Table of Contents
- US says it can prove Huawei has backdoor access to mobile-phone networks
- A New Senate Bill Would Create a US Data Protection Agency
- Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony because they can't open a safe
- MoleRATs APT group targets Palestinian territories
- Court rules that people can't be locked up indefinitely for refusing to decrypt
Apple's Mac Computers Now Outpace Windows In Malware
According to cybersecurity software company Malwarebytes' latest State of Malware report, the amount of malware on Macs is outpacing PCs for the first time ever. Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple's computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows. Now, this isn't quite as bad as it may appear. First of all, as Malwarebytes notes, the increase in threats could be attributable to an increase in Mac devices running its software. That makes the per-device statistic a better barometer. In 2018, there were 4.8 threats per Mac device, which means the per-device number has more than doubled. That's not great, but it's not as bad as that 400 percent increase. Also, the report says, the types of threats differ between operating systems. While Windows devices were more prone to "traditional" malware, the top 10 Mac threats were adware and what are known as "potentially unwanted programs."
Google Play Protect Blocked 1.9 Billion Malware Installs in 2019
Google's Play Protect mobile threat protection service blocked the installation of over 1.9 billion malicious apps downloaded from non-Play Store sources in 2019. During 2017 and 2018, Google Play Protect has also prevented the installation of another 3.2 billion Potentially Harmful Application (PHAs) - as Google refers to malicious apps - from outside the Play Store per Android Year in Review security reports. Today, Google Play Protect is deployed on over 2.5 billion active Android devices as described in the Android security center. Google Play Protect scans over 100 billion apps for malware every day, up 50 billion compared to 2018 and providing users with info about potential security issues and providing details on actions needed to keep their devices secure.
US says it can prove Huawei has backdoor access to mobile-phone networks
US officials say they have evidence that Huawei has backdoor access to mobile-phone networks around the world, according to a Wall Street Journal article. The US kept the intelligence highly classified until late last year, when American officials provided details to allies including the UK and Germany, according to officials from the three countries. That was a tactical turnabout by the US, which in the past had argued that it didn't need to produce hard evidence of the threat it says Huawei poses to nations security. Telecom-equipment makers who sell products to carriers are required by law to build into their hardware ways for authorities to access the networks for lawful purposes, but they are also required to build equipment in such a way that the manufacturer can't get access without the consent of the network operator, the Journal wrote. And a UK security analysis from last year found that Huawei has more pressing security issues from sloppy and flawed code than from Chinese espionage.
A New Senate Bill Would Create a US Data Protection Agency
Europe's data protection laws are some of the strictest in the world, and have long been a thorn in the side of the data-guzzling Silicon Valley tech giants since they colonized vast swathes of the internet. Two decades later, one Democratic senator wants to bring many of those concepts to the United States. From a report: Sen. Kirsten Gillibrand (D-NY) has published a bill which, if passed, would create a U.S. federal data protection agency designed to protect the privacy of Americans and with the authority to enforce data practices across the country. The bill, which Gillibrand calls the Data Protection Act, will address a "growing data privacy crisis" in the U.S., the senator said. The U.S. is one of only a few countries without a data protection law (along with Venezuela, Libya, Sudan and Syria). Gillibrand said the U.S. is vastly behind other countries on data protection. Gillibrand said a new data protection agency would create and meaningfully enforce data protection and privacy rights federally. The data privacy space remains a complete and total Wild West, and that is a huge problem, the senator said. However, while privacy experts call the agency a "good first step," they remain skeptical about how effective it would be once enforced. "There are a myriad of factors that would need to be considered for a Federal Regulation on data privacy and security," Terence Jackson, chief information security officer at Thycotic, told Threatpost.
Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony because they can't open a safe
The organization that keeps the internet running behind-the-scenes was forced to delay an important update to the global network -- because it was locked out of one of its own safes. "During routine administrative maintenance of our Key Management Facility on 11th February, we identified an equipment malfunction," explained Kim Davies, the head of the Internet Assigned Numbers Authority (IANA), in an email to the dozen or so people expected to attend a quarterly ceremony in southern California at lunchtime on Wednesday. The malfunction "will prevent us from successfully conducting the ceremony as originally scheduled on February 12, Davis explained. "The issue disables access to one of the secure safes that contains material for the ceremony." In other words, IANA locked itself out.
MoleRATs APT group targets Palestinian territories
Security experts uncovered a new cyberespionage campaign conducted by one of the Gaza Cybergang groups (aka MoleRATs) targeting the Middle East. MoleRATs is an Arabic-speaking, politically motivated group of hackers that has been active since 2012, in 2018 monitoring of the group, Kaspersky identified different techniques utilized by very similar attackers in the MENA region.
