Archive for July 11, 2023

Apple To Release A New Rapid Security Response To Fix The One That Broke Access To A Number Of Websites

Posted in Commentary with tags on July 11, 2023 by itnerd

Earlier today I brought you a story about Apple releasing a Rapid Security Response update that fixed an in the wild vulnerability. But at the same time broke access to a number of websites. Which forced Apple to pull the Rapid Security Response. Now a support document says that a new version of this Rapid Security Response is inbound to fix the stuff that Apple broke.

Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly.

Rapid Security Responses iOS 16.5.1 (b), iPadOS 16.5.1 (b), and macOS 13.4.1 (b) will be available soon to address this issue.

The question is, what does soon mean? Again, the whole idea of a Rapid Security Response is that this is a means for Apple to quickly fix a vulnerability that is in the wild and is being actively exploited. That means that Apple logically needs to fix this quickly as they’ve now tipped their hand as to what the fix is. Potentially giving threat actors the chance to alter how they exploit the vulnerability. In short, Apple is in a race against time here. And Apple needs to win this race or potentially users of Apple products could lose.

Leave a comment »

Today Is Patch Tuesday…. And It’s a BIG One

Posted in Commentary with tags on July 11, 2023 by itnerd

The second Tuesday of every month is Patch Tuesday. That means it’s time to patch all the things that are Microsoft related. And this month is huge. Bleeping Computer is reporting that there are 132 flaws including six zero day flaws.

Yikes!

Yoav Iellin, Senior Researcher, Silverfort highlights three that you really need to worry about:

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367, 35366, 35365 

“The Routing and Remote Access role is not commonly seen in Windows servers. It’s used for advanced routing, NAT, and VPN – and it is not installed by default. However, installing this role turns the server into a provider of these services – potentially directing some or even all network traffic through the server.

Sending a special packet to the Windows server may lead to remote code execution. This is particularly concerning if the specific Windows server acts as a domain controller as well.

With a CVSS score of 9.8, it’s worth taking note of this vulnerability. If you have this service enabled, you should consider installing the patch as soon as possible or even disabling the service.”

Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134, 33157, 33159, 33160

“Last month’s Patch Tuesday – which was light in comparison to this month – saw the release and disclosure of many SharePoint vulnerabilities, and this month we’re seeing RCEs in SharePoint affecting multiple areas. All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach. Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update.”

Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332, 35352, 35303, 32043

“Remote Desktop Protocol provides a platform for remote communication with Windows machines, and recently, we’ve seen a number of vulnerabilities affecting it. This time there are multiple types of vulnerabilities that each attack different aspects of the service. One allows spoofing of a computer and acts as a “man in the middle” (MITM) to bypass its certificate validation warning, while another vulnerability targets environments where users can authenticate with smart cards. These vulnerabilities should be a warning to those who use them to ensure a higher level of protection between non-secure networks and high ones.”

As soon as I click publish on this story, I’ll be patching all the Microsoft gear in my environment. You should likely do the same.

Leave a comment »

The Latest ESET Threat Report Has Been Released

Posted in Commentary with tags on July 11, 2023 by itnerd

ESET, the industry-leading cybersecurity software company, has released their latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry from December 2022 through May 2023.

Here are a few highlights:

  • The H1 2023 ESET Threat Report highlights the remarkable adaptability of cybercriminals: through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals.
  • Attackers developed new methods to attempt to bypass Microsoft security measures, including using weaponized OneNote files instead of Office macros. ESET researchers observed the comeback of so-called sextortion scam emails and an alarming growth of deceptive Android loan apps.
  • ESET telemetry data also suggests that operators of the Emotet botnet have struggled to adapt, possibly indicating that a different group acquired the botnet.
  • Leaked source code of ransomware families such as Babyk, LockBit, and Conti has been increasingly used in the development of new ransomware variants in H1 2023.
  • The H1 2023 Threat Report covers December 2022 through May 2023, transitioning from a triannual to a semiannual release schedule.

