Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Black hat. Show all posts

LogoFAIL: UEFI Vulnerabilities Unveiled

The discovery of vulnerabilities is a sharp reminder of the ongoing conflict between innovation and malevolent intent in the ever-evolving field of cybersecurity. The tech community has been shaken by the recent discovery of LogoFAIL, a set of vulnerabilities hidden in the Unified Extensible Firmware Interface (UEFI) code that could allow malicious bootkit insertion through images during system boot.

Researchers have delved into the intricacies of LogoFAIL, shedding light on its implications and the far-reaching consequences of exploiting image parsing vulnerabilities in UEFI code. The vulnerability was aptly named 'LogoFAIL' due to its origin in the parsing of logos during the boot process. The severity of the issue is evident from the fact that it can be exploited to inject malicious code, potentially leading to the deployment of boot kits — a type of malware capable of persistently infecting the system at a fundamental level.

The vulnerability was first brought to public attention through a detailed report by Bleeping Computer, outlining the specifics of the LogoFAIL bugs and their potential impact on system security. The report highlights the technical nuances of the vulnerabilities, emphasizing how attackers could exploit weaknesses in UEFI code to compromise the integrity of the boot process.

Further exploration of LogoFAIL is presented in a comprehensive set of slides from a Black Hat USA 2009 presentation by researcher Rafal Wojtczuk. The slides provide an in-depth analysis of the attack vectors associated with LogoFAIL, offering valuable insights into the technical aspects of the vulnerabilities.

In a more recent context, the Black Hat Europe 2023 schedule includes a briefing on LogoFAIL, promising to delve into the security implications of image parsing during system boot. This presentation will likely provide an updated perspective on the ongoing efforts to address and mitigate the risks that LogoFAIL poses.

The gravity of LogoFAIL is underscored by additional resources such as the analysis on binarly.io and the UEFI Forum's document on firmware security concerns and best practices. Collectively, these sources highlight the urgency for the industry to address and remediate the vulnerabilities in the UEFI code, emphasizing the need for robust security measures to safeguard systems from potential exploitation.

Working together to solve these vulnerabilities becomes critical as the cybersecurity community struggles with the consequences of LogoFAIL. The industry must collaborate to establish robust countermeasures for the UEFI code, guaranteeing system resilience against the constantly changing cyber threat environment.


Seasides Conference: Interviewing Prashant Kv and Parveen

1) Could you please start by telling us a bit about yourself and your background? 

Prashant: Hi, my name is Prashant KV. I have been working in information security for more than 15 years. I started my career as a developer and then transitioned into application security. Over the years, I have managed and led many penetration testing, source code review, and other InfoSec tasks. and led many penetration testing, source code review, and other InfoSec tasks. 

I was a part of the null and OWASP Bangalore chapter until 2013. In 2013, I moved to the USA, and I have been living here ever since. Presently, I also manage the OWASP Bay Area chapter. 

Parveen: Parveen, who possesses over 12 years of experience, currently serves as a Product Security Analyst at an Organization specializing in bug bounties. His expertise spans various areas, including Web application testing, Network penetration testing, Thick Client Testing, security assessment of Large Industry printers, Red Teaming, and Mobile Application Testing. In addition to his professional role, Parveen is the co-founder of the OWASP Seaside Conference in Goa and the founder of Bug Bounty Village. He has also presented at both the C0c0n and Seasides Conference. 

2) What inspired you to start the Seasides Conference? Maybe share a story of how you came up with the idea for the Seasides Conference.  

Prashant: Barring a few exceptions, I have attended almost all Nullcon events to date. During the Nullcon training days, we used to simply roam around on the beaches. At that time, we thought, "Why not do something useful?" The idea came to us: "Why not organize some free events that provide quality education to individuals from humble backgrounds?" Hence, the idea of Seasides was born. We were fortunate that Bugcrowd was our first sponsor, and then we secured good sponsors all along the way. If it weren't for the generous sponsorships and our enthusiastic team, we would not have been able to sustain this event.  

Parveen: The Seasides conference's motto is to offer free cybersecurity training to the community, aligning with the ethos of the hacking culture that believes knowledge should be freely accessible to all. We aim to foster the growth of the cybersecurity community without imposing the burden of conference fees on individuals seeking to expand their knowledge in this field. 

3) What were the major challenges you faced in the early stages of establishing the conference? 

Prashant: Finding a venue within our budget was a major challenge. The first event we organized took place at a location with false partitions and no air conditioning. Nevertheless, people showed up with great enthusiasm, and the event was a huge success. We only determine our expenditure after we have estimates of sponsorship, which helps us keep ourselves in check. 

