Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

Lazarus Group Pulls Off $US35 Million Crypto Heist

North Korean APT Lazarus Group has been out of the news in recent months, but has re-emerged, with an analysis by crypto compliance and security firm Elliptic suggesting that the gang in responsible for the recent theft of crypto assets from users of the non-custodial wallet service, Atomic Wallet.

A screenshot from Elliptic Investigator, showing some of the transactions used in laundering crypto assets stolen from Atomic Wallet users (Image: Elliptic)

Elliptic's attribution is based on analysis of the transaction trail using their Elliptic Investigator product, which is able to trace transactions recorded in blockchains and distributed ledgers; having identified a large number of victim wallets, they are able to identify any deposits involving the stolen funds. The analysis revealed multiple confirming factors:

• The steps used to launder funds exactly match those previously used by Lazarus Group
• The laundering uses specific services, such as the Sinbad mixer, which Lazarus Group has previously used
• Stolen funds seem to have been co-mingled in wallets that hold the proceeds of past Lazarus Group hacks

Elliptic is continuing to monitor these transactions and will provide updates.

Uncredited, North Korea’s Lazarus Group Likely Responsible For $35 Million Atomic Crypto Theft, report, 6 June 2023. Available online at https://hub.elliptic.co/analysis/north-korea-s-lazarus-group-likely-responsible-for-35-million-atomic-crypto-theft/.

Google Rolls Out Biometrics for Chrome Password Manager

Users love the convenience of the password safes built into browsers like Chrome and Firefox. However, they pose the difficulty that a threat actor who gains access to an unattended laptop - in, say, an airline business lounge - can make use of the machine to gain access to password-protected accounts.

Chrome on Android and iOS devices has long had the ability to use the phone's biometric access controls, but now Google has announced that it is adding the option of biometric authentication on desktop devices. Authentication can be requested before a stored password is used, revealed, copied or edited.

The initial release, coming in a few weeks, is for Chrome on the Mac; availability on Windows will depend upon the supported hardware and device driver access in the OS.

Google has also announced that iOS devices will be able to use Face ID to secure the Google app on those phones. The announcement also covers a number of initiatives for family-friendly content and online safety tools, as well as supporting fair elections in the US and internationally.

Fitzpatrick, Jen, Creating a safer internet for everyone, blog post, 7 June 2023. Available online at https://blog.google/technology/safety-security/creating-a-safer-internet-for-everyone/.

VMware Issues Urgent Fixes

VMware has released patches for three vulnerabilities in its Aria Operations for Networks product (formerly vRealize Network Insight). The first and most severe (Critical) of the three vulnerabilities was disclosed to VMware by an anonymous submitter and the other two by Sina Kheirkhah of Summoning Team, both submitters working with Trend Micro Zero Day Initiative:

• Aria Operations for Networks Command Injection Vulnerability (CVE-2023-20887) - CVSS v3 score: 9.8
• Aria Operations for Networks Authenticated Deserialization Vulnerability (CVE-2023-20888)- CVSS v3 score: 9.1
• Aria Operations for Networks Information Disclosure Vulnerability (CVE-2023-20889)- CVSS v3 score: 8.8

Affected users should install the fixed version as soon as possible.

Uncredited, Advisory ID VMSA-2023-0012, security advisory, 7 June 2023. Available online at https://www.vmware.com/security/advisories/VMSA-2023-0012.html.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.