The FBI is warning that an Eastern European cybercriminal group is mailing USB drives filled with BadUSB malware to various companies.
Security
Ransomware Attack on Finalsite Shuts Down 5,000 School Websites
Finalsite is a company that helps schools with websites. In a statement, it says it was hit by a ransomware attack on Tuesday, January 4.
Proton Shares Year in Review With Product Plans for 2022
Proton, makers of ProtonMail and ProtonVPN, has shared its 2021 Year in Review. The company has also shared its plans for the year ahead.
'NoReboot' is an iOS Bug That Can Fake a Shutdown to Trick You
ZecOps writes about “NoReboot,” the ultimate persistence bug that can trick the user into thinking the device has been shut down.
Pepcom 2022: Wemo Announces a Smart Video Doorbell for HomeKit
Wemo’s new smart video doorbell announced at Pepcom 2022 will support Apple’s HomeKit. Videos will be stored in a person’s iCloud+ account.
Recap: Here is the Mac Malware List for 2021
Security researcher Patrick Wardle made a list of the Mac malware we saw in 2021. It’s a timeline with information on each.
While the specimens may have been reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2021 – in one place …yes, with samples of each malware available for download!
After reading this blog post, you should have a thorough understanding of recent threats targeting macOS. This is especially important as Apple continues to make significant inroads into the enterprise.
Everything You Wanted to Know About How Encrypted Email Works
ProtonMail published a nice blog post explaining how encrypted email works, and the various protocols that companies use.
End-to-end encryption for messages sent between ProtonMail users is automatic, and our integrated OpenPGP support makes it easy to send and receive PGP-encrypted E2EE messages to people that use PGP with other email providers. Proton also informs you when your messages are protected by E2EE with a small blue padlock (for other ProtonMail users) or green padlock (for OpenPGP users).
Polygon Fixes Bug That Endangered $24 Billion Worth of MATIC Token
Polygon, a Layer 2 scaling network for Ethereum, fixed a bug that put its MATIC token at risk. However, a hacker was able to steal tokens.
Saudi Activist With EFF Sues DarkMatter Group for Hacking iPhone
Saudi human rights activist Loujain AlHathloul, along with the Electronic Frontier Foundation, is suing DarkMatter for hacking her iPhone. DarkMatter Group was created and run by former U.S. intelligence operatives.
Reuters broke the news about the hacking program called Project Raven in 2019, reporting that when UAE transferred the surveillance work to Emirati firm DarkMatter, the U.S. operatives, who learned spycraft working for the National Security Agency and other U.S. intelligence agencies, went along and ran DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissenters, and even Americans residing in the U.S.
President Biden Signs 'National Defense Authorization Act' Into Law for Cybersecurity
The National Defense Authorization Act of 2022 lays out voluntary cybersecurity practices for private companies that handle critical infrastructure in the U.S.
But provisions all rely on the voluntary participation by industry, which owns and operates the vast majority of the nation’s critical infrastructure. Despite bipartisan calls after massive breaches at SolarWinds, Microsoft Exchange, Colonial Pipeline and other hacks, the NDAA made it through the House without mandatory incident reporting requirements for the private sector.
I disagree on the “voluntary” part. Make it mandatory, otherwise we end up with T-Mobile’s half-dozen breaches in the span of four years.
T-Mobile Data Breach Leaves Customers Vulnerable to SIM Swapping
T-Mobile has had another data breach, although a report suggests this one is less severe than the one in August. Only a small set of customers have been affected, but they could be vulnerable to a SIM swapping attack.
This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.
Security Flaw in Fisher-Price 'Chatter' Phone Could Let People Eavesdrop
A Bluetooth bug found with Fisher-Price’s Chatter phone could let others eavesdrop on your conversation.
With just the online instruction manual to go on, the researchers feared that a design flaw could allow someone to use the Chatter to eavesdrop.
Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it.
Hacking US Diplomats in Uganda May Have Led to NSO Group Downfall
ArsTechnica shares the story of how U.S. diplomats in Uganda were hacked by Pegasus, a spyware tool from NSO Group.
Israeli and US officials declined to confirm that the Ugandan hack directly triggered a decision to blacklist NSO. But one US official who discussed the issue with Israel’s defense ministry said: “Look at the entire sequence of events here—this is careful, not by chance.” He added that putting NSO, one of the jewels of Israel’s tech community, on a US blacklist was designed to “punish and isolate” the company.