The full report can be found here: https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/

Leave a comment »

EU-US Data Privacy Framework Announced

Posted in Commentary with tags on July 11, 2023 by itnerd

The USA has reached a deal with the European Union on how to better protect the privacy of data belonging to EU residents when their information flows to the U.S. This is important because Meta, Google and other tech companies have been in a legal limbo for several years:

The decision adopted by the European Commission is the final step in a yearslong process and resolves — at least for now — a dispute about American intelligence agencies’ ability to gain access to data about European Union residents. The debate pitted U.S. national security concerns against European privacy rights.

The accord, known as the E.U.-U.S. Data Privacy Framework, gives Europeans the ability to object when they believe their personal information has been collected improperly by American intelligence agencies. An independent review body made up of American judges, called the Data Protection Review Court, will be created to hear such appeals.

Didier Reynders, the European commissioner who helped negotiate the agreement with the U.S. attorney general, Merrick B. Garland, and Commerce Secretary Gina Raimondo, called it a “robust solution.” The deal sets out more clearly when intelligence agencies are able to retrieve personal information about people in the European Union and outlines how Europeans can appeal such collection, he said.

“It’s a real change,” Mr. Reynders said in an interview. “Protection is traveling with the data.”

Ani Chaudhuri, CEO, Dasera had this to say:

This EU-US Data Privacy Framework, the product of years of negotiation, attempts to balance national security and personal privacy. This feat is as complex as it is critical.

On the surface, it’s a commendable step. It provides a mechanism for EU residents to challenge perceived infringements on their data by US intelligence agencies and aims to ensure that protections are ‘traveling with the data.’ Yet, Max Schrems, a leading privacy activist, is already planning to sue, questioning the legality and practicality of the Framework. The situation underscores a fundamental question – is it possible to simultaneously maintain privacy and security in a data-driven world?

Firstly, let’s agree on this: data is the backbone of the modern economy. The absence of this agreement would have created a tumultuous environment for multinational businesses that rely heavily on data flows. However, this pact is a band-aid on a festering wound. It replaces the invalidated Privacy Shield but maintains many of its predecessor’s shortcomings.

Why? Because, at its core, the Framework assumes trust between EU citizens and American intelligence agencies. It assumes a complaint-based system backed by an independent review body would provide adequate redress. But let’s be real: how many Europeans would feel comfortable voicing their concerns, let alone feel confident that their complaint would be handled fairly and impartially? The primary question, as Schrems rightfully posits, is whether changes in US surveillance law can genuinely ensure Europeans’ privacy rights. I would argue that the answer is, as it stands, “no.”

The issues run deeper than policy alone. The EU-US Data Privacy Framework marks a step forward but doesn’t necessarily solve the problem. The elephant in the room remains the balance between privacy rights and national security concerns.

The current paradigm involves mass data collection, necessitating uncomfortable compromises on personal privacy for security. But should we not aspire for a system that allows us to achieve both? Technology, after all, is a great enabler.

I’m pretty sure that this isn’t going to make everybody happy. And by everybody I mean Meta. But this is a start to ensuring the privacy of users while using online services and products from tech companies.

Leave a comment »

Why Threads Is Killing Twitter

Posted in Commentary with tags on July 11, 2023 by itnerd

Threads over the weekend hit the 100 million user mark. All of that in the last few days. Which means that Threads is currently killing Twitter. How you ask? I will cite two reasons. Let’s start by going over the numbers:

  • Twitter maybe has 400 million users
  • WhatsApp has maybe 2 billion users
  • Instagram has maybe 2 billion users
  • Facebook has maybe 3 billion users

And what do all of those platforms not named Twitter have in common? It’s that they’re all owned by Meta. And Meta has made it stupid simple to sign up for Threads if you’re already in the Meta ecosystem. Which means that Threads gets an instant user base, and users get instant followers every time people sign up for Threads. Thus explaining why Threads went o to 25% of Twitter’s user count in days. And counting.

