Learn about the latest strides in cybersecurity with NIST’s $3.6 million initiative to close the workforce gap across the U.S., uncover a vast phishing network exploiting Privnote’s popularity, and explore a newly discovered HTTP/2 vulnerability capable of crashing web servers with a single connection.
00:00 Welcome to the Daily Decrypt: Cybersecurity Updates
00:04 NIST’s Major Investment in Cybersecurity Education
03:49 The Curious Case of Fake Privnote Websites
07:39 A New Threat: The Continuation Flood Vulnerability
09:25 Closing Thoughts and Call to Action
Original URLs:
- https://www.helpnetsecurity.com/2024/04/04/nist-cooperative-agreements-3-6-million/
- https://krebsonsecurity.com/2024/04/fake-lawsuit-threat-exposes-privnote-phishing-sites/
- https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/#:~:text=Newly discovered HTTP%2F2 protocol,TCP connection in some implementations
Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: cybersecurity, NIST, workforce development, phishing scams, Privnote, HTTP/2 vulnerability, DoS attacks, digital security, cybercrime, cybersecurity education, web server security
Search Phrases:
- NIST cybersecurity funding
- Cybersecurity workforce gap solutions
- Privnote phishing scam exposure
- How to detect phishing sites
- HTTP/2 DoS attack vulnerability
- Protecting web servers from crashes
- National cybersecurity education initiatives
- Cybercrime and digital security trends
- Addressing the cybersecurity talent shortage
- Latest cybersecurity threats and protections
Transcript:
April 5
Welcome back to the Daily Decrypt.
In a groundbreaking effort to close the cybersecurity workforce gap, the National Institute of Standards and Technology, or NIST, is injecting nearly 3. 6 million into educational initiatives across 15 states. Also, a mistaken lawsuit threat by a cybercriminal has unveiled a vast network of fake privnote websites websites, which were designed to hijack cryptocurrency transactions by duping users with near identical copies of the website How can you protect yourself from these very sophisticated phishing copies of legitimate websites?
And finally, web server administrators worldwide are on high alert because now a single TCP connection can crash their systems. This is done by exploiting the continuation flood vulnerability in the HTTP2 protocol. What safeguards can you place on your web server to prevent the exploitation of this vulnerability?
The National Institute of Standards and Technology, or NIST, has taken a significant step to address the growing cybersecurity workforce gap by awarding nearly 3. 6 million in cooperative agreements. These funds will be distributed across 18 education and community organizations in 15 states, each receiving about 200, 000 to bolster efforts in cyber security education and workforce development.
The Undersecretary of Commerce for Standards and Technology and the NIST Director, Lori E. Lucascio, highlighted the critical nature of these investments, emphasizing that strengthening the cybersecurity workforce is paramount to our national and economic security.
With nearly 450, 000 cybersecurity job openings reported in the past year, and only 82 workers available for every 100 openings, these initiatives aim to build regional alliances and multi stakeholder partnerships to stimulate cybersecurity education and workforce development. Catering to the diverse backgrounds, and experiences of Americans and contributing to local and regional economic development.
And the article linked in the show notes below by HelpNet Security is calls out each one of the institutions and how much money they’re getting. Now, I’m sure it’ll be up to each institution on how they distribute that, whether it’s to improve their education, whether it’s to offer scholarships. We’re not sure what the specifics are, but universities are getting money from NIST
to help bring more cybersecurity professionals into the workforce.
Now, this brings up another point that I’ve heard about where companies are adding more and more job postings in order to boost their standings on LinkedIn or Indeed or other job sites like that, that they don’t actually intend to fill. As a LinkedIn business page owner for the Daily Decrypt, I could probably post some jobs for Cybersecurity Analyst or whatever I wanted,
and there’s not really much follow through from LinkedIn.
So I just checked LinkedIn, and it looks like there is a review process for every job that’s posted, just to make sure that it follows policies and guidelines. But once it’s posted, it’s up.
So I wonder how NIST is taking that into account. If they’re even taking that into account, it’s a really hard thing, to prove that a job is open.
Why should you have to, who’s going to enforce that? Why should, why should they have to? What’s the incentives, like all these questions. So what’s the incentive for companies to not post fake jobs to help boost their standings? People nowadays are doing anything to boost their SEO, especially in the age of AI. So what’s stopping them from doing this?
Regardless, the money that NIST is giving to these educational communities is only going to help grow and enhance cyber security as a field.
