Ryan Trapp

It appears the US is going hard after the DarkSide ransomware group. This is the group that attacked the colonial pipeline which lead to the weeks long shutdown of their vital east coast pipe. The US is offering a large bounty for information on the gang and for information leading to any  individuals conspiring to participate in a future DarkSide variant ransomware incidents. The group has allegedly released a statement saying that they are ceasing operation for now due to pressure from the authorities but it is unlikely that this is the end for this ransomware group. In more positive news, there is also a note in the article at the bottom about Interpol, with the aid of Ukrainian and South Korean police forces were able to arrest half a dozen individuals on suspicion of being part of the Cl0p ransomware group. This was a 30 month investigation that ultimately lead to the arrest of these individuals. This highlights the ability of different agencies to relentlessly pursue the individuals responsible for these global ransomware attacks, hopefully sending an impactful message (but probably not).

https://www.theregister.com/2021/11/05/us_darkside_ransomware_10m_bounty/

Krebs has a write up on this discovery of the “Trojan Source” vulnerability. What makes this vulnerability unique is that it affects most computer code compilers and many SDEs. This is due to the issue lying with the Unicode encoding standard. This is the standard that translates characters regardless of language used to facilitate communication between computers. The problem was discovered with the bi-directional override that is used to display the order in which the characters appear. This override exists for switching the order of characters when going from a left-to-right reading language to a right-to-left, such as English to Arabic. These Bidi overrides can be used in comments and strings, which is a problem because most programming languages allow comments which all text within is ignored by the compilers. And most languages allow string literals that can contain special or control characters. As quoted from the research paper, “Therefore, by placing Bidi override characters exclusively within comments and strings, we can smuggle them into source code in a manner that most compilers will accept. Our key insight is that we can reorder source code characters in such a way that the resulting display order also represents syntactically valid source code”. This research paper highlights this issue for almost all computer languages and makes it a great opportunity for vendors to get ahead of this issue before it becomes a problem.

https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/#more-57367

This article touches on some new app permissions Google is pushing out. They are making it so apps that haven’t been used in months will auto-reset their permissions. This is a step in the correct direction for user privacy and security, as app permission can be overreaching often times. And usually it is the apps that are forgotten about and left on the phone that are the ones with too much access. Resetting the permissions makes it so the user is more in control of what permission they are allowing apps, and for how long.

https://thehackernews.com/2021/09/google-to-auto-reset-unused-android-app.html

I found this article very entertaining because it is hard to believe such simple mistakes are made like this. Emails were blasted out to the winners of McDonald’s Monopoly game last week and within those emails contained userID and passwords that had access to a server containing the information for the game. McDonald’s has since stated that the passwords were changed and the initial email was due to a human error. It is just another example that no matter how robust the security of an organization is that the human element is always the most dangerous and unpredictable.

McDonald’s Email Blast Includes Password to Monopoly Game Database