But what adds to this is the fact that Meta is run by Mark Zuckerberg. He’s someone who understands how social networks work, unlike Elon Musk. He’s someone who doesn’t say anything and everything that pops into his head which leads to constant PR disasters, unlike Elon Musk. And Zuckerberg is someone who is smart enough to surround himself with smart people and lets them do smart things. Again, unlike Elon Musk.

Sure I have my issues with Threads. But Meta and Mark Zuckerberg are simply the best placed to kill Twitter. And there’s simply nothing that Elon Musk will be able to do to change that. At this point, he might have been better off throwing the $44 million that he spent on Twitter into a blast furnace.

Leave a comment »

Apple Pulls Rapid Security Response Update For iOS And macOS After It Breaks Numerous Websites

Posted in Commentary with tags on July 11, 2023 by itnerd

Yesterday, Apple released a Rapid Security Response to address a vulnerability that was in the wild. But it appears that it didn’t go through enough QA before being released as reports started to flood in that Facebook, Instagram, WhatsApp, Zoom, and other websites started giving a warning about not being supported on the Safari browser following the Rapid Security Response updates. Apple was clearly listening to those reports as they pulled the update.

If you’re on iOS you can remove the update to temporarily fix this issue by doing the following:

  • Go to Settings
  • General
  • About
  • Tap on iOS Version
  • Tap on Remove Security Update
  • Enter your passcode

Your device will then reboot after a couple of minutes and the Rapid Security Response update will be gone.

On macOS do the following:

  • Go to the Apple logo and select System Settings
  • Click General
  • Click About
  • Under “macOS,” click the info button (the encircled “i”) next to the OS version.
  • In the “Last Security Response,” section, click the Remove & Restart button.
  • Click Remove Response and Restart in the confirmation prompt and enter your password.

Your Mac will then restart after a couple of minutes and the Rapid Security Response update will be gone.

Apple will likely fix this issue quickly and re-release it as it does address an in the wild vulnerability. Or put another way, it fixes an issue that is actively being exploited. So don’t be surprised if at 1PM EST today another Rapid Security Response appears on your Mac and iPhone.

1 Comment »

Introducing Google’s Code Next Connect

Posted in Commentary with tags on July 11, 2023 by itnerd

Today, Google Canada announced that applications are open for the 2023 Code Next Connect program. Code Next is a virtual computer science training program for high school students in the United States and Canada, giving them the tools they need to succeed in tech roles. 2023 is the first year the program is open to Canadian students. 

Since 2018, Google Canada has been working with school boards, educators and students from across Canada to deliver computer science (CS) programming in the classroom. Its mission is to educate and engage students, particularly marginalized students and those with barriers to access in computer science, as a catalyst to empower the future of learning and work.

In just under five years, Google Canada has reached hundreds of thousands of Canadian students with its CS programming, and this year it’s expanding its offerings to reach even more students with the launch of Code Next Connect. The virtual computer science education program helps Black, Indigenous, Latinx and women-identifying high school students develop skills and tech social capital needed to pursue high-achieving careers in tech. 

Code Next Connect is best suited for students in grades 9 and 10, and focuses on building critical skills in computational thinking, engineering and leadership. Students also receive mentorship opportunities from Google engineers, and deep-dives in career opportunities.

You can find more information about Code Next Connect here, and interested applicants can apply here until August 5. The program launches in October 2023  and runs until June 2024.

Leave a comment »

Two File Management Apps On The Google Play Store Sending The Data Of 1.5 Million To China 

Posted in Commentary with tags , on July 11, 2023 by itnerd

A detailed in a report published by Pradeo, analysts discovered two file management apps on the Google Play Store to be spyware, secretly sending the user data of 1.5 million Android users to servers in China. 

Seemingly harmless Spyware apps, File Recovery and Data Recovery (1 million plus installs) and File Manager (500k plus installs), are developed by the same malicious group and assure users that no data is collected, automatically launch when the device reboots, and hides their icons on home screens.

