A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
The BYOVD technique involves threat actors using a kernel-mode driver known to be vulnerable to exploits as part of their attacks to gain higher privileges in Windows.
Because device drivers have kernel access to the operating system, exploiting a flaw in them allows threat actors to execute code with the highest privileges in Windows.
Crowdstrike saw this new tactic right after the publication of the cyberintelligence firm’s previous report on Scattered Spider at the start of last month.
According to the latest Crowdstrike report, the hackers attempted to use the BYOVD method to bypass Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, and SentinelOne.
Disabling security products
CrowdStrike reports that the Scattered Spider threat actor was seen attempting to exploit CVE-2015-2291, a high-severity vulnerability in the Intel Ethernet diagnostics driver that allows an attacker to execute arbitrary code with kernel privileges using specially crafted calls.
Although this vulnerability was fixed in 2015, by planting an older, still vulnerable version on the breached devices, the threat actors can leverage the flaw no matter what updates the victim has applied to the system.
The driver used by Scattered Spider is a small 64-bit kernel driver with 35 functions, signed by different certificates stolen from signing authorities like NVIDIA and Global Software LLC, so Windows doesn’t block it.
The threat actors use these drivers to disable endpoint security products and limit the defenders’ visibility and prevention capabilities, laying the ground for subsequent phases of their operation on the targeted networks.
Upon startup, the driver decrypts a hard-coded string of targeted security products and patches the target drivers at hard-coded offsets.
The injected malware routine ensures that the security software drivers still appear to be functioning normally even though they no longer protect the computer.
Crowdstrike says ‘Scattered Spider’ has a very narrow and specific targeting scope but warns that no organizations can afford to ignore the possibility of BYOVD attacks.
Recently, we reported on other high-profile threat actors, such as the BlackByte ransomware gang and the North Korean hacking group Lazarus utilizing BYOVD attacks to power their intrusions with elevated Windows privileges.
A long-standing Windows problem
Microsoft tried to fix this known security problem on Windows by introducing a blocklist in 2021.
However, the issue wasn’t addressed decisively, as Windows does not block these drivers by default unless you run Windows 11 2022 and later, which came out in September 2022.
Even worse, as ArsTechnica reported in October, Microsoft only updated the driver block list on every major release of Windows, leaving devices vulnerable to these types of attacks. Microsoft has since released updates that fix this servicing pipeline to update the driver block list properly.
Microsoft recommends that Windows users enable the driver blocklist to protect against these BYOVD attacks. This support article provides information on enabling the blocklist using the Windows Memory Integrity feature or Windows Defender Application Control (WDAC).
Unfortunately, enabling Memory Integrity on devices that may not have newer drivers can be difficult.
A Quick Guide to Better CMM Maintenance
A coordinate-measuring machine, also known as a CMM, is a specialized piece of equipment common in high-precision manufacturing. It uses coordinate technology to measure and replicate the dimensions of particular objects.
CMMs are a lot more accurate than regular measurement gauges. This characteristic makes them the equipment of choice for quality assurance in certain industries, like aerospace, defense, and medical manufacturing.
Despite being a powerful piece of equipment and the most versatile measuring tool in the metrology industry, CMMs can also be quite delicate. They require the right environment and proper maintenance practices to maintain accuracy and reliability.
The Importance of Proper CMM Maintenance
It’s essential to clean and inspect each part of your machine to ensure it stays efficient and accurate. Preventative maintenance ensures that your CMM remains accurate and performs at its best. It also improves your machine’s longevity.
Without proper CMM maintenance, you could risk damaging your CMM. Repairs would involve operational delays and additional costs.
CMM Preventative Maintenance Tips
Preventative maintenance practices are ones your team could do by yourselves. It’s best to schedule regular maintenance checks for your CMM daily, weekly, monthly, or quarterly. These checks can alert you immediately to possible problems with your CMM.
Remove dust and dirt regularly
Clean and well-maintained air bearings ensure your CMM works as it should. These frictionless and stable bearings help ensure accuracy and efficiency. Dust and dirt can clog your machine’s air bearings, affecting its overall performance.
Aside from your machine’s air bearings, dust could also get into other surfaces and crevices. These tiny particles could affect your machine’s accuracy.
