Team of 'White Hat' Hackers Sought to Slow Down Solana Attack
Anonymous claims Chinese website defacement, 72 sites and accounts discovered to be PRC propaganda effort, UK parliament shuts down TikTok account, Thoma Bravo to take Ping private, much more
The official Solana Status Twitter account said that an investigation into the exploit that resulted in a loss of $4.5 million in SOL currency was due to private key information inadvertently transmitted to an application monitoring service and not a compromise of the Solana protocol or cryptography.
The account said that the exploit was isolated to one wallet on Solana, and the hardware wallets used by Slope remain secure. Some Phantom wallets were also drained of their SOL and tokens in the attack. However, it appears that those wallets’ holders had previously interacted with a Slope wallet.
Slope released its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack but did not explicitly detail what happened, nor has the firm taken responsibility for the attacks.
During the hack, a team of five to ten“white hat” vigilante hackers used the developer’s script to spam what Solana co-founder Anatoly Yakovenko has described as “malformed” transactions to the hackers’ accounts, with some evidence that the vigilantes slowed down the hacker. (Andrew Hayward / Decrypt and Andrew Hayward / Decrypt)
Related: Crypto Briefing, Cointelegraph.com, CryptoSlate, The Daily Hodl, The Register - Security, Input, Marketwatch, The New Stack, Barron's, The Block, Blockworks, CryptoPotato, NDTV Gadgets360.com, Bloomberg, Wall Street Journal
foobar @0xfoobarMITM logs from @MoonRankNFT show the mnemonic being passed to Slope servers over POST requests. Wallet name purely coincidental https://t.co/qL9C49ipvV
Hackers claiming to be affiliated with the collective Anonymous defaced a Chinese government website, the site of China's Heilongjiang Society Scientific Community Federations, in retaliation for alleged cyberattacks on several Taiwanese government websites.
The hackers defaced the website replacing its content with a message supporting House Speaker Nancy Pelosi’s visit to the country. “This hack is a retaliation of the DDoS attacks on the presidential website,” the defacement said. Although the attacks on the Taiwanese sites were originally attributed to China, researchers at the SANS Institute said, “These are uncoordinated, random, moral-less attacks against websites that Chinese hacktivists use to get their message across.” (Lorenzo Franceschi-Bicchierai / Motherboard)
Researchers at Mandiant say they discovered that 72 news sites and several social media accounts that claim to be independent have links to a Chinese public relations firm are part of a propaganda effort intended to “disseminate content strategically aligned with the political interests of the People’s Republic of China.”
Some sites have allegedly published fabricated content, including a fake letter from a U.S. senator, and are focused on political enemies of the Chinese government, the Xinjiang region, and criticism of the U.S.
In one instance, a Twitter account linked to the campaign posted a fabricated letter purporting to come from the office of US Senator Marco Rubio, the Republican from Florida. It was addressed to Adrian Zenz, a prominent critic of the Chinese government’s systematic imprisonment of Uyghurs in Xinjiang. The letter falsely claimed that Zenz received financial support from Rubio and right-wing political operative Steve Bannon. (William Turton / Bloomberg)
The UK parliament closed its TikTok account just one week after it was launched after a group of MPs and peers placed under sanctions by China raised concerns that the regime in Beijing used the social media app as spyware.
Senior parliamentarians, including former Conservative party leader Sir Iain Duncan Smith and Tom Tugendhat, chair of the Foreign Affairs select committee, wrote to the speakers of the House of Commons and Lords late last month, just after the account went live, warning them of “considerable” data security risks because of TikTok’s Chinese-owner ByteDance. The parliamentarians were part of a cohort of politicians, academics, and lawyers hit with sanctions by China last year for their criticism of internment camps in Xinjiang. (Jasmine Cameron-Chileshe and Cristina Criddle / Financial Times)
Albert Pedersen, currently a student at Skive College in Midtjylland, Denmark, discovered that Cloudflare’s email routing service had a bug allowing users to read or manipulate other users’ emails.
The vulnerability, which Cloudflare has confirmed but was never exploited, involved a flaw in the program’s zone ownership verification system, making it possible for a hacker to reconfigure email routing and forwarding for email domains that they didn’t own. Cloudflare’s bug bounty program awarded him $6,000 for his efforts. (Lucas Ropek / Gizmodo)
The Ukrainian cyber police (SSU) shut down a massive bot farm of 1,000,000 bots in Kyiv, Kharkiv, and Vinnytsia that spread disinformation on social networks to discredit information from the official Ukrainian state sources, destabilize the social and political situation in the country and create internal strife.
