controlgap.com

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields & Yuma Healthcare, Telegram, Palermo. Major outages. Privacy: Twitter, Bluetooth & Wi-Fi, Student spyware. Laws & Regs - Canada: CBSA phone searches, C-11, Crypto regs, Right to disconnect, cigarettes. US: right-to-repair, breach reporting. World: hacking-back, platform liability, message scanning. NSO in court, USB-C. Standards: HTTP RFCs, 5 NIST drafts. Defense - Cyber-skills, Tools & Techniques. Vulnerabilities - Zerodays, Follina, Apple CPUs, Dogwalk, DiagCab. Patching: Chrome, Gitlab. Other: Cloud middleware, U-Boot, Tesla, PyPl/keep. Crypto-research: SSH, Boomerang. Cybercrime - Trends: Follina, Conti, Symbiote, Cracked Ccleaner. Crime & Enforcement: Crypto-thefts, SSNDOB shutdown, 41 phishes. Nation States and mercenaries. Other Risks - General: AI, CitizenLab, Car insurance, Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

Background

Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus platform VirusTotal[1]. The Microsoft Word (.docx) file, uploaded from an IP address originating in Belarus, was found to contain a novel mechanism for obtaining PowerShell command execution through Office documents via the Microsoft Support Diagnostic Tool (MS-MSDT) troubleshooting feature. This original malware sample is currently being analyzed by members of the cybersecurity community, including Kevin Beaumont, who posted his analysis on Sunday, May 29^th and named the sample “Follina”[2].