Handle Stylus Tips Properly
The stylus is the tip that makes contact with the object you want to measure with your CMM. Despite this significant role, the stylus can be fragile and require careful handling. Too much force could cause it to bend or break.
Clean your stylus with a cleaning agent and a lint-free cloth. Make sure to remove any residue from workplace materials.
Ensure Good Air Quality
Most CMMs use air bearings, and good air quality is essential to keep them running smoothly. Various air quality issues could affect machine performance and even burn out machine motors.
For air quality maintenance, ask and address the following questions:
- Do the lines have condensation, oil, or other contaminants?
- Is the airflow constant?
- Are you using the proper pressure?
When To Call a Professional
Most preventative maintenance practices are simple enough to be performed internally. However, some issues require professional attention. You can also conduct regular professional maintenance checks to ensure you don’t miss anything.
Below are some procedures that require professional assistance. Many CMM suppliers also offer maintenance services alongside their machinery.
Conducting CMM Training
CMMs are highly specialized pieces of equipment. To handle them properly, your staff needs professional training.
Training courses allow you to get trained by CMM experts on the tools and knowledge necessary within your industry. Regular training sessions also help keep you updated on industry trends and standards.
CMM sensors are critical to your machine’s speed and accuracy. They should be professionally inspected and calibrated annually.
Routine sensor maintenance can significantly improve the efficiency and accuracy of your machine. CMM sensors include the following:
- Scanning probe
- Single point laser
- Line laser
- Electronic touch trigger probe
- Video camera
Neglected air bearings could cause them to falter in their accuracy and stability. Properly maintained air bearings ensure a smooth, stable, and accurate measurement process.
A professional metrology company can thoroughly inspect your air bearings to prevent further machine damage.
A CMM is a significant investment for any business. Good maintenance practices help your machine last and perform at its best, thus making the most out of this investment.
Nintendo’s discounted Switch game vouchers are back
Nintendo’s Switch Online service has become a better deal over time, offering more perks than just the ability to play games online. On top of getting access to SNES and NES classics, and cloud save backups (for most games, save a couple dozen), Nintendo announced an even bigger perk yesterday: discounted game vouchers.
All subscribers can buy a two-pack of these vouchers for $99.98, and a huge range of first-party (in other words, typically discount-averse) Nintendo games are looped in. I encourage you to check out the full list, but some highlights include the brand-new Fire Emblem Engage, Kirby’s Return to Dream Land Deluxe, Bayonetta Origins: Cereza and the Lost Demon, Metroid Dread, Splatoon 3, The Legend of Zelda: Breath of the Wild, and Pokémon Scarlet and Violet. Important note: you both have to be a subscriber to buy and use these vouchers.
It’s great that this list is more expansive than Nintendo’s first swing at this deal in 2019. But this perk could actually turn Switch Online into a must-have service because it allows you to pre-purchase up to four sets of vouchers (totaling eight games), and keep them for 12 months from the date of purchase. With $20 in savings with each pair of vouchers, buying four bundles will save you up to $80, assuming that each title normally costs $59.99. If you buy a lot of games, this is a smart way to save a little bit of money on every forthcoming purchase.
I know what you might be thinking: “Can I use one on The Legend of Zelda: Tears of the Kingdom?” Nintendo has not currently listed the deliriously anticipated sequel to Breath of the Wild, which is set to release on May 12th, 2023. Polygon has reached out to Nintendo to see if it’ll eventually become eligible, but did not hear back in time for publication.
You can get a free seven-day trial for Switch Online here, and you can easily subscribe to the service directly from the Switch’s eShop (it costs $3.99 per month, $7.99 for three months, or $19.99 per year). However, you can purchase (or gift) a one-year subscription with a digital code via Best Buy for $19.99. With a family subscription that costs $34.99 per year, up to eight Switch accounts can reap the perks of Switch Online.
For players who want all the perks, access to Goldeneye 007 and other N64 and Sega Genesis games, and complimentary DLC for some Switch games like Mario Kart 8 Deluxe, you’ll need Nintendo’s Switch Online plus the Expansion Pack tier, which costs $49.99 per year for one account, or $79.99 per year for a family subscription.
Canadian discovery could help batteries last longer
A chance discovery in a Canadian laboratory could help extend the life of laptop, phone and electric car batteries.
According to scientists from Dalhousie University in Halifax, common adhesive tape in batteries may be the reason many devices lose some of their power while off or not being used, which is a phenomenon known as self-discharge.