Parveen: The major challenge we faced was figuring out how to initiate the conference and garner support from sponsors, especially given our limited experience in conference management. Initially, our plan was to provide training to only 30-40 students. However, as things progressed, the cybersecurity community in India expressed significant interest in our event. Consequently, we had to transition from a limited number of students to an open-ended approach while still maintaining our commitment to free access and ensuring the quality of the training materials. 

Over time, sponsors began to place their trust in our initiatives, and they started providing sponsorship. Last year, our conference saw tremendous growth, with more than 500 attendees participating. 

4) What are the primary objectives and goals of the Seasides Conference? Perhaps you can elaborate on the main themes of the Conference. 

Prashant: The main objective of the conference is to provide premium quality training to attendees free of cost. We consider the event a success even if we are able to change just one life. Our event primarily consists of training sessions, the topics of which can help students and professionals enter the field of cybersecurity or master certain subjects. This year, we have each day dedicated to specific skill levels. For example, the first day is for advanced training, the second day is for basic level, and the third day focuses on enterprise security-related topics. 

One of the major fun aspects of the conference is our memes and informational posts. We are fortunate that our core group of volunteers has grown from single digits to more than 50 today. Our volunteering team thoroughly enjoys creating memes and blending humor with technology. 

Parveen: We have consistently adhered to the principle that our conference should revolve solely around the sharing of knowledge. Our traditional sessions on topics such as application security, blockchain security, and car hacking will remain a staple. As always, training sessions, meals, and social events will continue to be free and accessible to all. 

We proudly organize Seasides (https://www.seasides.net), a no-cost Infosec conference in India. The conference's primary goal is to provide high-quality cybersecurity training to everyone, free of charge. Furthermore, we extend a scholarship opportunity of 5,000 INR to underprivileged students, enabling them to participate in this event. 

5) How does the conference contribute to the cybersecurity and technology community? 

Prashant: The main objective is to expose students and professionals to various domains in information security. In addition to raising awareness, our events have also assisted many young students in securing jobs. Our sponsors actively seek out talented individuals, and we have successfully recruited some excellent candidates from the event.  

Parveen: In our own modest manner, we are contributing to the growth of India's cybersecurity ecosystem. Last year, several organizations conducted recruitment activities at our conference and even extended job offers on the spot, including many of our scholarship recipients. We are optimistic that more organizations will recognize the talent pool at Seasides and choose to recruit skilled individuals from our event in the future. 

6) There are several renowned cybersecurity conferences like DEFCON, BlackHat, and our own Indian NULL. How does Seasides Conference differentiate itself from these events which is to mean what unique features or offerings does the Seasides Conference bring to the table that sets it apart from other similar conferences? 

Prashant: We aspire to be among the list of conference names you mentioned. Nullcon has done a fabulous job of attracting top-quality researchers from all over the world to India. Nullcon is widely regarded as the best conference in Asia, and many of us have grown and learned through our experiences at Nullcon. 

Our primary focus is on students and young professionals who wish to enter this field. Many students face financial constraints when it comes to covering travel, accommodation, and conference fees. We aim to provide them with the opportunity to experience the atmosphere of world-class conferences without worrying about the cost. 

Parveen: Most of the conferences mentioned above serve as excellent platforms for connection, learning, and networking. However, attending these conferences often comes with substantial financial expenses, which not everyone in India can readily afford. In contrast, Seasides offers high-quality training completely free of cost, making it accessible to anyone on a first-come, first-served basis. 

7) How has the Seasides Conference fostered a sense of community among attendees, speakers, and participants? 

Prashant: As mentioned earlier, our core group of volunteers has grown from single digits to more than 50 today. Even after the conference, team members stay in touch and are always on the lookout to take the conference to the next level. In that way, we are a close-knit community.  

Parveen: Fortunately, all of our speakers have generously offered their training services free of charge up to this point, sharing the same goal of educating and nurturing young minds in the field of cybersecurity. This year, we are introducing a change by compensating our workshop trainers for their dedication and hard work. Additionally, we are bringing in renowned experts from outside India to share their experiences and provide valuable insights to our attendees. 

8) What opportunities does the conference provide for networking and collaboration within the cybersecurity field? 

Prashant: Seasides parties are always legendary, and as much as people look forward to the training, they also eagerly anticipate the Seasides parties. This is a crucial aspect of our networking. In addition to that, we have WhatsApp groups and social media interactions that facilitate collaboration among attendees. 

