Total Return Swaps and Archegos

Another example of the impact of the risks of synthetic trades on futures backfired spectacularly last week. A private hedge fund Archegos Capital Management (website currently down) defaulted on a series of Total Return Swap deals on ViacomCBS (among others) forcing a liquidation of shares and a subsequent couple of trading days. The scale of the default is still not known, but major financial institutions have issued loss warnings that are assumed is an outcome of the issue. As always: highly hedges give you profit if you’re good and major disasters if you don’t. For those old enough: Remember LTCM.

Update: A paywalled article from Wall Street Journal on the market impacts

How safe is NFT?

The latest bit coin (actually Ethereum)  craze to emerge is Non-fungible token or NFT’s, Simply put its’s an digital ledger containing digital assets, mostly art as digital: I.E. a ledger where the “rights” to the content is owned by you as a transferable asset. Several high value transactions are in the news such as Beeple and DJ3LAU recently, NFT’s are not as straight forwards as people think. An interesting article shows the ins and outs of buying and owning (or not) of FCC’s on Motherboard highlights some of the problems with this.

What is Ransomware?

As the world wakes up to the threats of Malware it is worth pointing out that this is not a new thing. Hackernews has posted a very informative post going through the history and the trends and techniques used as this evolved as well as an overview of the main families and operators throughout its history

More fun with Exchange

As you may already know a series of 0-day bugs have been discovered recently and are actively used by hackers globally. First used by a Chinese hacking crew Hafnium it has evolved into a bigger problem. Paul Kerbs has a nice timeline on this. Microsoft has now launched a one-click solution for admins that have not implemented the already released patches:  CVE-2021-26855CVE-2021-26857CVE-2021-26858CVE-2021-27065,

MS ION: Decentralized Identifiers (DIDs)

Microsoft just made public the details on their DID implementation, ION, as their part of the drive towards decentralised Layre 2 authentication and control.

“We are excited to share that v1 of ION is complete and has been launched on Bitcoin mainnet. We have deployed an ION node to our production infrastructure and are working together with other companies and organizations to do so as well”

The increased use of Counterfeit Digital Certificates in Malware

The previous trend of using stolen certificates to digitally sign malware (to circumvent OS’s requirements for valid digital signatures om files to install SW) has been overtaken by black hats issuing counterfeit certificates pretending to be the institution the certificates are issued to. Social engineering to the next leve is one way of looking at this. Recorded Future has an analysis of the current market place, with a tracking of the 3 largest dark web merchants and their volumes over the last 5 years. Also a breakdown of the current offerings available. Note that the high-end  certs are Symantec Certs, the CA that got phased ut by the browser vendors after numerous issues, so the hope is that this will remove the EV certificates from this kind of use.

[Updated] More Apple iOS source code leaks (iBoot)

Yet more Apple source code has been leaked, this time around the iBoot elements of IOS. Although from an older build of IOS (9x) it should be close to the current implementation. Initially leaked on Reddit  by a user named apple_internals and subsequently removed, now posted in Github for maximum availability. An good article on Motherboard does some initial analysis and impact analysis. It’s a shame jailbreaking has gone out of Vogue, this will make it a lot simpler to do.

[Update] Apple has released the following statement” Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

A DMCA notice has been sent to Github to take down the source code.

The real background story on the Russian hacking of the White House and the Democratic Party

Dutch Newspaper De Volkskrant has published the story of how the Dutch Intelligence Services (AIVD) hacked the infamous Russian hacking group Cosybear / APT29 and monitored how they hacked into the US and how this was fought withe the Americans. Also on the aftermath of these findings being made public by the Trump Administration. Another country now deeply skeptical to sharing Intel with the US along the previous leaks made this year.

[Update] More info can be found at Nieuwsuur.

Machine Learning gone bad

I suppose every new technology will eventually be misused, and  this has now come to machine learning and facial recognition algorithms. As reported by Motherboard an app has been launched on reddit using NVIDA’s CUDA framework  to morph faces onto another body, to create realistic videos as an outcome. Of course (in an forum dominated by teenage boys) the initial activity is to use celebrity faces in porn scenes, but it raises another worry about trusting digital images and video files in a wider use of this technology.

How much can a Malware payload actually do?

Kapersky has released an advisory on Securelist on a new major Android Malware, originating (it seems) from Italy. Skygofree (as it has been named) goes above and beyond what has been seen before. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Also a clever use of Androids  Accessibility Service gives backdoor access to Whatsapp. Deeper analysis leads to finding a set of windows components indicating an almost full Windows implementation of the above.
For those looking to validate if they are impacted, here are the indicators.