“In our laboratory we do many highly complex experiments to improve batteries, but this time we discovered a very simple thing,” Michael Metzger, an assistant professor in Dalhousie University’s physics and atmospheric science department, said in a news release. “In commercial battery cells there is tape—like Scotch tape—that holds the electrodes together and there is a chemical decomposition of this tape, which creates a molecule that leads to the self-discharge.”
The solution is simple, too, Metzger says: replace the polyethylene terephthalate, or PET, plastic tape commonly used inside batteries with something more durable and stable.
“It’s a commercially relevant discovery,” Metzger said. “It’s a small thing but it can definitely help improve battery cells.”
Metzger and his team have been trying to understand why lithium-ion battery cells in inactive devices tend to lose some of their power and self-discharge, something that has long frustrated consumers and manufacturers alike.
“Every manufacturer of lithium-ion cells in the world wants to make self-discharge as small as possible,” Metzger told CTVNews.ca in a joint statement with graduate student Anu Adamson. “In every battery there is a small rate of self-discharge that slowly drains the battery. This is very inconvenient for users and a big headache for industry.”
The electrodes that power batteries are separated by an electrolyte solution that is usually a form of lithium. After exposing several battery cells to different temperatures, researchers were surprised to see that electrolyte solution had turned bright red when it normally should be clear, which was something they had never encountered. The discovery was made by Adamson and two other students.
Chemical analysis of the red electrolyte solution revealed that at higher temperatures, a new molecule had been created inside the battery through the decomposition of common PET adhesive tape, which is often used to hold components together inside batteries. Strong and lightweight, PET is also frequently used for plastic packaging, drink bottles, clothing fibres and more.
Researchers realized that the red molecule, dimethyl terephthalate, was acting as a redox shuttle, meaning that it can transport electrons between a battery’s positive and negative electrodes, creating self-discharge and depleting power even when a battery is not in use. Ideally, the shuttling of electrons within a battery should only happen when a device is on.
“It’s a very simple thing—it is in every plastic bottle and no one would have thought that this has such a huge impact on how the lithium-ion cells degrade,” Metzger said in the news release. “It’s something we never expected because no one looks at these inactive components, these tapes and plastic foils in the battery cell, but it really needs to be considered if you want to limit side-reactions in the battery cell.”
“Since the PET in the tape is the culprit that creates the redox shuttle, we need to replace it with a polymer that is more stable and does not decompose in the harsh chemistry of a lithium-ion battery,” Metzger and Adamson told CTVNews.ca. “So far, the results look very promising, and we plan to publish a new research paper on improved polymers for lithium-ion battery tapes soon.”
According to the researchers, their work has been attracting interest from “some of the world’s largest computer hardware companies and electric vehicle manufacturers,” which are eager to reduce self-discharge and improve battery performance.
“We visited some of these companies and they are planning to implement more stable polymers in their battery cells,” Metzger said.
In the release, Metzger noted: “One of the engineers said, ‘I heard you guys found out something is wrong with PET tape.’ So, I explained to him that it’s causing this self-discharge and asked him, ‘What are you using in your cells?’ He said, ‘PET tape.'”
Inuit, environmental groups call for stronger measures to reduce underwater noise
Ottawa expands price caps to Russian petroleum products to reduce revenues
Extreme cold temperatures across Quebec, East Coast expected to linger until Sunday
Silver investment demand jumped 12% in 2019
Iran anticipates renewed protests amid social media shutdown
Search for life on Mars accelerates as new bodies of water found below planet’s surface
Business16 hours ago
Elon Musk found not guilty of fraud over Tesla tweet
News16 hours ago
Anti-Ukrainian vandalism, harassment rising at Canadian universities, students say
Media14 hours ago
Canada adds Russian media personalities, companies in latest round of sanctions
News15 hours ago
Migrant worker secret menus in Canada expose exploitation
Art16 hours ago
Richmond Art Gallery’s central location makes art easily accessible
News14 hours ago
Ottawa tight-lipped on details as Canada, U.S. call out China over balloon
Health22 hours ago
Governments seek buyer as Quebec COVID-19 vaccine manufacturer Medicago set to close
News14 hours ago
Reforms needed for transgender people to access justice: Canadian Bar Association