Nearest neighbour attack: hacking one wifi to get access to another. First of a kind Linux bootkit.  

News

Hello friends,

I'm finally on the other side of the study mountain and it feels GOOD. I was actually able to sit back and take my time to read security news properly today, which also felt good. Looking forward to getting back in to the routine. Thanks for bearing with me everyone.

Enjoy this week's issue!

Cheers,

Dieter

The Nearest Neighbor attack: How a Russian APT weaponized nearby Wi-Fi networks for covert access

Very interesting write-up on how Russian state hackers succesfully breached an (unknown) organisation active in Ukraine, two years ago. They first tried to work their way into a web application through credential stuffing, but were blocked by 2fa. However, 2fa apparently wasn't required when you were on the local Wifi. To get on the Wifi, the attackers got access to the Wifi of the organisation's neighbours (two of them actually), to essentially have a geographically close jump-off point. There's a zero-day in there too somewhere.

The article is a short write-up, the full write-up from Volexity themselves can be found here.

arstechnica.com

Found on VirusTotal: The world’s first UEFI bootkit for Linux

For context: bootkits are malware designed to infect a computer's boot process, loading before the operating system and allowing it to gain control over a system at a very low level.

There seems to be an upward trend in Linux related malware interest overall. Rightfully so I suppose, I firmly sit in the camp of "Linux is the future" (and present ;-)).

This bootkit, called "Bootkitty", is a pretty crude proof of concept, with hardcoded memory offsets that are as likely to crash the system as anything else, and no attempt being made to defeat Secure Boot. But an interesting blip on the radar nonetheless.

arstechnica.com

Quick stories

  • Microsoft testing Windows 11 support for third-party passkeys: link.
  • Incident response diplomacy: UK to launch new capability to help attacked allies: link.
  • Over 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operation: link.
  • CrowdStrike avoids customer exodus after triggering global IT outage: link.

Breaches and leaks

  • UK hospital network postpones procedures after cyberattack: link.
  • Medical testing company LifeLabs failed to protect customer data, report finds: link.
  • Starbucks confirms Blue Yonder attack impacted employee scheduling platform: link.
  • New York fines Geico and Travelers $11.3M for pandemic-era breaches: link.
  • "Hilariously insecure": Andrew Tate's The Real World breached, 800,000 users affected: link.
  • Data broker exposes 600,000 sensitive files including background checks: link.
  • Hoboken closes city hall, local courts after pre-Thanksgiving ransomware attack: link.
  • Zello asks users to reset passwords after security incident: link.

Issues and fixes

  • QNAP addresses critical flaws across NAS, router software: link.
  • Hackers exploit critical bug in Array Networks SSL VPN products: link.
  • Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours: link.
  • Hackers exploit ProjectSend flaw to backdoor exposed servers: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.