Open Source CyberSecurity News – 8/5/2021
Black Hat 2021, “Hacking a Capsule Hotel – Ghost in the Bedrooms,” by Supa
A series of vulnerabilities in internet of things (IoT) devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms’ amenities – and punish a loud neighbor.
An inadvertent bug hunt began when Kya Supa, security consultant at LEXFO, was traveling overseas on vacation. He spent a few nights in a so-called “capsule hotel,” which refers to accommodations that consist of tiny rooms stacked side-by-side. In an effort to make up for space constraints, these kinds of digs tend to offer a few electronic bells and whistles, and according to Supa, this particular hotel was no different.
Continue reading: https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/
Facebook Stops NYU Researchers From Examining Misinformation, Is Criticized for ‘Silencing’ Transparency Efforts
Facebook shut down the accounts of researchers at New York University’s Ad Observatory who were studying misinformation, saying the team of experts had violated the company’s policies on automated collection of user data.
The researchers argue that the social media giant shut down their access because their research, which has focused on misleading political advertisements and vaccine misinformation, has drawn negative attention to the company. The shutdown builds on years of tension between researchers and the platform. Researchers argue that they deserve special exemptions from Facebook’s policies banning the automatic collection of data from the platform because it holds valuable insights into how the company influences democracy and social issues in the U.S.
continue reading: https://www.cyberscoop.com/facebook-nyu-research-misinformation/
Newly Discovered Cobalt Strike Bugs Could Allow the Takedown of Attackers’ Servers
As you might already know Cobalt Strike is a legitimate penetration testing tool that can be used as an attack framework by red teams. Red Teams are groups of security professionals that try to attack their own organization’s infrastructure in order to discover security gaps and vulnerabilities.
Unfortunately, Cobalt Strike is used also by threat actors for post-exploitation purposes after the deployment of so-called beacons that are able to provide them with persistent remote access to compromised devices.
Continue reading: https://heimdalsecurity.com/blog/newly-discovered-cobalt-strike-bugs-could-allow-the-takedown-of-attackers-servers/
There’s Been a Rise in Stalkerware. And the Tech Abuse Problem Goes Beyond Smartphones
At the Black Hat cybersecurity conference in Las Vegas this week, Lodrina Cherne, Principal Security Advocate at Cybereason and Martijn Grooten, consultant and coordinator at the Coalition Against Stalkerware said that the COVID-19 pandemic has prompted a surge in the use of stalkerware in intimate partner violence (IPV) and gender-based violence.
Continue reading: https://www.zdnet.com/article/theres-been-a-rise-in-stalkerware-and-the-tech-abuse-problem-goes-beyond-smartphones/
A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service
Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.
Continue reading: https://thehackernews.com/2021/08/a-wide-range-of-cyber-attacks.html