Colombia Hack

05/03/2024

25/09/2022

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service.

The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and Investigation Service (FIOD) said in a statement.

Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife. "My husband didn't do anything illegal," she was quoted as saying.

FIOD also alleged that "Tornado Cash has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams)."

The agency, which initiated an investigation into Tornado Cash in June 2022, further hinted it may make more arrests. It also claimed that the people behind the organization made large-scale profits from facilitating these illicit transactions.

Earlier this week, Tornado Cash became the second cryptocurrency mixer to be slapped with sanctions by the U.S. government after Blender.io for playing a central role in helping organized criminal gangs launder the proceeds of crime such as ransomware and cryptocurrency hacks.

The platform works by pooling and scrambling various digital assets from thousands of addresses, including potentially illegally obtained funds and legitimately obtained funds, to conceal the trail back to the asset's original source, giving illegal actors an opportunity to obscure the origin of the stolen money.

If anything, the latest developments underscore the growing scrutiny of cryptocurrency mixing services for what's being perceived as a mechanism for cashing out ill-gotten cryptocurrencies.

This includes the cash-strapped North Korean regime, which has been documented to rely on cyberattacks on the cryptocurrency space to plunder virtual funds, and in the process evade economic and trade sanctions imposed on the nation.

The move to blocklist Tornado Cash, therefore, is also seen as an attempt on part of the U.S. government to respond to North Korea's use of cyber warfare against cryptocurrency exchanges and services to finance its strategic goals.

22/09/2022

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.

Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.

As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it acknowledged in a terse statement.

The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.

The development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -

CVE-2022-0609 - Use-after-free in Animation
CVE-2022-1096 - Type confusion in V8
CVE-2022-1364 - Type confusion in V8
CVE-2022-2294 - Heap buffer overflow in WebRTC
Users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

22/09/2022

Exploit out for critical Realtek flaw affecting many networking devices

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek’s RTL819x system on a chip (SoC), which are estimated to be in the millions.

The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise vulnerable devices from various original equipment manufacturers (OEMs), ranging from routers and access points to signal repeaters.

No user interaction needed

Researchers from cybersecurity company Faraday Security in Argentina discovered the vulnerability in Realtek’s SDK for the open-source eCos operating system and disclosed the technical details last week at the DEFCON hacker conference.

The four researchers (Octavio Gianatiempo, Octavio Galland, Emilio Couto, Javier Aguinaga) credited with finding the vulnerability are computer science students at the University of Buenos Aires.

Their presentation covered the entire effort leading to finding the security issue, from picking a target to analyzing the firmware and exploiting the vulnerability, and automating the detection in other firmware images.

CVE-2022-27255 is a stack-based buffer overflow with a severity score of 9.8 out of 10 that enables remote attackers to execute code without authentication by using specially crafted SIP packets with malicious SDP data.

The vulnerability is a stack-based buffer overflow in the SIP ALG function that is responsible for rewrites SDP data.

Realtek addressed the issue in March noting that it affects rtl819x-eCos-v0.x series and rtl819x-eCos-v1.x series and that it could be exploited through a WAN interface.

The four researchers from Faraday Security have developed proof-of-concept (PoC) exploit code for CVE-2022-27255 that works on Nexxt Nebula 300 Plus routers.

They also shared a video showing that a remote attacker could compromise the device even if remote management features are turned off.

The researchers note that CVE-2022-27255 is a zero-click vulnerability, meaning that exploitation is silent and requires no interaction from the user.

An attacker exploiting this vulnerability would only need the external IP address of the vulnerable device.

Few lines of defense
Johannes Ullrich, Dean of Research at SANS says that a remote attacker could exploit the vulnerability for the following actions:

crash the device
execute arbitrary code
establish backdoors for persistence
reroute network traffic
intercept network traffic
Ullrich warns that if an exploit for CVE-2022-27255 turns into a worm, it could spread over the internet in minutes.

Despite a patch being available since March, Ullrich warns that the vulnerability affects "many (millions) of devices" and that a fix is unlikely to propagate to all devices.

This is because multiple vendors use the vulnerable Realtek SDK for equipment based on RTL819x SoCs and many of them have yet to release a firmware update.

It is unclear how many networking devices use RTL819x chips but the RTL819xD version of the SoC was present in products from more than 60 vendors. Among them ASUSTek, Belkin, Buffalo, D-Link, Edimax, TRENDnet, and Zyxel.

The researcher says that:

Devices using firmware built around the Realtek eCOS SDK before March 2022 are vulnerable
You are vulnerable even if you do not expose any admin interface functionality
Attackers may use a single UDP packet to an arbitrary port to exploit the vulnerability
This vulnerability will likely affect routers the most, but some IoT devices built around Realtek's SDK may also be affected
Ulrich created a Snort rule here that can detect the PoC exploit. It looks for "INVITE" messages with the string "m=audio" and triggers when there are more than 128 bytes (size of the allocated buffer by the Realtek SDK) and if none of them is a carriage return.

It is important to note that not all products using RTL819x are vulnerable. Faraday Security researchers shared a list with products powered by Realtek's chip and believed to be vulnerable.

Zyxel NBG6615 is on the list because it runs on a vulnerable chip. However, it is not impacted by the vulnerability.

Zyxel reached out to BleepingComputer after publishing this article to explain that the firmware in the NBG6615 router does not initiate the ALG comment function, and, it is not affected by CVE-2022-27255.

Users should check if their networking equipment is vulnerable and install a firmware update from the vendor released after March, if available. Other than this, organizations could try to block unsolicited UDP requests.

Slides for the DEFCON presentation along with exploits, and a detection script for CVE-2022-27255 are available in this GitHub repository.

Update: Zyxel contacted BleepingComputer after publishing this article to share that CVE-2022-27255 impacts none of its products and to clarify that while its NBG6615 runs on Realtek, the firmware does not use the vulnerable function.

22/09/2022

Mat12 returns again after two years of leaving for his new company, today he returns again to contribute his knowledge in the technical area.

22/09/2022

Loading, soon Frd25 will be with us again and you, one of the most internationally recognized hackers thanks to his multiple awards. Welcome Frd25

22/09/2022

CISA warns of newly identified critical remotely exploitable vulnerabilities in Dataprobe's power distribution unit product.

22/09/2022

Researchers found 39,405 unauthenticated Redis database instances exposed on the Internet, nearly 50% of which showed signs of attempted compromise.

22/09/2022

29/06/2022

Descubren que el antivirus Windows Defender está causando problemas de rendimiento en los procesadores Intel - Cultura Informática

29/09/2021

Fake.

Smartphones, Smart Tv’s, consolas de videojuegos y otros dispositivos, ya no podrán conectarse a internet este 30 de septiembre

09/08/2021

Informática y telecomunicaciones. Hardware, redes y seguridad. Seguridad informática. Maestría Oficial en Ciberdelincuencia. TEMARIO ASIGNATURAS OBLIGATORIAS 6 ECTS | Ciberseguridad y agentes de la Amenaza 6 ECTS | Marco jurídico: proceso penal, aspectos transversales y agente encubierto 6 ECTS ...

09/07/2021

Importante.

Microsoft Office obtiene una nueva interfaz más acorde a Windows 11 - Cultura Informática

09/07/2021

Contactanos.

Solución a la pantalla en blanco a la hora de inscribirte en el programa Windows Insider - Cultura Informática

09/07/2021

Vulnerabilidad Print Nightmare

Conoce lo que significa la vulnerabilidad Print Nightmare en Windows, versiones que afecta y consejos para evitarla - Cultura Informática