Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024.
Selected Reading
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (WIRED)
Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities (SecurityWeek)
Series Of Solar Power System Vulnerabilities Impacts Millions Of Installations (Cyber Security News)
Microsoft: Iran makes late play to meddle in U.S. elections (CyberScoop)
UN cybercrime treaty passes in unanimous vote (The Record)
ADT confirms data breach after customer info leaked on hacking forum (Bleeping Computer)
It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 (The Register)
Computer Crash Reports Are an Untapped Hacker Gold Mine (WIRED)
USPS Text Scammers Duped His Wife, So He Hacked Their Operation (WIRED)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
[Music] You're listening to the Cyberwire Network, powered by N2K. [Sound of seagulls] This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify. The global commerce platform that supercharges you're selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify.com/tech, all lowercase, that's Shopify.com/tech. [Music] Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA, and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge, and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire, and our thanks to Strata for being a longtime friend and supporter of this podcast. [Music] [Music] Deep firmware vulnerabilities affect chips from AMD. SISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty, ADT confirms a data breach. A long-standing browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Extenture shares his thoughts live from Las Vegas at the Black Hat Conference, and these scammers messed with a wrong guy. [Music] It's Friday, August 9th, 2024. I'm Dave Bitner and this is your Cyberwire Intel Briefing. [Music] Happy Friday, everyone, and thank you for joining us here today. In a story for Wired, Andy Greenberg writes that security researchers from I/O Active have discovered a critical vulnerability in AMD processors called "Sync Clothes" that has existed in AMD chips since 2006. This flaw allows malware to deeply embed itself into a computer's memory, potentially making it nearly impossible to remove without specialized hardware tools. "Sync Clothes" affects a highly privileged mode of AMD processors known as system management mode, which is usually reserved for secure firmware operations. Exploiting this flaw could allow hackers to install undetectable malware, surviving even after reinstalling the operating system. Although exploiting "Sync Clothes" requires prior deep access to a machine, the vulnerability could be particularly dangerous if used by sophisticated attackers. AMD has acknowledged the issue and released some mitigations, but complete fixes are still forthcoming. The researchers emphasized the importance of patching affected systems quickly as the flaw could significantly compromise the security of millions of devices worldwide. "CISA" has warned organizations about threat actors exploiting improperly configured Cisco devices, specifically targeting the "Legacy Cisco Smart Install" feature. "Malicious hackers are acquiring system configuration files, which can lead to network compromises." "CISA" noted the continued use of weak password types on Cisco devices, making them vulnerable to password cracking attacks. Additionally, Cisco disclosed critical vulnerabilities in their end-of-life small business SPA IP phones, which can be remotely exploited, but will not receive patches. The global electricity network's integration with rapidly expanding solar power infrastructure and Internet of Things creates a complex and potentially vulnerable system. Key components, like inverters and controllers, are essential for converting solar-generated power and maintaining grid stability. However, recent research by Bitdefender has uncovered serious vulnerabilities in the SolarMan and D solar inverter platforms, affecting millions of installations and exposing 195 gigawatts of global solar capacity to cyber threats. These vulnerabilities could allow attackers to hijack solar systems, disrupt electricity generation, and even destabilize entire power grids. Given the critical role of these devices in balancing supply and demand and the increasing reliance on solar energy, robust cybersecurity measures are essential to safeguard grid stability and national security. Iran is intensifying efforts to interfere in the 2024 U.S. elections, according to a recent report from Microsoft. Iranian hackers are conducting spearfishing campaigns, targeting high-ranking political figures, and laying the groundwork for fake news campaigns. Microsoft identified four different hacking groups involved, with one group attempting to breach the accounts of a former presidential candidate and a current campaign official. The influence operations are focused on stirring up controversy, especially in swing states, and have included creating fake news sites targeting both liberal and conservative audiences. These operations appear to follow a pattern of Iran's later-stage election interference compared to other countries like Russia. Microsoft warns that some groups may escalate to more extreme actions, such as inciting violence, with the goal of undermining election integrity and creating chaos. The United Nations has passed its first global cybercrime treaty, initially proposed by Russia, establishing a legal framework for cybercrime and data access. The treaty, adopted unanimously by the UN's ad hoc committee on cybercrime, will go to the General Assembly for a vote in the fall where it is expected to pass. Despite the treaty's significance, it has faced opposition from human rights organizations and big tech companies due to concerns over provisions allowing cross-border access to electronic evidence and potential misuse of surveillance powers. Critics argue that the treaty lacks strong human rights safeguards potentially enabling increased surveillance and undermining digital trust. The treaty marks a milestone in global efforts to address cybercrime. American Building Security Company ADT confirmed a data breach after threat actors leaked customer data on a hacking forum. The breach involved unauthorized access to ADT databases, exposing limited customer information, including email addresses, phone numbers, and postal addresses. ADT quickly responded by shutting down the access and launching an investigation with cybersecurity experts. The breach affected a small percentage of ADT's 6 