Good evening, tech enthusiasts and cyber sentinels! Tonight's newsletter is like a cybersecurity thriller, packed with twists and turns in the digital realm. We're starting with a dive into the disruptive world of Wi-Fi 7, where Tiago Rodrigues maps out its transformative impact on our digital lives. Then, brace yourselves for a tale of deception and vulnerability in the Bluetooth landscape, with the BLUFFS attack exposing cracks in our trusted devices. Finally, we uncover the shadowy resurgence of Bandook, a malware that's back in action and targeting Windows machines with a vengeance. So, buckle up as we explore these digital frontiers where innovation meets invasion!

Week in review: Open-source Cybersecurity tools

• Wi-Fi 7’s mission-critical role in enterprise, industrial networking
  Tiago Rodrigues, CEO at Wireless Broadband Alliance, discusses the transformative world of Wi-Fi 7, exploring its features and the impact it promises to have on our digital landscape.

• Cybersecurity challenges emerge in the wake of API expansion
  Vedran Cindric, CEO at Treblle, discusses the exponential growth of AI-related APIs, citing a 96% increase in 2023.

• DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts
  DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties.

• January 2024 Patch Tuesday forecast: A Focus on Printing
  This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect.

• Emerging cybersecurity trends and expectations for 2024
  John Dwyer, Head of Research at IBM X-Force, discusses how 2024 is poised to be an incredibly impactful year for cyber attacks, driven by world events and access to advanced technologies like AI.

• 15 open-source cybersecurity tools you’ll wish you’d known earlier
  In this article, you will find a list of open-source cybersecurity tools that you should definitely check out.

• The dynamic relationship between AI and application development
  Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry.

• Key cybersecurity skills gap statistics you should be aware of
  In this article, you will find excerpts from the skills gap surveys we covered in 2023. These insights will give your organization valuable data to improve its cybersecurity hiring strategy.

• Breaking down the state of authentication
  Bassam Al-Khalidi, co-CEO of Axiad, discusses the results of Axiad’s recent State of Authentication Survey.

• 29 malware families target 1,800 banking apps worldwide
  Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium.

• Hackers employ nuanced tactics to evade detection
  Threat actors evolved tactics, opting for a more nuanced approach that spread attacks across a broader timeframe to blend in with legitimate traffic and evade detection during peak holiday shopping times, according to Cequence Security.

• Consumers prepared to ditch brands after cybersecurity issues
  In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to Vercara.

• Facts and misconceptions about cybersecurity budgets
  In this article, you will find excerpts from cybersecurity budget surveys we covered in 2023. These findings will empower your organizations to craft more effective cybersecurity strategies.

BLUFFS: A New Threat in Bluetooth Security

Recent research has uncovered a series of novel attacks, collectively named BLUFFS, that threaten Bluetooth Classic's security. These attacks, affecting versions 4.2 through 5.4 of the Bluetooth Core Specification, compromise the forward and future secrecy guarantees, leading to adversary-in-the-middle (AitM) scenarios.

Vulnerabilities in Bluetooth Classic

Identified as CVE-2023-24023 with a CVSS score of 6.8, BLUFFS enables device impersonation and machine-in-the-middle attacks by compromising a single session key. EURECOM researcher Daniele Antonioli reveals that the attacks exploit flaws in Bluetooth's session key derivation mechanism, allowing the derivation of the same key across sessions.

The Attack Mechanism

BLUFFS weaponizes four architectural vulnerabilities in the Bluetooth session establishment process, including two new flaws, to derive a weak session key. This enables an AitM attacker to impersonate a paired device and negotiate connections using legacy encryption, thus forcing the use of the same encryption key for every session.

SIG's Recommendations and Mitigation

The Bluetooth Special Interest Group (SIG) advises Bluetooth implementations to reject service-level connections with low key strengths and recommends operating devices in "Secure Connections Only Mode" to ensure key strength. This follows the disclosure of a similar Bluetooth impersonation attack on Apple macOS systems by ThreatLocker.

Bandook: The Resurgent Malware Targeting Windows

Fortinet’s FortiGuard Labs experts have unearthed a new threat to Windows devices: a revised version of the Bandook malware. First identified in 2007, Bandook was known for providing remote access to infected endpoints.

Bandook's New Tactics

The latest iteration of Bandook is being spread through phishing emails containing malicious PDF files. These PDFs include links to a password-protected .7z archive. Once the victim extracts the malware, it injects its payload into the legitimate Windows binary msinfo32.exe, often used for diagnosing computer issues.

Registry Manipulation and Persistence

Bandook modifies the Windows Registry to maintain persistence and connects to a command-and-control (C2) server for further instructions. The usual commands include a stage-two payload, giving attackers full access to the victim's system.

Bandook's Capabilities and Evolution

The malware's functionalities span file manipulation, information stealing, and controlling the victim's computer. Bandook, which means "gun" in Hindi, has been sporadically appearing over the years. In 2020, researchers found numerous digitally signed variants of this malware, targeting a wide variety of sectors and locations, suggesting it's part of a broader offensive cyber infrastructure used globally by governments and threat actors.