Court rules that people can't be locked up indefinitely for refusing to decrypt
The Third Circuit Court of Appeals has finally decided - after more than four years - that the government can't keep someone locked up indefinitely for contempt of court charges. Former Philadelphia policeman Francis Rawls has been locked up since 2015 for refusing to decrypt external hard drives the government claims contain child porn images. The government obtained an All Writs Order demanding Rawls decrypt the devices. This was challenged by Rawls, but unfortunately he did not preserve a Fifth Amendment challenge, so the Appeals Court let the government have its victory. It still had two locked drives Rawls claimed he could not remember the passwords for. The court [PDF] agrees:On September 30, 2015, Rawls was incarcerated for civil contempt after he failed to comply with a court order that he produce several of his seized devices in a fully unencrypted state. Because we conclude § 1826 applies to Rawls, we will reverse the order of the District Court and order Rawls' release. The government wants him to give up passwords to hard drives likely containing evidence to be used against him.
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with a custom packer. The final unpack routine which extracts the payload of Ryuk Ransomware is as shown below. This post details the mechanisms used by the Ryuk to wake up offline devices in order to infect as many systems as possible.
Sextortion Scams Delivered by Emotet Net 10 Times More Than Necurs Sextortion — Here’s Why
Recent spam campaigns from Emotet featured sextortion content very similar to emails previously sent by the Necurs botnet. However, Emotet spam ended up netting 10 times the amount that a comparable Necurs campaign did - within a matter of six hours. Emotet has been increasing its activity lately, appearing more often in spam campaigns that go beyond the usual malware infection goal. Since sextortion campaigns have been somewhat of a Necurs specialty in the past two years, X-Force researchers who looked into Emotet sextortion campaigns have compared them with similar Necurs campaigns.
Puerto Rico govt loses $2.6M in phishing scam
A senior Puerto Rican official said Tuesday, Feb. 11, 2020, that the island's government has lost more than $2.6 million after falling for an email phishing scam. Manuel Laboy, executive director of the agency, told The Associated Press that officials found out about the incident earlier this week and immediately reported it to the FBI. "I cannot speculate about how these things might happen," he said, addressing heavy criticism from Puerto Ricans who were incredulous upon hearing the news. Laboy added that his agency takes the management of public funds very seriously. "It's a big responsibility."
Facebook Dating Launch Blocked in Europe After it Fails To Show Privacy Workings
Facebook has been left red-faced after being forced to call off the launch date of its dating service in Europe because it failed to give its lead EU data regulator enough advanced warning - including failing to demonstrate it had performed a legally required assessment of privacy risks. Late yesterday Ireland's Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) had sent agents to Facebook's Dublin office seeking documentation that Facebook had failed to provide - using inspection and document seizure powers set out in Section 130 of the country's Data Protection Act. In a statement on its website the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3rd. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, 13 February," the regulator writes. "Our concerns were further compounded by the fact that no information/documentation was provided to us on 3rd February in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland." Facebook announced its plan to get into the dating game all the way back in May 2018, trailing its Tinder-encroaching idea to bake a dating feature for non-friends into its social network at its F8 developer conference.
Data Protection Authority Investigates Avast for Selling Users' Browsing History
The Czech data protection authority has announced an investigation into antivirus company Avast, which was harvesting the browsing history of over 100 million users and then selling products based on that data to a slew of different companies including Google, Microsoft, and Home Depot. From a report: "On the basis of the information revealed describing the practices of Avast Software s.r.o., which was supposed to sell data on the activities of anti-virus users through its 'Jumpshot division' the Office initiated a preliminary investigation of the case," a statement from the Czech national data protection authority on its website reads. Under the European General Protection Regulation (GDPR) and national laws, the Czech Republic, like other EU states, has a data protection authority to enforce things like mishandling of personal data. With GDPR, companies can be fined for data abuses.
Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware
Microsoft is advising administrators to disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks. In a new post to the Microsoft Tech Community, the Exchange Team is urging admins to disable SMBv1 to protect their servers from malware threats such as TrickBot and Emotet. There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. In 2017, various exploits created by the NSA were released that exploited the SMBv1 protocol to execute commands on vulnerable servers with administrative privileges.
Office 365 Users Get Automated Protection From Malicious Docs
Microsoft announced that a new security feature dubbed Safe Documents will be available in private preview for Office 365 ProPlus customers starting today. Safe Documents is an Office 365 Advanced Threat Protection (ATP) feature that uses Microsoft Defender Advanced Threat Protection to automatically scan documents opened in Protected View.