SIM-Swap Plot Twist: FTX’s $400M Crypto Heist Linked to Indicted Trio?

Got SIM-swapped? Worry not, crypto fans! Sam Bankman-Fried might just dodge a bullet as the real culprits—a SIM-savvy trio—get nabbed for the FTX heist. #SIMSwappingRingUnraveled

Hot Take:

Oh, the tangled webs we weave when we practice to deceive… and steal massive wads of crypto! Seems like the SIM-swappers might have pulled a heist so grand it could give a certain crypto bro a get-out-of-jail-free card for one of his alleged oopsies. Meanwhile, Apple’s playing preemptive whack-a-mole with its shiny new goggles, and the cybersecurity world is playing a never-ending game of vulnerability whack-a-mole. And in today’s episode of “Teens Gone Wild,” we have a high school hacker with a penchant for sports betting accounts and a future in orange jumpsuits. Strap in, folks!

Key Points:

  • Chicago’s latest deep-dish pizza topping: SIM-swapping thieves, with a side of FTX’s missing millions – now that’s a Chicago-style heist!
  • Apple’s Vision Pro is about to drop, but not without a little pre-game patching to keep the cyberspace baddies at bay.
  • Container chaos! Moby and OCI are patching up Docker faster than you can say “containerization conundrum.”
  • glibc’s got some glitches, and Qualys is on it like white on rice, exposing the soft underbelly of many a Linux system.
  • A teen hacker from Wisconsin scores big on DraftKings, but not in the way you’d want – cue the courtroom drama and a hefty restitution bill.
Title: Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability
Cve id: CVE-2024-21917
Cve state: PUBLISHED
Cve assigner short name: Rockwell
Cve date updated: 01/31/2024
Cve description: A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

Title: Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
Cve id: CVE-2023-3346
Cve state: PUBLISHED
Cve assigner short name: Mitsubishi
Cve date updated: 01/30/2024
Cve description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.

Title: runc container breakout through process.cwd trickery and leaked fds
Cve id: CVE-2024-21626
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 01/31/2024
Cve description: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Title: BuildKit interactive containers API does not validate entitlements check
Cve id: CVE-2024-23653
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 01/31/2024
Cve description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.

Cve id: CVE-2023-6246
Cve state: PUBLISHED
Cve assigner short name: redhat
Cve date updated: 01/31/2024
Cve description: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Title: BuildKit possible host system access from mount stub cleaner
Cve id: CVE-2024-23652
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 01/31/2024
Cve description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.

Title: Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller
Cve id: CVE-2024-21916
Cve state: PUBLISHED
Cve assigner short name: Rockwell
Cve date updated: 01/31/2024
Cve description: A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

Title: BuildKit possible race condition with accessing subpaths from cache mounts
Cve id: CVE-2024-23651
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 01/31/2024
Cve description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

Need to know more?

Indictment Intrigue:

Picture it: November 11, 2022, FTX is waving the white flag of bankruptcy, and like a crypto-Ninja, over $400 million vanishes into the digital ether. Enter the SIM-swapping ring led by the Windy City's very own Robert Powell, who's now facing the music – and by that, I mean a cozy cell without a view. While Sam Bankman-Fried (aka SBF) might still be in hot water, at least one alleged misdeed might get scrubbed from his ledger. But with a century-plus of potential jail time, don't expect a redemption arc just yet!

Preemptive Patch Party:

Apple's new Vision Pro headset is getting the VIP treatment with patches before it even struts onto the market stage. It's like showing up to your own party early to make sure the balloons are inflated. But hey, better safe than sorry, because let's be real, nobody wants their $3,499 tech goggles to be the gateway to cybercrime central.

Docker's Security Seasickness:

The good ship Docker is navigating some choppy security waters, with Moby and the OCI crew patching up vulnerabilities faster than you can say "shipshape." From malicious BuildKit shenanigans to runc tool leaks, it's all hands on deck to keep your containers tighter than a drum.

glibc Gaffes:

Qualys is back at it, waving red flags over the GNU C Library like a matador in a bullring. With several vulnerabilities in the mix, including some that could grant root access, it's a stark reminder that even the sturdiest software foundations can have their cracks. Time to double-check your systems, because these bugs go way back – like, "Friends was still airing new episodes" back.

The Teenage Betting Bandit:

Last but not least, we have the curious case of a teenage hacker with a flair for sports betting – but not in the way you'd hope. Joseph Garrison, the 19-year-old cybercriminal extraordinaire, managed to nab a cool $600,000 from DraftKings accounts before the law caught up with him. Now he's facing a stint behind bars and a bill that would make most of us faint. Remember, kids, crime doesn't pay – especially when you're betting against the house... of justice.

Tags: Apple Vision Pro vulnerability, Cryptocurrency Theft, Docker vulnerabilities, DraftKings hack, GNU C Library flaws, Security Patch Updates, SIM Swapping