[Some Interesting] Cloud ‘n Sec news: 11th Mar 22

What’s worth your reading time

Cloud

Azure

Microsoft Fixes vulnerability found in Azure called Autowarp

A benefit of working with the community, Microsoft quickly patched a vulnerability found in Azure by a researcher from Orca.

Disclosed now, the vulnerability was reported in december and fixed a couple days later. There is no evidence of it being exploited.

The vulnerability is explained in details by the company, Orca and its researcher. A summary is highlighted by venturebeat.com, which I quote:

If it had not been caught and fixed, the critical vulnerability could have allowed someone to cross from one tenant within Azure to another tenant — potentially allowing them to access data and resources from numerous other customers, according to Orca Security.

It’s always worth remembering that every software benefits from bug bounty activities — it’s a very lucrative field for researchers too.

Security

Industry

Google acquiring TI Giant, I meant Mandiant

Everyone saw it coming, I meant the Pun, not the purchase. Either way, Mandiant joins Google security platform in the company’s second largest acquisition ever, after Motorola for 12 billion dollars back in 2012.

Mandiant is being acquired for about 5.4B dollars. Not bad for a company of about half a billion revenue yearly, source here.

Services Mandiant provide, according to Venture beat, and I quote:

Mandiant’s platform spans threat intelligence, security validation, automated defense, attack surface management and managed defense.

And in terms of services, in addition to IR, Mandiant provides strategic readiness, technical assurance and “cyber defense transformation” — i.e., helping customers to develop and mature their security posture.

Threats

Conti Leaks’ analysis

Risky business’ podcast had a great conversation around Conti Leaks and what it means for the industry and the groups’ future operations. Essentially, experts are divided between those who think they’ll shutdown operations and others who believe they’ll just flush and resurge under a new name/operation.

Attacks

Samsung files stolen in hack

South Korean giant, Samsung was hit by the same hacking group that hit Nvidia a couple weeks back, that is Lapsus$.

Here’s a snapshot of the news, according to CNBC.com and I quote:

Samsung said on Monday hackers breached its internal company data, gaining access to some source codes of Galaxy-branded devices like smartphones.

Hacking group Lapsus$ claimed over the weekend via its Telegram channel that it has stolen 190 gigabytes of confidential Samsung source code.

Samsung did not name any specific hackers in its statement but said it does not anticipate any impact to its business or customers.

Malicious files with NVIDIA signed certificates found in the wild

Researchers identified exposed NVIDIA leaked certificates to some malicious files. TechRadar reported, and I quote:

As reported on the VirusTotal malware scanning service, the certificates were used to sign Cobalt Strike beacons, Mimikatz, as well as various backdoors, remote access trojans, and other malware.

According to security researchers Kevin Beaumont and Will Dormann, the stolen certificates can be found under these serial numbers:

43BB437D609866286DD839E1D00309F5

14781bc862e8dc503a559346f5dcc518

Both certificates have reportedly already expired, but that won’t stop Windows allowing a driver signed with these, to be loaded in the OS.

52 US critical Infrastructure Orgs breached according to FBI

The US Federal Bureau of Investigation, FBI, and CISA published an alert that 52 organizations from critical Infrastructure sectors were breached by the Ragnar Locker ransomware gang. A Worrying notice for defenders, organizations and citizens.

Bleeping Computer reported, and I quote:

The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.

This was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency.

Follow me on twitter: Camillo (@iamcamillo) / Twitter

Learn more about my Cloud and Security Projects:

Web: www.cloudnsec.com

Listen: bit.ly/cloudnsecspotify
Watch: bit.ly/cloudnsecyoutube

Thank you for reading and leave your thoughts/comments!