Category Archives: News

Crypto Scammers exploit talk on Cryptocurrency

Read Time:3 Minute, 1 Second

By Oliver Devane 

McAfee has identified several Youtube channels which were live-streaming a modified version of a live stream called ‘The B Word’ where Elon Musk, Cathie Wood, and Jack Dorsey discuss various aspects of cryptocurrency.  

The modified live streams make the original video smaller and put a frame around it advertising malicious sites that it claims will double the amount of cryptocurrency you send them. As the topic of the video is on cryptocurrency it adds some legitimacy to the websites being advertised.  

The original video is shown below on the left and a modified one which includes a reference to a scam site is shown on the right.  

 

 

We identified several different streams occurring at a similar same time. The images of some are shown below: 

 

The YouTube streams advertised several sites which shared a similar theme. They claim to send cryptocurrency worth double the value which they’ve received. For example, if you send 1BTC you will receive 2BTC in return. One of the sites frequently asked questions (FAQ) is shown below: 

Here are some more examples of the scam sites we discovered: 

The sites attempt to trick the visitors into thinking that others are sending cryptocurrency to it by showing a table with recent transactions. This is fake and is generated by JavaScript which creates random crypto wallets and amounts and then adds these to the table. 

The wallets associated with the malicious sites have received a large number of transactions with a combined value of $280,000 as of 5 PM UTC on the 5th of May 2022 

Scam Site 
Crypto Type 
Wallet 
Value as on 5PM UTC 5th May 2022 

22ark-invest[.]org 
ETH 
0x820a78D8e0518fcE090A9D16297924dB7941FD4f 
$25,726.46 

22ark-invest[.]org 
BTC 
1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE 
$29,863.78 

2xEther[.]com 
ETH 
0x5081d1eC9a1624711061C75dB9438f207823E694 
$2,748.50 

2x-musk[.]net 
ETH 
0x18E860308309f2Ab23b5ab861087cBd0b65d250A 
$10,409.13 

2x-musk[.]net 
BTC 
17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9 
$4,779.47 

arkinvest22[.]net 
ETH 
0x2605dF183743587594A3DBC5D99F12BB4F19ac74 
$11,810.57 

arkinvest22[.]net 
BTC 
1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha 
$5,976.80 

doublecrypto22[.]com 
ETH 
0x12357A8e2e6B36dd6D98A2aed874D39c960eC174 
$0.00 

doublecrypto22[.]com 
BTC 
1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY 
$0.00 

elonnew[.]com 
ETH 
0xAC9275b867DAb0650432429c73509A9d156922Dd 
$0.00 

elonnew[.]com 
BTC 
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu 
$0.00 

elontoday[.]org 
ETH 
0xBD73d147970BcbccdDe3Dd9340827b679e70d9d4 
$18,442.96 

elontoday[.]org 
BTC 
bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5 
$0.00 

Teslabtc22[.]com 
ETH 
0x9B857C44C500eAf7fAfE9ed1af31523d84CB5bB0 
$27,386.69 

Teslabtc22[.]com 
BTC 
18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK 
$17,609.62 

tesla-eth[.]org 
ETH 
0x436F1f89c00f546bFEf42F8C8d964f1206140c64 
$5,841.84 

tesla-eth[.]org 
BTC 
1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW 
$132.22 

teslaswell[.]com 
ETH 
0x7007Fa3e7dB99686D337C87982a07Baf165a3C1D 
$9.43 

teslaswell[.]com 
BTC 
bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v 
$0.00 

twittergive[.]net 
ETH 
0xB8e257C18BbEC93A596438171e7E1E77d18671E5 
$25,918.90 

twittergive[.]net 
BTC 
1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T 
$99,123.42 

Scammers have been using social media sites such as Twitter and Youtube to attempt to trick users into parting ways with their cryptocurrency for the past few years. McAfee urges its customers to be vigilant and if something sounds too good to be true then it is most likely not legitimate.  

Our customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee Web Advisor  

Type 
Value 
Product 
Blocked 

URL – Crypto Scam 
twittergive[.]net 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
tesla-eth[.]org 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
22ark-invest[.]org 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
2xEther[.]com 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
Teslabtc22[.]com 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
elontoday[.]org 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
elonnew[.]com 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
teslaswell[.]com 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
2x-musk[.]net 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
doublecrypto22[.]com 
McAfee WebAdvisor 
YES 

URL – Crypto Scam 
arkinvest22[.]net 
McAfee WebAdvisor 
YES 

 

The post Crypto Scammers exploit talk on Cryptocurrency appeared first on McAfee Blog.

Read More

Wrongly configured Google Cloud API potentially creates dangerous functionality

Read Time:47 Second

Some odd and potentially dangerous behavior within the Google Cloud Platform (GCP) was revealed by cloud security company Mitiga Thursday. If GCP is not configured correctly, it could be exploited by attackers to engage in malicious activity inside a user’s cloud environment, according to a blog posted on the Israeli company’s website.

The behavior is linked to one of the APIs used by Google Cloud. The API allows users to retrieve data from serial ports, but by creating a virtual machine in the cloud, data could also be continuously written to the ports. Moreover, because of the way Google Cloud classifies such traffic, administrators aren’t given much visibility into it. If an attacker were exploiting the behavior, their constant calls to the ports might tip their hand, Mitiga explained, but the malicious activity is likely to be missed by developers unfamiliar with the specifics of the API.