million customers, but there's no evidence that home security systems, credit card, or banking information were compromised. A long-standing security issue affecting major web browsers, chromium-based browsers like Chrome and Edge, WebKit browsers like Safari and Mozilla Firefox, has finally been addressed. The vulnerability related to the 0, 0, 0, 0, 0 IP4 address allows malicious websites to access local services on macOS and Linux systems. Identified by Olego Security as the 0, 0, 0 day flaw, it's been exploited since the late 2000s. While Chrome and Safari have implemented fixes, Mozilla is still working on a solution. The issue highlights the need for better security mechanisms like private network access to prevent external sites from reaching local host services, a change that browsers are now gradually adopting to close this loophole and enhance cybersecurity. When a bad software update from CrowdStrike caused global chaos, Windows computers started showing the infamous blue screen of death. As confusion spread with rumors and misinformation running wild, Mac's security researcher Patrick Wardle knew exactly where to find the truth. Crash reports from the affected systems. Wardle, despite not being a Windows expert, was intrigued by the situation and turned to crash reports to uncover the real cause. While some others speculated about Microsoft being at fault, Wardle's deep dive into these reports revealed the true culprit long before CrowdStrike made an official announcement. At the Black Hat Security Conference, Wardle shared his findings, arguing that crash reports are an underutilized goldmine for uncovering software vulnerabilities. He presented multiple examples, including bugs in Apple's Mac OS and the Analysis Tool Yara, all discovered by simply examining crash reports. These reports, available on most operating systems, can provide developers and security professionals with invaluable insights. Wardle emphasized that sophisticated hackers and state-backed actors are likely already mining these reports to exploit potential weaknesses. Even intelligence agencies like the NSA reportedly use crash logs to gather information. Wardle's message was clear, crash reports hold the truth, and ignoring them is a missed opportunity to strengthen software security. [Music] Coming up after the break, my conversation with Rob Boyce from Accenture, with his thoughts live from Las Vegas at the Black Hat Conference. Stay with us. [Music] [Music] Enterprises today are using hundreds of SaaS apps. Are you reaping their productivity and innovation benefits, or are you lost in the sprawl? Enter Savvy Security. They help you surface every SaaS app, identity, and risk, so you can shine a light on shadow IT and risky identities. Savvy monitors your entire SaaS attack surface to help you efficiently eliminate toxic risk combinations and prevent attacks. So go on. Get Savvy about SaaS and harness the productivity benefits, fuel innovation while closing security gaps. Visit Savvy.Security to learn more. [Music] My dad works in B2B marketing. He came by my school for career day and said he was a big row as man. Then he told everyone how much he loved calculating his return on ad spend. My friends still laughing me to this day. Not everyone gets B2B. But with LinkedIn, you'll be able to reach people who do. Get $100 credit on your next ad campaign. Go to linkedin.com/results to claim your credit. That's linkedin.com/results. Terms and conditions apply. Linkedin, the place to be. To be. [Music] And it is always great for me to welcome back to the show. Robert Boyce, he is the global lead for cyber resilience and senior managing director at Accenture Security. Rob, welcome back. Thanks, Dave. It's always fun being here. So you are on the ground at Black Hat this year, and I understand it is quite the event. It really, really is. I have to say, I thought last year was busy. This year is putting last year to shame. I mean, there's so many people here, so there's a lot of enthusiasm around security. I'm seeing more activity on the showroom floor than we've seen in years past, and so I'm not sure if this is again. I'm finally getting out of that COVID years past, but I don't know. I just think it's a phenomenal event. It's super well attended this year. When you look at your calendar and the events that you choose to spend your time at, we have events like Black Hat. We have events like RSA. How does this fit into your thoughts, so looking at the year as a whole? Yeah, this is honestly for me, and just in my space with my team, one of the most exciting events we get to participate in. Because as you can imagine, this is where we get to really dive in and get a little bit more, go back to our technical roots in some ways. And so we get to hear a lot more of the deep technical discussions, which is a little different than some of the other conferences that we attend. And just the extreme focus on security is fantastic. So this is one of the top of our lists each year to be able to attend and really be inspired by some of the innovations that we're seeing come out of the security space, as well as just some of the super smart people doing these really interesting talks. Are there any particular topics that you have had your eye on exploring while you're there? Yeah, there's been a few things that have really stood out to me. I think, you know, we had the privilege this year of having Jenny Sterely from Sissa is doing one of the keynotes. And, you know, one of the things that I'm not sure if it's just me, or this just went unnoticed by me or not. But the tagline that they're using, Sissa really caught my eye when I was on the floor this year, which is, you know, America's Cyber Defense Agency. And I had just not noticed that tagline before. So again, I'm not sure if I just missed it, but I love it. I think this is, it really caught my attention. And I was, I was even sure it was that Sissa's booth. I'm not even sure I was really, it was really fascinating. So I thought that was really cool. And again, just to have them show up in such force, again, for another year, another year in a row is just fantastic. Her discussion on election tampering and election fraud was really, really great. And I think especially now, which is, of course, is we're moving into an election. I think it's a super important topic. And I think she did a great job of really being able to separate, separate some of the noise, signal from the noise. You know, she talked a little bit about, you know, how the election