Parveen: Our conference draws a diverse audience, including both professionals and students, creating a valuable opportunity for mutual connection and learning. To further enhance the experience, we are introducing a Career Booster session at the conference. In this session, esteemed professionals will review resumes and assess aptitude through interviews, providing students with a unique opportunity to gain real interview experience. 

Furthermore, this year, we are introducing a distinctive element by bringing in an English teacher. This instructor will focus on teaching effective communication and interview skills, equipping attendees with essential abilities to excel in their careers. 

9) How do you ensure a balance between technical depth and accessibility for a diverse audience? 

Prashant: We have wCTF, a dedicated Capture The Flag (CTF) competition, to encourage more women to participate in playing CTFs. We consistently have a good number of women trainers and attendees. With a wide range of training sessions, we strive to ensure that people of all skill levels can attend the event and derive value from it. 

Parveen: To create a well-rounded conference experience, we implement several strategies. First and foremost, we curate a diverse speaker lineup that caters to a wide range of expertise levels and backgrounds. This ensures attendees have a plethora of options, from deep technical talks to more accessible introductions. Additionally, we organize the conference into distinct tracks, separating highly technical sessions from those more suitable for beginners. To further enhance the learning experience, we offer workshops and training sessions tailored to various skill levels.  

Our panel discussions provide high-level insights and encourage engaging conversations for a broader audience. Session descriptions are meticulously crafted to indicate the intended audience and technical depth, empowering attendees to make informed choices. Moreover, we foster networking opportunities, enabling knowledge exchange between beginners and experts. Q&A sessions following talks allow attendees to seek clarification and bridge the gap between technical depth and accessibility. Lastly, we highly value attendee feedback, using it to refine future conferences and strike the perfect balance between technical depth and accessibility. 

10) As the founder, where do you envision the Seasides Conference in the next few years? Any plans for expansion or evolution?  

Prashant: We aim to introduce more hardware hacking sessions and invite more researchers who specialize in hardware hacking. This is one area where we aspire to make a contribution and encourage the growth of hardware hacking expertise within India. 

Parveen: As the founder of the Seasides Conference, I am fully dedicated to charting a dynamic and promising course for our event's future. To begin, we are committed to extending the conference's influence well beyond the borders of India. This will be achieved through the inclusion of virtual components and the organization of satellite events across diverse regions, aiming to attract an international audience eager to engage with our vibrant cybersecurity community. Additionally, we will introduce specialized tracks dedicated to emerging trends within the field. These tracks will explore cutting-edge topics such as AI and machine learning security, IoT security, quantum computing, and revolutionary technologies like blockchain. This forward-looking approach ensures that our attendees remain at the forefront of the ever-evolving cybersecurity landscape. 

11) Is there anything else you'd like to share with the CySecurity News audience about the Seasides Conference or your journey as its founder? 

Prashant: A tremendous amount of effort goes into the planning and execution of this event. Beyond the goodwill it generates, we don't expect much in return. All we ask from attendees is to share some kind words on their own accord. Particularly, we appreciate it when they express gratitude towards our sponsors and hardworking volunteers. 

Parveen: My journey as a co-founder of the Seasides conference is undoubtedly rewarding and heartwarming. The stories of students receiving scholarships and job opportunities through Seasides, and how it positively impacts their lives and families, are incredibly fulfilling. It's a testament to the valuable work our team is doing to support and empower the cybersecurity community. The sense of making a meaningful difference in people's lives and contributing to the growth of the industry is a source of great pride and satisfaction.  

12) Lastly, how can interested individuals learn more about the Seasides Conference and get involved? 

Prashant: Certainly, I encourage anyone interested in volunteering for Seasides to check out the website at www.seasides.net and follow their social media handles. You can also reach out to them via direct message (DM) as they are always on the lookout for new volunteers with diverse backgrounds and skills. 

AI Malware vs. AI Defences: WormGPT Cybercrime Tool Predicts a New Era

 

Business email compromise (BEC) attacks are being launched by cybercriminals with the assistance of generative AI technology, and one such tool used is WormGPT, a black-hat alternative to GPT models that has been designed for malicious goals. 

SlashNext said that WormGPT was trained on a variety of data sources, with a concentration on malware-related data. Based on the input it receives, WormGPT can produce highly convincing phoney emails by creating language that resembles human speech. 

