Infosec Overnights - Daily Security News

Hello XD upgrades, Conti targets Intel, Sentient AI?, and more.


Listen Later

A daily look at the relevant information security news from overnight - 13 June, 2022

Episode 243 - 13 June 2022

Hello XD upgrades- https://www.bleepingcomputer.com/news/security/hello-xd-ransomware-now-drops-a-backdoor-while-encrypting/

Conti targets Intel -
https://www.cpomagazine.com/cyber-security/conti-ransomware-develops-proof-of-concept-code-for-firmware-attacks/

WannaFriendMe out of the Blox- https://www.techradar.com/news/this-ransomware-can-only-be-decrypted-by-going-to-the-roblox-store

Web3 Wallet seed stealer -
https://www.securityweek.com/chinese-hackers-adding-backdoor-ios-android-web3-wallets-seaflower-campaign

Bluetooth fingerprint -
https://threatpost.com/bluetooth-signals-track-smartphones/179937/

Sentient AI? -
https://www.theregister.com/2022/06/13/google_lamda_sentient_claims/

Hi, I’m Paul Torgersen. It’s Monday June 13th, 2022, and this is a look at the information security news from overnight.

From BleepingComputer.com
Researchers report increased activity of the Hello XD ransomware, which is based on the leaked source code of Babuk, with two significant notes. One is that the operators are now deploying an upgraded sample featuring stronger encryption that includes custom packing for detection avoidance and encryption algorithm changes. And two, they are now including an open-source backdoor named MicroBackdoor. Lots of details in the article.

From CPOMagazine.comm:
An analysis of leaked chats from the Conti ransomware group have found two items of note. Evidently the cybercrime group was planning firmware attacks targeting the Intel Management Engine. Such a compromise would allow threat actors to introduce a backdoor on Intel devices and execute commands without detection by OS-based security tools. The other interesting piece is that the chat logs seem to confirm a link between the Conti group and the Russian Foreign Services Bureau. Color me not surprised.

From TechRadar.com:
A new ransomware group called WannaFriendMe, is targeting gamers with the Chaos ransomware, which tries to pass itself off as Ryuk. The strange thing is, the decryptor is so easy, my kid can get it. I only say that because to get the decryptor, you need to log into a Roblox account and buy a specific game pass. Costs about $20.

From SecurityWeek.com:
Cybercriminals likely operating out of China are distributing backdoored versions of iOS and Android Web3 wallets in an effort to steal users’ seed phrase. This previously unreported campaign, dubbed SeaFlower, has been described as one of the most technically sophisticated threats targeting users of Web3 wallets ever seen. Details in the article.

From ThreatPost.com
Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. Their paper suggests that minor manufacturing imperfections in hardware are unique to each device, and cause measurable distortions which can be used as a basically a fingerprint to track a specific device. Details and a link to the research in the article.

And last today,...
...more
View all episodesView all episodes
Download on the App Store

Infosec Overnights - Daily Security NewsBy Paul Torgersen