To read this article in full, please click here

Read More

CVE-2022-1388: Authentication Bypass in F5 BIG-IP

Read Time:2 Minute, 24 Second

CVE-2022-1388: Authentication Bypass in F5 BIG-IP

F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution.

Background

As part of its Quarterly Security Notification for May 2022, F5 patched CVE-2022-1388, a critical authentication bypass vulnerability in BIG-IP, a family of hardware and software solutions used for application delivery and centralized device management.

Attackers have capitalized on previously disclosed flaws in BIG-IP: CVE-2021-22986, a flaw in the iControl REST component of BIG-IP and CVE-2020-5902, a flaw in the BIG-IP traffic management user interface, have both been exploited in the wild. The Security Response Team included CVE-2020-5902 among its top 5 vulnerabilities in the 2020 Threat Landscape Retrospective due to the scope of exploitation.

Analysis

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.

Proof of concept

At the time of publication, there were no public exploits for CVE-2022-1388. However, it’s likely only a matter of time before researchers and threat actors develop proof-of-concept exploit code for this vulnerability.

Solution

While patching is the recommended course of action, F5 has provided some mitigation guidance if it is not immediately possible. To reduce the attack service, organizations can restrict access to the vulnerable iControl REST API to trusted networks and devices. It is advisable to disallow access to device management interfaces from untrusted networks.

The following table lists the branches of BIG-IP, affected versions and fixed versions:

Branch
Affected Versions
Fixed Version

17.x
None
17.0.0

16.x
16.1.0 – 16.1.2
16.1.2.2

15.x
15.1.0 – 15.1.5
15.1.5.1

14.x
14.1.0 – 14.1.4
14.1.4.6

13.x
13.1.0 – 13.1.4
13.1.5

12.x
12.1.0 – 12.1.6
Will not fix

11.x
11.6.1 – 11.6.5
Will not fix

Identifying affected systems

A list of Tenable plugins to identify this vulnerability can be found here.

Get more information

F5 Advisory for CVE-2022-5902
K55879220: Overview of F5 vulnerabilities (May 2022)

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

Cybersecurity and resilience: board-level issues

Read Time:3 Minute, 17 Second

Resilience means more than bouncing back from a fall at a moment of significantly increased threats. When addressing resilience, it’s vital to focus on long-term goals instead of short-term benefits. Resilience in the cybersecurity context should resist, absorb, recover, and adapt to business disruptions.

Cyber resiliency can’t be accomplished overnight. For the longest time, the conversation around getting the cybersecurity message across at the board level has revolved around the business language. Businesses cannot afford to treat cybersecurity as anything but a systemic issue. While the board tends to strategize about managing business risks, cybersecurity professionals tend to concentrate their efforts at the technical, organizational, and operational levels. The languages used to manage the business and manage cybersecurity are different. This might obscure both the understanding of the real risk and the best approach to address the risk. Early on in my career, I was told to think of how to transform geek to CEO speak. That piece of advice still holds true.

Why? The argument for board-level cybersecurity understanding

The reality today is that cybersecurity is a critical business issue that must be a priority for every organization. As business operations become increasingly digitized, data has become one of the most valuable assets of any organization. This has resulted in increased expectations from customers, employees, regulators, and other stakeholders that an organization has developed appropriate resilience measures to protect against the evolving cyber threat landscape. The failure to do so presents substantial risks, including loss of consumer confidence, reputational damage, litigation, and regulatory consequences.

How? Changing the narrative away from the ‘team of no.’

The ‘how’ equation comes in two distinct yet equally important parts. One is levelling-up of the board’s cybersecurity knowledge. The other ensures that security teams get board-level support. The second of these requires those teams to help change the narrative: instead of being the ‘team of no,’ security teams need to be seen as influencers. Enablers and not enforcers, in other words.

It’s time to stop repeating how things can’t be done (on security grounds). Rather, we need to preach from the business transformation book and explain how they can be. We must stop operating out of silos and build out relationships with all business players, embedding ‘scenario thinking’ and responsiveness into organizational cyber functioning. But just as importantly, to address the first part, the board needs to proactively plan and prepare for a cyber-crisis; only by understanding the risks can the business be in the right strategic place to combat them successfully.

Cybersecurity teams should equip the board with the following as a starting point. 

A clear articulation of the current cyber risks facing all aspects of the business (not just IT); and
A summary of recent cyber incidents, how they were handled, and lessons learned.
Short- and long-term road maps outlining how the company will continue to evolve its cyber capabilities to address new and expanded threats, including the related accountabilities in place to ensure progress; and
Meaningful metrics that provide supporting essential performance and risk indicators of successful management of top-priority cyber risks that are being managed today

Business and cybersecurity success go hand in hand

As the board’s role in cyber-risk oversight evolves, the importance of having a robust dialogue with the cyber influencers within an organization cannot be overestimated. Without close communication between boards and the cyber/risk team, the organization could be at even greater risk.

If this sounds like a cybersecurity grooming exercise, that’s because it is. Preparing cybersecurity practitioners with business acumen for the board to act as the voice of educated reason isn’t such a bad idea, is it? The best businesses thrive because they have people at the very top who can exert control based on informed decision-making when a crisis looms. Leaving cybersecurity out of this success equation in 2022 is a very risky game.

Read More