Screenshots of malicious actors exchanging ideas on how to utilise ChatGPT to support successful BEC assaults are shown in a cybercrime form, demonstrating that even hackers who are not fluent in the target language can create convincing emails using gen AI. 

The research team also assessed WormGPT's potential risks, concentrating particularly on BEC assaults. They programmed the tool to generate an email intended to persuade an unsuspecting account manager into paying a fake invoice.

The findings showed that WormGPT was "strategically cunning," demonstrating its capacity to launch complex phishing and BEC operations, in addition to being able to use a convincing tone. 

The research study noted that the creation of tools highlights the threat posed by generative AI technologies, including WormGPT, even in the hands of inexperienced hackers.

"It's like ChatGPT but has no ethical boundaries or limitations," the report said. The report also highlighted that hackers are developing "jailbreaks," specialised commands intended to trick generative AI interfaces into producing output that may involve revealing private data, creating offensive content, or even running malicious code. 

Some proactive cybercriminals are even going so far as to create their own, attack-specific modules that are similar to those used by ChatGPT. This development could make cyber defence much more challenging. 

"Malicious actors can now launch these attacks at scale at zero cost, and they can do it with much more targeted precision than they could before," stated SlashNext CEO Patrick Harr. "If they aren't successful with the first BEC or phishing attempt, they can simply try again with retooled content." 

The growth of generative AI tools is adding complications and obstacles to cybersecurity operations, as well as highlighting the need for more effective defence systems against emerging threats. 

Harr believes that AI-aided BEC, malware, and phishing attacks may be best combated using AI-aided defence capabilities. He believes that organisations will eventually rely on AI to handle the discovery, detection, and remediation of these dangers since there is no other way for humans to stay ahead of the game. Despite its directive to block malicious requests, a Forcepoint researcher persuaded the AI tool to construct malware for locating and exfiltrating certain documents in April. 

Meanwhile, developers' enthusiasm for ChatGPT and other large language model (LLM) tools has left most organisations entirely unable to guard against the vulnerabilities introduced by the emerging technology.

Onapsis Report: Flaws to be Fixed Immediately

CISA urged government organizations to fix the seven vulnerabilities it had added to its inventory on Thursday by September 8. The 'Known Exploited Vulnerabilities Catalog' is a list of CISA vulnerabilities that should be patched because they are known to be actively exploited in cyberattacks. 
List of vulnerabilities actively used by hackers, including the most recent security bugs from Apple. Google, SAP, and Microsoft.

Vulnerabilities

Onapsis disclosed the major SAP CVE-2022-22536 vulnerability in February and gave it a 10/10 severity level. CISA promptly alerted administrators of the need to fix the flaw because failure to do so could result in data loss, risks of financial fraud, disruptions of crucial business processes, ransomware attacks, and the cessation of all operations

The vendor addressed the issue in February in Web Dispatcher, Content Server 7.53, NetWeaver Application Server ABAP, NetWeaver Application Server Java, and ABAP Platform.

According to Doyhenard's research study, "both CVE-2022-22536 and CVE-2022-22532 were remotely exploitable and could be utilized by unauthenticated attackers to entirely compromise any SAP installation on the planet."

On Wednesday, Apple announced security upgrades for the CVE-2022-32893 and CVE-2022-32894 flaws in macOS and iOS/iPadOS, stating that these vulnerabilities might be used to execute code on unsecured devices.

Apple did not explain how the vulnerabilities were being exploited, however, given that CVE-2022-32894 permits code to be run with kernel privileges, it would enable total device takeover.

Google Chrome 104.0.5112.101, which was released on Tuesday, has a remedy for the CVE-2022-2856 vulnerability. Vulnerability researcher Hossein Lotfi found more information about the problem, albeit it hasn't been disclosed how hackers have used it in attacks.

Microsoft resolved the CVE-2022-21971 remote code execution vulnerability in the February 2022 Patch Tuesday, but there is no data on how it is currently being used in the wild. However, CVE-2022-26923 affects Active Directory Domain Services and involves privilege escalation. Days after Microsoft issued a fix in May, PoC exploits started to surface.

Martin Doyhenard, an Onapsis researcher, will give a paper on exploiting inter-process communication in SAP's HTTP server on August 10 at the Black Hat conference and on August 13 at the Def Con conference. The 18-page document Onapsis published describing its findings is also available.

FCEB agencies are required to address the discovered vulnerabilities by the deadline to safeguard their networks from attacks that take advantage of the flaws in the catalog, as stated in Binding Operational Directive (BOD) 22-0: Reducing the Significant Risk of Known Exploited Vulnerabilities.

