Pete Recommends – Weekly highlights on cyber security issues, June 27, 2021

Subject: South Korea’s Nuclear Research agency breached using VPN flaw
Source: Bleeping Computer

South Korea’s ‘Korea Atomic Energy Research Institute’ disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.

The breach was first reported earlier this month when South Korean media Sisa Journal began covering the attack. At the time, KAERI initially confirmed and then denied that the attack occurred. In a statement and press conference held yesterday by KAERI, the institute has officially confirmed the attack and apologized for attempting to cover up the incident.

Attributed to North Korean threat actors – KAERI states the attack took place on June 14th after North Korean threat actors breached their internal network using a VPN vulnerability.


Related Articles:

Subject: Your iPhone’s WiFi will break after you join this hotspot
Source: Bleeping Computer

A new iPhone bug has come to light that breaks your iPhone’s wireless functionality by merely connecting to a specific WiFi hotspot. Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed. A bug like this could be exploited by malicious actors planting rogue “free WiFi” hotspots in popular areas to bork iPhone devices connecting to them.This WiFi hotspot will bork your iPhoneThis week, reverse engineer Carl Schou ran into an issue when connecting to his personal WiFi hotspot named: %p%s%s%s%s%nOn connecting to the hotspot, his iPhone’s WiFi would be disabled, and every time he tried to enable it again, it would quickly turn off, even if he restarted the device or the hotspot name was changed:”After joining my personal WiFi with the SSID ‘%p%s%s%s%s%n’, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~),” tweeted Schou.

Schou told BleepingComputer that his experiment worked successfully on an iPhone XS, running iOS version 14.4.2.

Tests conducted by BleepingComputer on an iPhone running iOS 14.6 confirm an iPhone’s wireless functionality would break after connecting to the strangely named wireless network.

Subject: Entrust partners with Yubico to issue PIV credentials on YubiKeys for U.S. government employees
Source: Help Net Security

Entrust announced a partnership with Yubico allowing U.S. federal agencies to issue YubiKey 5 Series and YubiKey 5 FIPS Series with Entrust derived PIV (Personal Identity Verification) credentials to employees instantly, remotely and at scale. “The recent U.S. Executive Order on improving the Nation’s Cybersecurity mandated that within 180 days, federal government agencies adopt multifactor authentication and encryption for data at rest and in transit,” stated James LaPalme, VP and GM of the Entrust Identity segment. “Leveraging our PKI technology to add PIV-D credentials to Yubico’s industry leading YubiKey solution will help make it easy for these departments to comply.”

Established on FIPs 201-2, the U.S. federal government’s PIV program requires smart card-based authentication for employees to be able to access government computers and networks. However, PIV cards on their own present many operational inefficiencies, including requiring a specific card reader for mobile devices and many desktops and laptops. Additionally, PIV cards are difficult to issue and manage with today’s distributed workforce.

More about

Subject: Cybercrooks Are Mailing Users Fake Ledger Devices To Steal Their Cryptocurrency
Source: Forbes

Ledger’s hardware wallets are a very popular way to securely store cryptocurrency. So popular, in fact, that cybercriminals have cooked up an elaborate scam that targets Ledger users by mailing them bogus replacement wallets.Reports have started flowing in on a subreddit dedicated to the Ledger wallet. Yesterday, Bleeping Computer reported on a post that had been submitted by a user who only signed up to Reddit to find out whether a device he received in the mail was a scam.The answer turned out to be an unequivocal “yes.”

A cybersecurity expert who spoke with Bleeping Computer that the device actually disguised a USB memory stick. It was almost certainly malicious and packing malware that was purpose-built for cryptocurrency theft.

This may be a new approach to targeting victims who were exposed in the Ledger incident. Other physical attacks have involved shady sellers pre-initializing Ledger wallets and then passing them on to unwitting buyers as brand new — leaving them in control of any cryptocurrency that gets stored on them.


Subject: States rely on National Guard cyber units
Source: GCN

Governors in 27 have states called on the National Guard to help state and local agencies with cyber incident response and remediation, cyber defense analysis, election security planning, threat assessment and interagency planning, according to a blog by think tank ThirdWay.  Since 2018, guard members have assisted with response to ransomware attacks on cities and school districts in 13 states and supported election security in 16. Just over half the 41 cases were in response to ransomware attacks, ThirdWay said, and eight of the ransomware attacks targeted local government entities — making local government the most targeted category of this study. More than 3,900 soldiers and airmen make up the guard’s cyber force, serving in 59 Defense Department cyber units across 40 states. Although every state has its own National Guard, some state cyber response units cover multiple states.

Subject: Microsoft: Hackers Use Call Center to Trick Users Into Downloading Ransomware
Source: Gizmodo

The BazarCall group is trying to fool users into thinking they will be billed for a subscription unless they download an infected file.Microsoft is warning that a cybercrime group named BazarCall is using call centers to trick users into installing powerful malware, ZDNet reported on Wednesday.

The malware in question, known as BazarLoader, has been used to distribute ransomware, which encrypts a targeted computer or network’s file system and typically delivers a ransom demand to be paid in cryptocurrency to salvage it. According to Palo Alto Networks threat intelligence analyst Brad Duncan, BazarLoader “provides backdoor access to an infected Windows host” and infections usually “follow a distinct pattern of activity.” Since February 2021, Duncan wrote, security researchers have noticed an unusual pattern of call center activity in BazarLoader infections.


Subject: The Young Fall for Scams More Than Seniors Do. Time for a Warning
Source: The New York Times

If you’re a digital native and consider yourself immune to all scams, the thieves have you right where they want you.For years now, the Better Business Bureau’s survey research has shown that younger adults lose money to swindlers much more often than the older people you may think of as the stereotypical victims. The Federal Trade Commission reports similar figures, with 44 percent of people ages 20 to 29 losing money to fraud, more than double the 20 percent of people ages 70 to 79.

The Better Business Bureau’s latest report revealed a new twist: When criminals redoubled their efforts as homebound people spent more time online last year, they succeeded in bringing the median loss per scam for adults ages 18 to 24 to the same level — $150 — it was for the much more flush 65-plus crowd.

When we look at the kinds of scams that work on young people, there’s nary a Nigerian prince in sight. The targeted activities vary widely, from the online shopping that these victims may do nearly every day to their once-in-a-blue-moon handling of paper checks. Illegal schemes also target the student debt payments they must make and the jobs they seek to afford them.

So let’s lay out what these scams look like — and remind ourselves how we might best reach young people who think they are invincible.


Subject: How to Recover Files in Google Docs and Microsoft Word
Source: Gizmodo

Today’s cloud-based apps keep duplicate copies of everything, saving you the hassle of manual backups. These programs also have detailed version histories, so you can quickly roll back to a different version of a file from an hour, a week, or a month ago.

Besides the instructions laid out below for the most well-known application suites out there, remember the backup options available elsewhere. If you use Dropbox, for example, file versioning is built right in: From the web interface, right-click on any file and choose Version history to see versions from the past 30 days (or 180 days if you’re on a Professional or Business plan). Multiple file edits can be undone with Dropbox Rewind.

Posted in: Cybercrime, Cybersecurity, Economy, Financial System, Firewalls, Privacy