'Have I Been Pwned' Completes FBI Ingestion Pipeline for Passwords
Troy Hunt, creator of Have I Been Pwned, has completed a pipeline that enables the ingestion of passwords from law enforcement agencies, like the FBI.
The premise is simple: during the course of their investigations, they come across a lot of compromised passwords and if they were able to continuously feed those into HIBP, all the other services out there using Pwned Passwords would be able to better protect their customers from account takeover attacks. Fast forward to now and that ingestion pipeline is finally live.
'Cryptomator' 2.0 is Here and it Integrates Into iOS Files App
The team behind Cryptomator has rewritten the app in Swift, and with version 2.0 the app is completely integrated into the Files app. This means that your vaults are directly accessible from there. For example, you can now save and edit a Word document directly in an encrypted vault via the Files app. In addition, features like thumbnails, grid view, swiping through images, and drag & drop are possible with the new app. To summarize, Cryptomator gives you end-to-end encryption for your files. You can store them in Google Drive, iCloud Drive, Dropbox, and more. You can also store them offline in the Files app or on a hard drive.
Explaining 'log4j' and Why it's a Serious Cybersecurity Threat
In early December a cybersecurity threat was discovered with the popular “log4j” utility. The Post has a good piece on the exploit, explained in non-jargon.
The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
Wi-Fi Gateway From Airangel Affects Hundreds of Hotels
Security researcher Etizaz Mohsin says that the Airangel HSMX Gateway, used by many hotels to offer Wi-Fi to guests, contains hardcoded passwords that are easy to guess.
With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which store records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.
Security Friday: This Week in Data Leaks – TMO Daily Observations 2021-12-17
Andrew Orr and Kelly Guimont discuss the security news and updates of the week, including two data leaks and end on a festive note.
Sennheiser Leak Exposed 55GB of Data for Thousands of Customers
Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a cache of data from audio company Sennheiser. It appears to be from an old cloud account that’s been dormant since 2018. Over 28,000 Sennheiser customers were exposed, with sensitive private data leaked.
While it’s unclear how all this data was collected, it appears to be from customers and businesses requesting samples of Sennheiser products.
Examples of entries: Full names, Email addresses, Phone numbers, Home addresses, Names of companies requesting samples, Number of the requesting company’s employees
Apple Company 'Claris' Completes SOC 2 Type II and ISO Credentials
Claris completed its SOC 2 Type II audit and ISO credentials for FileMaker Cloud and its automation platform, Claris Connect.
US Logistics Company 'D.W. Morgan' Leaks Data Through Amazon S3
A report from Website Planet reveals D.W Morgan left an Amazon S3 bucket unprotected, resulting in the exposure of over 2.5 million files.
An Amazon S3 bucket owned by D.W. Morgan was left accessible without authorization controls in place, exposing sensitive data relating to shipments and the company’s clients.
As a market leader, D.W. Morgan provides services to some of the biggest companies in the world and there are major Fortune 500 organizations with data exposed on the open bucket.
Google's Project Zero Deep Dives into NSO Group 'FORCEDENTRY' Exploit
Google’s Project Zero security team published a deep dive into FORCEDENTRY, a zero-click exploit in iMessage used by NSO Group. Apple’s Security Engineering and Architecture (SEAR) group collaborated on the analysis.
Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
The vulnerability discussed in this blog post was fixed on September 13, 2021 in iOS 14.8 as CVE-2021-30860.
DHS Announces 'Hack DHS' Bug Bounty Program to Improve Security
On Tuesday, the Department of Homeland Security (DHS) announced a bug bounty program called Hack DNS to improve security.
iCloud, Twitter, MineCraft, Cloudflare, All Vulnerable to a Powerful Bug
According to a report on Friday, major apps and services such as iCloud, Cloudflare, Steam, Twitter, and others are vulnerable to a bug.
On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.
If the NSA is publicly worried, you know it’s bad. Update: Cloudflare says they are not vulnerable, “We responded quickly to evaluate all potential areas of risk and updated our software to prevent attacks, and have not been able to replicate any external claims that we might be at risk.” The company published a blog post on the matter.