SideWinder Launched Nearly 1000 Assaults in Two Years

 

The South Asian APT organization SideWinder has been on a tear for the past two years gone, launching nearly 1,000 raids and deploying increasingly sophisticated assault techniques. 

Earlier this week, Noushin Shaba, a senior security researcher at Kaspersky shared her findings at the Black Hat Asia conference regarding SideWinders’ attacking methodologies. The APT group primarily targets military and law enforcement agencies in Pakistan, Bangladesh, and other South Asian countries.

SideWinder has been active since at least 2012 and primarily targets military and law enforcement agencies in Pakistan, Bangladesh, and other South Asian countries. In recent years, they have also targeted departments of Foreign Affairs, Scientific and Defence organizations, Aviation, IT industry, and Legal firms. Some of their newly registered domains and spear-phishing documents indicate this threat actor is expanding the geography of its targets to other countries and regions. 

SideWinder has become one of the planet's most prolific hacking groups by expanding the geography of its targets to other countries and regions. However, the reason behind its expansion remains unknown. 

Last year, the group deployed new obfuscation techniques for the JavaScript it drops into .RTF files, .LNK files, and Open Office documents. Kaspersky has observed unique encryption keys deployed across over 1,000 malware samples sourced from the group.

Threat actors even ran two versions of its obfuscation techniques over several months, and appear to have shifted from an older and less stealthy version to its current malware. SideWinder also exchanges domains regularly for its command-and-control servers as well as for its download servers. That's mostly to ensure that if a domain gets detected, it still has a way to get to its targets, Shabab explains. Spreading activity across different domains in the attacks is less likely to raise suspicion as well. 

In January 2020, Trend Micro researchers revealed that they had unearthed SideWinder exploiting a zero-day local privilege-escalation vulnerability (CVE-2019-2215) that affected hundreds of millions of Android users when it was first published. 

“I think what really makes them stand out among other APTs [advanced persistent threat] actors are the big toolkit they have with many different malware families, lots of new spear-phishing documents, and a very large infrastructure. I have not seen 1,000 attacks from a single APT from another group until further,” Shaba stated.

Researchers Reveal DBREACH as New Attack Against Databases

 

In reference to the past record, many organizations have observed that databases are critical applications for any organization, which give cybercriminals more chances to target them. 

Recently hackers review has reported news relating to the Black Hat US 2021 hybrid event in which hackers have been encouraged to collaborate with federal agencies against cybercriminals – in the same event a group of cyber intelligence expressed a new type of cyber attack against databases that could lead to information reveal and loss. The attack has been identified as DBREACH, which is an acronym for Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics. 

Mathew Hogan one of the cyber intelligence members said that in modern databases, compression is often paired with encryption in order to reduce storage costs. Although that can increase risks as it could lead to exploitation by a class of vulnerabilities known as side-channel attacks. 

“With DBREACH, an attacker is able to recover other users’ encrypted content by utilizing a compression side channel," Hogan said. "We believe this is the first compression side-channel attack on a real-world database system." 

Along with this, Hogan and his colleagues in a much explained 121-slide presentation have provided thorough detail on how a DBREACH attack could work. Reportedly, DBREACH goes with the same techniques as the CRIME (Compression Ratio Info-leak Made Easy) attack on Transport Layer Security (TLS) that was first reported in 2013. 

"We believe that this threat model is realistic and achievable," Hogan further told. "The update capability can be achieved through a front-end web interface that's backed up by a database table, which is something that's really common in a lot of databases." 

How can database users mitigate the risk of DBREACH 

There are many ways for database users to mitigate the risk for DBREACH. One of these ways, as per Hogan, includes not using column-level permissions. He also recommended organizations to monitor database usage patterns for unusual activity which then would be similar to Denial of Service (DoS) detection, looking for a single user that is performing an unusually high number of updates. 

"The only foolproof method for preventing this attack is to turn off compression…” “…We believe that this really drives home the point that compression and encryption should be combined very carefully, lest you or your system fall victim to compression side-channel attack," Hogan added.

Black Hat 2021: Zero-days, Ransoms and Supply Chains

 

During Black Hat 2021, Corellium COO Matt Tait warned that the amount of zero-days exploited in the open is "off the charts." 

The primary concerns Tait highlighted during his Wednesday keynote were a significant rise in the number of zero-days identified and exploited in the wild, stolen zero-days, and supply chain assaults. 

