Password Manager Vulnerable to Master Password Compromise

?? Edwin Kwan, Sydney, Australia ↗

GitHub – vdohney/keepass-password-dumper: Original PoC for CVE-2023-32784
KeePass exploit helps retrieve cleartext master password, fix coming soon

The Impact of AI-Generated Images in the Pentagon Explosion Hoax

?? Ian Garrett, Arlington, Virginia ↗
Pentagon explosion hoax goes viral after verified Twitter accounts push

PreInfected Android Phones

?? Katy Craig, San Diego, California ↗
Risky Biz News: Almost 9 million Android phones sold pre-infected with malware
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

This Day in Tech History 

?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/05/23

Pokie Huang:

Hey, it’s 5:05 on Tuesday, May 23rd, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney. Australia, Ian Garrett in Arlington, Virginia, Katy Craig in San Diego, California, Marcel brown in St. Louis, Missouri. 

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney Australia. 

A new KeePass vulnerability has recently been disclosed, which makes it possible to recover the master password even when the program is closed. The vulnerability is CVE-2023-3278, and there is a proof of concept tool that has been released and it can be used to dump the master password from KeePass’s memory.

The recovered password is missing the first character, but is otherwise in clear text. The vulnerability affects the latest version of KeePass, which is version 2.53.1. The fix will be in version 2.5.4, which is scheduled to be available in the beginning of June. 

If you are using KeePass, you should restart your computer, clear your computer’s swap file and hibernation files, and not use KeePass until the fixed version is released.

Ian Garrett: 

Was there an explosion near the Pentagon? Depending on your Twitter feed, you may have been led to believe so due to highly realistic AI generated photos. The image went viral, which not only caused confusion, but also caused a brief dip in the stock market. This is another case highlighting the dangers of misinformation and the ease to do so with recent developments in technology.

Hey folks, this is Ian Garrett in Arlington, Virginia.

Several verified Twitter accounts, including one associated with the Russian state media and an impersonation of Bloomberg News, amplified the tweets containing the fake images. Although these pictures appeared real at first glance, there were hints suggesting that they were generated using artificial intelligence, ultimately exposing the entire incident as a hoax.

This incident has shed light on the dangers associated with Twitter’s pay to be verified system, which allows users to obtain a blue check mark by paying a fee. The blue check mark is often perceived as a sign of trustworthiness. Twitter has since suspended the fake Bloomberg account, but the incident raises concerns about the integrity of verified accounts.

Official sources, such as the Arlington Fire and EMS Department and the Pentagon Force Protection Agency clarified that there was no explosion or immediate danger near the Pentagon. The Department of Defense also labeled the AI generated image as misinformation. However, it took several hours before the initial tweet sharing the fake image was removed after being flagged by government agencies and OSINT experts.

This incident follows a similar occurrence last November when a verified Twitter account impersonating the pharmaceutical giant, Eli Lilly, tweeted false information about insulin becoming free. The Tweet became viral, causing a significant drop in Eli Lilly’s stock within 24 hours. 

As a response, Twitter temporarily paused its paid verification service, Twitter Blue, which allows users to obtain a blue check mark for a monthly fee along with additional features. 

This incident serves as a reminder of the potential dangers of misinformation spreading on social media platforms and the need for platforms like Twitter to implement more robust verification systems.

It also highlights the importance of critical thinking and fact checking both for users and the platforms themselves.

Katy Craig: 

Today we uncover a startling cybercrime operation that is infecting millions of Android devices worldwide. 

This is Katy Craig in San Diego, California. 

The Lemon Group, a notorious cyber syndicate that has embedded their malicious firmware into nearly 9 million low-cost Android smartphones has been working in the shadows, and it’s possible the group may have insider help from smartphone factories.

Still, the exact method remains elusive. 

Their weapon of choices called Guerrilla, a hidden malware nestled within the early boot process called Zygote. This strategic placement allows Guerrilla to operate undetected, giving the Lemon Group full control over the infected devices. With this control, the group downloads specialized plugins to execute their nefarious activities.

Some plugins bombard users with intrusive full screen ads when they open specific apps, while others send spam messages through platforms like Facebook and WhatsApp. 

But the Lemon Groups reach doesn’t stop there. Their plugins enable app manipulation, granting them the power to install or uninstall app silently. Compromised devices can also be transformed into proxy servers to relay network traffic or even intercept and manipulate SMS messages. 

The scale and sophistication of this operation are deeply concerning. To protect yourself, ensure your Android device receives regular security updates from trusted sources. Be cautious when downloading apps and be alert for any unusual behavior. Think twice before buying that bargain phone. 

 In this ever evolving digital landscape, knowledge and vigilance are your best allies. 

This is Katy Craig. Stay safe out there.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, delivering some technology history for May 23rd. Here’s an interesting little obscure tidbit. 

On May 23rd, 1903. Paris, France, and Rome, Italy were connected by telephone for the first time. 

May 23rd, 1995. Sun Microsystems announced the programming language, Java, and the accompanying web browser, Hot Java, at the Sun World 95 Convention. One of the original names for Java was Oak. However, upon finding out that the name Oak was already trademarked, new names were considered including Silk, eventually settling on the name Java. And the rest is history. 

 For those that don’t know, JavaScript has absolutely nothing to do with Java except for the licensing of the name. 

That’s your tech history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Ian Garrett, Katy Craig and Marcel brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.