managers managing the elections are really focused and just their job and their life of being crisis managers. And, and so, you know, they're prepared for these types of activities, the potential crises that may happen. And I thought that was fascinating. And also really educating people on, you know, the rumors versus reality. She was actually telling people, hey, if you're curious about this, we've set up a website, rumor versus reality. And they're looking at how to separate, again, those, those different potential deep fakes and misinformation from what's really happening in the election space. So I know that was really fascinating for her, Cheryl, that with everybody. Any other talks that caught your eye? Yeah, yeah. There's two other areas that I felt were fascinating where I'm seeing big trends where we haven't seen this much. I would say much exposure from in the past. One of those is around supply chains. So, you know, everyone's talking about third party risk or supply chain risk. But for years now, but this year, I've really seen a lot of vendors folks on that space. We've seen a lot of organizations, a lot of vendors talk about it. And what I think is really super interesting here is they're also extending it, not just to, you know, a rating system or a scaling system to rate people, but they're really talking now about digging down to the open source aspect of this. And so how do we secure the open source aspect? It's really, as we all know, making up such a prominent part of software that's being developed nowadays. And how do we make sure that we're securing that entire life cycle, that entire supply chain? I should think it was really fascinating and then great to finally start seeing subtraction in that area. And then the third area that I thought was really interesting is, you know, and you and I have talked about this, whether it's RSA or it's Black Hat, you know, the concept of AI everywhere, every company is an AI company, and which is still the case here. We're still talking about a lot of AI. But what I'm starting to see now is almost a shift to how do we secure AI? So all of these innovations that we've created around chatbots and other things like that, there is now a lot of focus on, well, how do we make sure we're securing those innovations, securing those chatbots and securing the AI that we've been creating over time? So I think that was also been really interesting. And it shows that AI is becoming more prominent for us in the field that we're now talking about securing that aspect as well. As you get ready to pack up and head home from this trip, how do you feel? Is this something that energizes you? I think so. You know, honestly, these spending more than three days in Vegas is always difficult a lot of times for many reasons. And this is an exhausting event. That's primarily because you are energized, you are enthusiastic, and you want to be able to take in as much as you can, and there's just so much to do. So for me, personally, I am energized going home. I think, again, seeing these new innovations, a new focus, and a couple of really prominent areas, I think it was great. So yeah, for me, I think this was a great show, a great opportunity to connect with your like-minded individuals and be able to share ideas in cyberspace. It was a really great show. Robert Boyce is global lead for cyber resilience and senior managing director at Accenture Security. Rob, thanks so much for joining us. Quick question, do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? One password has an answer to this question, extended access management. One password, extended access management, helps you secure every sign-in for every app on every device. Because it solves the problem traditional IAM and MDM can't touch. Check it out at 1password.com/xam. That's 1password.com/xam. [Music] Whoa, landing an account this big will totally change my landscaping business. It's going to mean hiring more guys and more equipment and new trucks for the new guys to drive the new equipment in. I don't know if I'm ready. You can do this, and Ford Profense Simple can help. Our experts are ready to make growing pains less painful for your business, with flexible financing solutions that meet the needs of your business today when you need them. Get started at FordPro.com/financeing. [Music] And finally, it all started with a simple, seemingly harmless text. Your USPS package needs more details. Click here and enter your credit card info. But when this scam text landed on the phone of Grant Smith's wife, the scammers unknowingly poked the wrong bear. A seasoned security researcher with a bit of free time after the holidays, Smith wasn't about to let this slide. When his wife inadvertently entered her details, Smith decided to take matters into his own hands. What followed was a high-tech game of cat and mouse. Smith dove into the depths of the internet, tracking down the culprits, a Chinese-speaking gang known as the Smishing Triad. These bad actors were running a massive scam operation, duping people into handing over their credit card information. But Smith wasn't just any victim. With the skillset of a cybersecurity pro, he hacked into the scammer's systems, uncovering their secrets like a detective flipping through a villain's diary. He found their weak spots, sloppy security, default passwords, and vulnerabilities galore, and exploited them to gather crucial evidence. With over 438,000 stolen credit cards and 50,000 email addresses in the scammer's database, Smith had his work cut out for him, but he wasn't about to let the Smishing Triad get away. He handed everything over to USPS investigators and a major U.S. bank, helping to protect countless victims from fraud. In the end, the scammers learned a hard lesson. Messing with Grant Smith's family was the biggest mistake they could make. And that's The Cyberwire. For links to all of today's stories, check out our daily briefing at TheCyberwire.com. Be sure to check out this weekend's Research Saturday. And my conversation with Shakar Manashe, senior director of security research at JFrog. We're talking about their research when prompts go rogue, analyzing a prompt injection code execution in VANA.ai. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback helps us ensure we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilby is our publisher, and I'm Dave Bitner. Thanks for listening. We'll see you back here next week. [MUSIC PLAYING] [MUSIC PLAYING] [MUSIC PLAYING] [MUSIC PLAYING] [MUSIC PLAYING]