He claims that all three are to blame for several big breaches in the last two years, including the Colonial Pipeline, Kaseya, SolarWinds, and Microsoft Exchange hacks. As per his keynote, the number of zero-days discovered and exploited in the wild has reached heights in the previous years. 

"This is both in the government sector, doing espionage, and in the financially motivated crimeware industry, ransomware. It's getting to the point now where it's beginning to overwhelm our ability to respond in the defensive sector," Tait stated during the keynote. 

He added attackers would most likely need a chain of flaws to attack a system and obtain access. To accomplish so, they'll need to create a complete zero-day chain 

"And these things are very expensive thanks to platform security investments. Every time an attacker has a full chain and wants to use it, that's a risk. The possibility that the zero-day chain or some aspects of that intrusion gets detected can be a very expensive cost for the attacker." 

Similarities in high-profile attacks

He added that top attacks like the one on the Colonial Pipeline at first sight, which caused gas shortages in some places, and the more recent NSO Pegasus campaign, which targeted 50,000 targets across a variety of mobile devices. At first glance, they all appear to be quite different however, a deeper examination indicates certain similarities. 

According to Tait, the attacks that resulted in physical, real-world problems were massive ransomware-based attacks. Furthermore, they all appear to be driven by supply chain compromises linked with large volume and often indiscriminate targeting. The usage of stolen days is the third and most prominent. 

He explained, North Korea, for instance, targeted security researchers to obtain access to specific studies. That research was used to enable some of these major operations, including the Microsoft Exchange email server attack, in which Chinese-nation state hackers exploited several zero-day vulnerabilities. 

"In both the Kaseya hack and exchange hacks, there's credible evidence that security researchers found these vulnerabilities, these exact vulnerabilities and written exploits for them and at some point between that and the patch being released, or shortly after, somehow these proof of concepts, these working exploits managed to get into the hands of these offensive actors who used them," Tait stated. 

"Governments are interested in taking your zero-days and your need to secure your systems and your vendor communications properly. In the event that you have these, do be careful what you publish. Of course, it's your exploits, do what you want with it -- but be aware that there are trade-offs associated with this." 

The reason is related to the lowest possible price. If a government can obtain a free zero-day, it affects the economics of utilizing it, according to Tait, because losing it costs nothing. Stolen zero-day does modify the economics of zero-day exploitation. 

The rising danger of supply chain attacks

Tait described supply chain assaults as a whole different type of cybercrime danger. The entire economics of mass exploitation, he explains, is turned upside down because of supply chain attacks. 

According to the security expert, bug bounty programs should be re-evaluated and ensure that vulnerabilities are revealed and patched as soon as possible to aid safeguard the software supply chain. 

According to Tait, researchers are now motivated to "sit on" high-impact vulnerabilities in the hopes of developing them into "full chain" attacks. While these chains provide the highest reward payouts, each day a zero-day stays unpatched is a possibility for another, possibly malicious third party to discover it. They utterly reshape the entire economics of mass exploitation, according to him. 

The time it takes for a supply chain assault to be discovered, according to Ryan Olson, vice president of threat intelligence at Palo Alto Networks' Unit 42 division, is the major issue. Companies might be hacked for months before they realize they've been hacked. It's especially terrible for smaller software companies without an IT department or a security operations center. 

Supply chain assaults, according to Tait, may be used for cyber espionage, such as in the instance of SolarWinds, when high-profile clients were harmed, as well as physical harm, such as ransomware. Tait concluded supply chain infections can only be fixed by platform vendors arguing that government intervention or regulation will do little to address the problem.

New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference


The developers call it "Spectra." This assault neutralizes "combo chips," specific chips that handle various kinds of radio wave-based remote correspondences, for example, Wi-Fi, Bluetooth, LTE, and others. The attack system is set to release in August at the Black Hat Security Conference in a virtual session. The full academic paper with all details will also be published in August. The researchers teased a few details about the attack in an upcoming Black Hat talk, "Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access."


The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace. Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-channel assaults. Jiska Classen from Darmstadt Technical University and Francesco Gringoli researcher from the University of Brescia state that they are the first to explore such possibility of using the coexistence mechanism of Combo chips to break the barrier between Wireless.

"We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series," the two academics say. "We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores." Results change. However, the research group says that specific situations are possible after a Spectra assault. "In general, denial-of-service on spectrum access is possible.

The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core," Gringoli and Classen said. "Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. It makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface." Though the research used Broadcom and Cypress chips for Spectra attacks, the researchers Gringoli and Classen are sure that this attack will work on other chips.