Meaner, more violent Stuxnet variant reportedly hits Iran

Iran admitted its “infrastructure and strategic networks” were hit by a meaner version of Stuxnet. Plus, Iran used Google to find CIA communication channels.

Meaner, more violent Stuxnet variant reportedly hits Iran
thinkstock

Stuxnet allegedly has a vicious little brother, or perhaps it is a malicious cousin; the complex malware was likened to being similar to Stuxnet but “more violent, more advanced and more sophisticated.”

Iran, according to the Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting, of course, how much damage has been caused.”

The report came after Iranian Supreme Leader Ayatollah Ali Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran’s civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts ... and was trying to enter our systems.” Jalali didn’t go into more detail.

The Tehran Times later claimed that Jalali’s comments were “taken out of context with regard to the president’s [President Hassan Rouhani] mobile phone being tapped.” Instead, Jalali was reportedly warning about the risk of unencrypted calls being intercepted.

There were no additional details about the capabilities of this destructive “new generation of Stuxnet;” unsurprisingly, Israel’s Mossad intelligence agency refused to discuss if it played any role in the attack.

Iran found CIA spies by Googling site that CIA used to route covert communications

We already know how “botched CIA communications” ended up costing the lives of Chinese agents, and now Yahoo News reports that Iranian intelligence officials simply Googled to find the CIA’s communication channel. Using Google, Iran reportedly found numerous websites used by the CIA as covert communications channels, which led to Iran rounding up 30 people earmarked as CIA spies.

Thirty more people recruited as CIA agents in China were killed after China allegedly did some Googling to find secret CIA websites that acted as “transitional” communications.

Those compromised sites on the web, which had been indexed by Google, may have also “endangered all CIA sources that used some version of this internet-based system worldwide.”

John Reidy, a defense contractor, had warned the CIA about the “massive intelligence failure” dealing with the communications system. For his trouble, his whistleblowing was rewarded by being booted from his job.

Irvin McCullough, a national security analyst with the Government Accountability Project, told Yahoo News, “This is one of the most catastrophic intelligence failures since Sept. 11. And the CIA punished the person who brought the problem to light.”

PortSmash: The newest Intel CPU side-channel vulnerability

There is yet another vulnerability in Intel processors, specifically the hyperthreading tech, which an attacker could exploit to leak encrypted data. An advisory about exploiting simultaneous multi-threading was issued, but an official research paper will be released later. For now, there’s a proof-of-concept exploit posted on GitHub that should “work out of the box on Skylake and Kaby Lake.”

According to TechSpot, Billy Bob Brumley, a PortSmash researcher, said, “PortSmash is highly portable, and its prerequisites for execution are minimal, i.e., does not require knowledge of memory cache-lines, eviction sets, machine learning techniques, nor reverse engineering techniques. PortSmash definitely does not need root privileges, just user space.”

Intel officials downplayed the threat, claiming, “We expect that it is not unique to Intel platforms.”

Critical Bleeding Bit flaws can compromise enterprise wireless access points

Researchers from Armis revealed Bleeding Bit, an “undetectable chip level attack” that could be used to compromise Wi-Fi access points from Cisco Systems, Cisco Meraki and Aurba Networks — those three allegedly account for about 70 percent of the networking market. The two critical chip-level vulnerabilities are related to Bluetooth Low Energy (BLE) chips made by Texas Instruments.

Armis warned that the vulnerabilities “endanger enterprises using vulnerable access points in their networks. Beyond access points, the health sector is potentially affected by these vulnerabilities, as the affected BLE chips are used in many medical devices, such as insulin pumps and pacemakers. Even private users might be affected by the vulnerabilities if they use an IoT device that embeds one of the vulnerable chips.”

Cisco, Aurba, and US-CERT published security advisories.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.