Linux malware used to backdoor systems for years
Security researchers at Qihoo 360’s Network Security Research Lab discovered the RotaJakiro malware, which first had samples uploaded in 2018, but remained undetected by VirusTotal’s anti-malware engines. Domains for the malware’s C2 servers were registered in December 2015. This was designed to operate as quietly as possible, using multiple forms of encryption on its communications and encrypting its resource information in samples reviewed by researchers. The malware has a different set of protocols whether installed on a root on non-root user, with 12 functions related to data exfiltration. Three functions are tied to the execution of specific plugins, although it’s unclear what these plugins are.
Intel and Microsoft partner to detect cryptojacking
Intel and Microsoft announced a new method of protecting Windows machines from being hijacked by malware for cryptocurrency mining. Machines with Intel’s Hardware Shield and Threat Detection Technology enabled can use Microsoft Defender Endpoint to use the algorithm to analyze code. It can detect mining in a hypervisor, VM or hidden OS process and neutralize or quarantine it. This will also prevent the malware from spreading across a network. This integration is supported on Intel 6th generation Core processors and newer CPUs.
Android contact tracing logs exposed to preinstalled apps
Privacy analysis company AppCensus posted Tuesday that Android’s implementation of COVID-19 contact tracing made contact tracing logs potentially accessible to preinstalled apps. The contact tracing system uses rotating Bluetooth identifiers. Those identifiers do not reveal any identifying information and are changed every 15 minutes. The identifiers are logged in privileged memory inaccessible to most software. However, system apps that are preinstalled by manufacturers have system privileges so the apps can read crash report logs. But that access could also potentially be used to access the contact tracing logs too. There is no indication any system apps have tried to access the contact tracing logs. AppCensus reported the vulnerability to Google on February 19th. A Google spokesperson responded to reports on the issue, saying the “roll out of this update to Android devices began several weeks ago and will be complete in the coming days.”
DigitalOcean hit with data breach
The cloud infrastructure company emailed customers warning of a data breach impacting customer billing records. Access to records was made between April 9 and April 22, with details associated with the billing profile exposed in the breach. DigitalOcean says the flaw that allowed this access has now been fixed. Passwords and account tokens were not exposed in the breach, but customer names, addresses, last four digits of credit cards and expiration dates were accessed. Digital Ocean said the breach impacted 1% of billing profiles, and that the company would add extra security monitoring to impacted accounts.
Thanks to our episode sponsor, Aptible
Mexico’s data regulator to challenge telco biometric law
Mexico’s National Institute of Transparency, Access to Information and Protection of Personal Data (INAI) will challenge at the Supreme Court, a law passed in April requiring phone companies to gather fingerprint or eye data when a customer purchases a mobile phone. The law, passed in April purports to make it more difficult for criminals to remain anonymous. Last week a judge stopped the part of the law that requires users to submit the data but the part that requires a registry be created remains in effect. 155 countries maintain cellphone registries, and about 8 percent of them require biometric data, including China, Saudi Arabia and Pakistan.
Startup wants to stream you a browser
The browser maker Mighty came out of stealth, revealing a Chromium-based browser for macOS it intends to stream to customers from the cloud, similar to game streaming services. Mighty built a custom server to keep costs low, designed a low-latency networking protocol, and forked Chromium to “integrate directly with various low-level render/encoder pipelines.” Mighty recommends a 100Mbps connection for browser streams, with each browser instance getting “16 vCPUs” running on dual Intel Xeon CPUs clocked up to 4GHz, Nvidia GPUs, and 16GB of RAM. The thin client installed on macOS is designed to not use more than 500MB of RAM. Mighty claims “keystrokes are encrypted over the wire when being sent” to the cloud, with browsing histories and cookies also kept private.
US Space Command to Launch Cyber Center
During a 2022 fiscal budget hearing, the commander of U.S. Cyber Command, General James Dickinson, announced the launch of a joint cyber center to promote the collaboration between the Space and Cyber Command Centers in the U.S. This comes as the US Space Force began onboarding cybersecurity specialists in February to combat threats to space assets, with General Dickinson stressing the need to coordinate cyber operations against threats to satellite systems from Russia and China.
Do we still need manual pen-testing?
A recent survey of IT and security managers by CyCognito looked into whether manual pen-testing remains valuable to organizations as autonomous options grow. The survey found pen-testing is most commonly used to measure a company’s overall security posture and prevent breaches. 60% of respondents were concerned that pen-testing does not comprehensively cover infrastructure and leaves blind spots, while 44% said the cost was prohibitively high to be comprehensive, and 36% said it provides only periodic snapshots of security performance. The survey found organizations still find manual pen-testing is “a valid way to surface some vulnerabilities in specific, scoped portions of an attack surface at a single point in time,” but that cost and increasing surface area to cover requires this to be done in conjunction with automated systems.