Given the messages' nature, the disinformation machine operators are believed to be members of the Russian special services. SSU's investigation led to the criminal group's leader, a Russian "political expert" who in the past lived in Kyiv. The operators used 200 proxy servers that spoofed the actual IP addresses and evaded detection of fraudulent activity and blocking by the social media platforms. SSU says the bot farm developed and deployed custom software to remotely manage the pseudonymous social media accounts, coordinating them to push the required propaganda messages. (Bill Toulas / Bleeping Computer)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Researchers from the Computer Security and Industrial Cryptography group at KU Leuven discovered a new and powerful attack that used a single traditional computer to completely break a post-quantum computing encryption algorithm put forward by the National Institute of Standards and Technology (NIST).
The new attack breaks SIKE, short for Supersingular Isogeny Key Encapsulation. The researchers developed a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour. The feat makes the researchers, Wouter Castryck and Thomas Decru, eligible for a $50,000 reward from NIST. SIKE is the second NIST-designated post-quantum cryptograph candidate to be invalidated this year. (Dan Goodin / Ars Technica)
A report from the Center for Democracy and Technology finds that 89% of teachers have said that their schools will continue using student-monitoring software, up five percentage points from last year, highlighting concerns that the products may also be used to criminalize students who seek reproductive health resources on school-issued devices.
The report reveals that forty-four percent of teachers reported that at least one student at their school had been contacted by law enforcement due to behaviors flagged by the monitoring software. And thirty-seven percent of teachers who say their school uses activity monitoring outside of regular hours report that such alerts are directed to “a third party focused on public safety,” such as local police department and immigration enforcement. (Pia Ceres / Wired)
Related: Center for Democracy and Technology
Smart App Control (SAC), a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks.
"Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros," David Weston, Microsoft's VP for Enterprise and OS Security, said on Twitter. When blocking a dangerous file using SAC, the system will open a foreground dialog with the following message: "Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous." (Sergiu Gatlan / Bleeping Computer)
Selena @selenalarsonThreat actors are already adapting to life in a post-macro world. With @dansomware, I took a look at campaigned threats in our data to see what actors are using now. Spoiler: ISO, LNK, RAR are the new hotness https://t.co/Yfh5L1p8Te
A hacktivist collective that calls itself Guacamaya posted more than two terabytes of hacked emails and files from a host of mining companies in Central and South America in a move to apparently expose environmental damage in the region.
The group posted the files from five public and private mining companies and two public agencies responsible for environmental oversight, one in Colombia and the other in Guatemala. The files were posted to Enlace Hacktivista, a site for documenting hacker history and sharing educational resources that provides space “for hackers to publish their hacks, leaks, and communiques.”
The files come from ENAMI, an Ecuadorian state mining company; the Agencia Nacional de Hidrocarburos (ANH) in Colombia; New Granada Energy Corporation in Colombia; Quiborax, a mining company in Chile; Oryx, an oil company in Venezuela; Tejucana, a Brazilian mining company; and Guatemala’s Ministerio De Ambiente y Recursos Naturales. Transparency advocate website DDoSecrets posted the files. (AJ Vicens / Cyberscoop)
Related: Distributed Email of Secrets
The nominee to be the first U.S. ambassador at large for cyberspace and digital policy, Nate Fick, said during his Senate Foreign Relations Committee confirmation hearing one of his top priorities would be to “assert the State Department’s rightful place in the interagency process on topics of cybersecurity and digital policy.”
His comments follow recent negotiations between State and the Defense Department over cyber authorities in which both sides have been maneuvering for more control over cyber operations. The State Department should also play a more significant role in pursuing and managing partnerships with other countries to “finance the deployment of secure infrastructure,” Fick said in an apparent reference to Chinese companies such as Huawei. (Suzanne Smalley / Cyberscoop)
Kim Wyman, the senior election security advisor for the Cybersecurity and Infrastructure Security Agency (CISA), said during a Senate Judiciary Committee hearing that the level of digital targeting and physical threats directed toward election workers has reached the highest point in her 30-year career.
Wyman said CISA has a list of five things they are working on to help protect election workers, explaining that the agency will continue to share “actionable information” with election officials about threats and risks to election infrastructure alongside intelligence agencies and law enforcement. (Jonathan Greig / The Record)
Private equity firm Thoma Bravo announced it is buying enterprise identity management company Ping for $2.8 billion and will take it private.
Thoma Bravo will be paying $28.50 per share in an all-cash transaction, which is 63% over Ping Identity’s closing share price on August 2, 2022. (Ingrid Lunden / TechCrunch)
Related: Investor's Business Daily, AiThority, VC Deals – P.E. Hub, Barron's, MSSP Alert, Motley Fool, Ingrid Lunden – TechCrunch, DataBreachToday.com, SiliconANGLE, BNN Bloomberg, Security Week, Help Net Security, Reuters, CSO Online, Pitchbook, Marketwatch, Wall Street Journal, PR Newswire