Pradeo’s analytics engine has found stolen data to include contact lists, media files, real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model. Each app performs more than a hundred transmissions and then transmits the data to multiple servers in China which are deemed malicious.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “The security issues related to this story are deeply concerning, albeit not surprising. The most fundamental problem is the false sense of security that consumers and businesses have related to app stores like Google Play (and Apple’s Appstore) in terms of actually protecting devices and individuals from these malicious apps. 

   “Both Apple and Google are actively promoting their security efforts at developer conferences, achieving record profits and sales while many of the apps available have huge discrepancies between their stated privacy policies and the actual information and data collected. These include both legitimate mainstream apps, that bend the rules without apparent consequences, and malicious apps that engage in deceptive behavior, claiming not to collect data while secretly doing so. 

   “App marketplaces must prioritize the implementation of more robust security measures to detect and prevent the infiltration of malicious apps that compromise user data.  It is also important for users to remain vigilant in protecting their devices and for businesses to be extremely wary of deceptive and modified apps that can compromise their data and their employers’ data. 

   “The fact that the data is being sent to malicious servers in China compounds the gravity of the threat while making it extremely difficult for consumers and businesses to mitigate the repercussions and long term damage that might occur from the stolen data. It also highlights the complex global nature of cyber threats and the importance of international collaboration in addressing such issues. 

   “Cooperation between security experts, app stores, and law enforcement agencies is vital to combatting these malicious activities and safeguarding user data, yet it is a monumental task that may take decades to be resolved, due to the complexity and competing global agendas.”

This illustrates why you shouldn’t just install anything on your Android or iPhone. Because you simply don’t know what the apps do and where your data is going.

Leave a comment »

Flashpoint digs into the anatomy of a typical attack

Posted in Commentary with tags on July 11, 2023 by itnerd

The security research team at Flashpoint have posted a new blog entry that is worth reading.  

In the blog, Flashpoint explores the intricacies of ransomware attacks, breaking down the attack lifecycle. Understanding this anatomy empowers security teams to strengthen defenses, reduce the risk of successful attacks, and protect organizations from the dire consequences of a ransomware incident.

Seeing as I am writing about ransomware attacks every day, this is worth your time to read. You can read the blog post here: https://flashpoint.io/blog/the-anatomy-of-a-ransomware-attack/

Leave a comment »

Ransomware Attacks On Schools Surged In June

Posted in Commentary with tags on July 11, 2023 by itnerd

According to data collected by Recorded Future, the number of ransomware attacks targeting schools hit a record high in June, averaging more than one attack per day. There were 37 attacks against schools throughout June, compared to 24 attacks the previous month.

The surge was mostly the work of the Russia-based Clop ransomware group’s use of the vulnerability in the MOVEit file transfer tool. 

“Schools were really impacted by the Cl0P MOVEit attacks,” said Allan Liska, a ransomware expert at Recorded Future who is involved in tracking attacks. “Cl0p was responsible for 12 attacks against schools in June — almost one-in-three — and propelled school ransomware attacks to their worst month ever.”

Clop wasn’t the only active group ransomware group in June. Researchers noted that LockBit has been responsible for some of the worst recent attacks, including a major US dental insurance provider with 9 million leaked accounts, a water utility in Portugal, and the significant attack against U.K.’s Royal Mail.

“Clop accounts for a lot of the activity in June, but overall ransomware attacks have just been really bad,” Liska said. “There are more groups going after more targets and it is a never ending barrage of attacks.”

Willy Leichter, PV of Marketing, Cyware said this: 

   “Like many criminals, cyber attackers like to prey on the most vulnerable and least protected, such as schools, or small healthcare providers. Ransomware attacks on small organizations without robust security teams, or backup practices can be devastating. The bottom line is these groups will often pay ransoms out of necessity to keep their operations intact. As long as the financial incentive remains, ransomware will continue indefinitely.”

Hopefully schools and healthcare providers get the dollars that they need to protect themselves from ransomware attacks. Because there should not be any weak links to allow threat actors to flourish.

Leave a comment »