Misstep by one nefarious actor has brought to light a vast network of phishing sites disguised to mimic the self destructing message service PrivNote. com. This network is adept at duping users with sites that closely resemble the legitimate PrivNote platform,
and it was inadvertently exposed following a lawsuit threat aimed at a software company.
So reading from the article by Krebs on security linked in our show notes. Last month, a new user on GitHub named 4e66399 lodged a complaint on the issues page for Metamask, which is a software cryptocurrency wallet used to interact with the Ethereum blockchain. This user insisted that their website, privnote.
co, was being wrongfully flagged by Metamask’s phishing detect service list as malicious.
So their comment, On this site, Red, we filed a lawsuit with a lawyer for dishonestly adding a site to the block list, damaging reputation as well as ignoring the moderation department and ignoring answers. Provide evidence or I will demand compensation.
So this is sort of like an Icarus situation which is what happens to a lot of criminals where they feel like they’re untouchable and they kind of get the itch to be discovered. They want to be more in the public so they go comment on something or write a letter to the newspaper or something like that and this is exactly what happened here with this user.
Really mad that some site has flagged his phishing site as phishing, threatening to sue the software company that flagged them.
So to back up a little bit, privnote. com is a service that launched in 2008 and is renowned for its encrypted message service that ensures even the service itself cannot access the content of the messages.
It has a unique feature for generating one time links for messages, which has made it pretty popular among cryptocurrency enthusiasts. But you know what happens when something becomes really popular? It also attracts phishers.
The clone websites manipulate messages containing cryptocurrency addresses, swapping them with addresses under the control of scammers.
So this one review that threatens a lawsuit unearthed a ton of fake phishing sites
that were targeting privnote users since 2020. One thing you can do as a consumer And a cryptocurrency user is regularly check domain registration details and use trusted sources to verify the legitimacy of websites. So this one was really close. It was privnote. co when the actual website name is privnote.
com. And the attackers manipulated search engine results to promote their phishing site by buying Google ads. So what do we always say about Google ads? Don’t click them unless you absolutely have to, which is because anyone can buy Google ads. And if you’re a cyber criminal, you probably have lots of money to throw at it. So you can almost immediately get that top search spot , when users search for PrivNote, they might even search for privnote. com. because Google’s clever and the search bar or the URL bar is also a search bar.
So maybe they put a space in the front and then they search for privnote. com and then it doesn’t navigate them there. And then they click on the first one, which is privnote. co. It looks exactly like what they’re looking for. And they enter in crypto details and get their wallets drained. It looks like this phishing network has successfully stolen and transferred nearly 18, 000 in cryptocurrencies within a four day period in March.
make sure to monitor your crypto wallets, probably a lot, and just be extra scrutinous of any website you visit, especially when you’re entering in financial details,
in a significant cybersecurity revelation, a solitary TCP connection is now capable of destabilizing web servers thanks to a newly identified vulnerability within the HTTP2 protocol, termed as Continuation Flood. This discovery adds a critical layer to the Internet’s security concerns, given HTTP2’s role in enhancing web efficiency through its 2015 standardization.
Barket Nowatarski, who is the researcher behind this discovery, shed light on how the misuse of HTTP2’s continuation frames by inadequately checked or limited implementations can trigger denial of service attacks. The technical essence lies in HTTP2 messages being divided into blocks for transmission, where continuation frames come into play for combining these segments.
By not flagging the end headers, attackers can unleash a torrent of frames, leading to server crashes from either memory overload or CPU depletion.
The article in our show notes by Bleeping Computer elaborates on the mundane yet devastating nature of out of memory conditions, pointing out that certain implementations failure to cap headerless sizes built via continuation frames spells doom for web servers.
So far, according to CertCC, vendors and HTTP2 libraries who have confirmed they are impacted by at least one of the above CVEs are Red Hat. SUSE Linux, Arista Networks, the Apache HTTP server project, Node. js, AMPHP, and the Go programming language.
And it sounds like there’s no direct fixes by any of them yet, but just make sure to keep an eye out for when updates come down the pipeline, and keep your systems as up to date as you possibly can.
Alright, well that’s all I got for you today, thanks so much for listening, and
We’d love it if you could give us a five star review on Spotify. If you like what you’re hearing or come follow us on Instagram, we’d love to hear from you, but until then, happy Friday. And we’ll talk to you in the next episode.
Leave a Reply