): CVE commemorates 25 years of vulnerability identification, expanding from a single-source database to a global framework with over 400 partners. This evolution emphasizes automation, enriched data sharing, and readiness to address emerging risks like AI vulnerabilities.
Analyst Comments: CVE’s shift towards automated workflows and federated data exchange strengthens its role in vulnerability management, particularly in high-complexity environments. The program’s focus on AI and IoT vulnerabilities indicates a proactive approach to next-gen cybersecurity.
FROM THE MEDIA: Since 1999, CVE has standardized vulnerability categorization worldwide, with ongoing enhancements in automation and partnerships, ensuring comprehensive identification and monitoring capabilities for emerging cybersecurity threats.
READ THE STORY: CVE
Items of interest
We’re All in This Together: A Year in Review of Zero-Days Exploited In the Wild in 2023
Bottom Line Up Front (BLUF): Google’s report identified 97 zero-day exploits, with the top three areas targeted being mobile OS vulnerabilities, browsers, and third-party software components. Commercial surveillance vendors (CSVs) were especially active in leveraging these exploits.
Analyst Comments: The concentration on mobile and browser vulnerabilities shows attackers adapting to popular user environments. The third-party software vulnerabilities emphasize supply chain weaknesses, while CSV activity indicates a growing commercial market for zero-day exploits, especially among state-backed actors.
FROM THE MEDIA: TAG reports that mobile OSs, browsers, and third-party software were the primary zero-day targets in 2023. Mobile and browser exploits largely affected high-risk espionage targets, while CSVs were implicated in over 75% of attacks on Google products. With enterprise security tools being compromised more frequently, the need for robust zero-day defenses across all software types is becoming increasingly apparent.
READ THE STORY: Google TAG
Friendshoring the Lithium-Ion Battery Supply Chain (Video)
FROM THE MEDIA: It's possible to earn millions of dollars finding zero days and vulnerabilities in software. But are you prepared to put in the work?
Browser Exploitation Introduction (Video)
FROM THE MEDIA: This stream includes retired content from the SANS SEC760 "Exploit Dev" course. It will focus on Use After Free exploitation of an outdated Internet Explorer version. I'll follow it up with another stream on browser memory leaks.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.