Slack and Discord file sharing used to spread malware

This finding comes from Cisco Talos research, finding this an increasingly common attack vector. Threat actors upload malicious files to the platforms, which are then housed in their CDN and linked for access. These links are then shared on other outside platforms, with the malware served up by Discord or Slack infrastructure. The researchers warned that using legitimate infrastructure generally trusted by other users makes social engineering attacks much easier to pull off. Talos previously identified attackers using Discord to distribute Thanatos ransomware in 2018. 

(Cyberscoop)

Facebook comments on recent user data leak

On Tuesday in a blog post, Facebook acknowledged the free posting of account information of more than 503 million individuals and provided a few more details. Facebook says this is a combination of data some of which was scraped from Facebook prior to September 2019 using a flaw in the contact importer tool that Facebook says it fixed in 2019. That tool was meant to let you use your contact list to find friends on Facebook. The company treated this dataset like a public collection of data not a data breach hence it’s lack of concern over reporting or notifying users.

(Wired)

Cring ransomware hits unpatched VPNs

A new report by Kaspersky found Cring ransomware impacting the European industrial sector, which have markedly increased throughout Q1 of 2021. Attackers were able to exploit an unpatched Fortinet VPN, disguise the Cring ransomware as an anti-virus product, before encrypting production servers that ultimately forced an unnamed firm to shut down two factories in Italy temporarily. Cring is a relatively new ransomware strain, with operators moving  laterally on the targets’ enterprise network to gain administrator access, with ransomware payloads only encrypting specific files with strong encryption after removing backups. 

(Cyberscoop, Bleeping Computer)

Lockdowns saw the rise of wine scammers

A new report by Recorded Future notes that the start of COVID-19 lockdowns saw a rise in wine-related domain registrations as people increasingly turned to virtual happy hours to keep in contact with friends and co-workers, up 2-3 times pre-pandemic levels from April 2020 and continuing through March 2021. The report found malicious domains followed a similar growth, delayed a month with a large spike in May 2020, with a total of 4,389 malicious wine-themed domains identified. Malicious wine-related domains as a percentage of all wine domains registered peaked in June 2020 at 7%.

(Recorded Future)

Thanks to our episode sponsor, Sotero

What could your business do if it could keep data encrypted while the data is in motion or in use? Well, a lot of companies have the answer because they’re using a new encryption technology from Sotero. Sotero’s data encryption solutions keep data encrypted while the data is in use and in motion. These companies are using Sotero to attract new customers and drive new revenue streams. You really want to check this company out at Sotero.com.

Google Forms used for phishing toolkits

Security researchers at Group-IB found the service to be increasingly used to automate malicious phishing campaigns, letting attackers easily create and operate phishing web pages. The researchers found that free email services are commonly used to send phishing data automatically, with GMail making up 40%. Google Forms’ integration with GMail makes it the ideal front end, as it provides a URL that appears relatively trustworthy to click on. Threat actors using legitimate services to obtain compromised data makes it harder to detect and makes it easier for attackers to stand up replacements as phishing sites are taken down. 

(CISO Mag)

UK launches new tech regulator

The UK launched the Digital Markets Unit, a new regulator that will review allegations of anticompetitive behavior by large technology companies, housed inside the existing Competition and Markets Authority. The UK government originally announced its intent to form the new agency last year. The regulator currently doesn’t have the power to levy fines until Parliament approves legislation governing its oversight power, expected to be approved by next year. Once obtained, it’s expected the Digital Markets Unit will have additional authority to reverse corporate mergers and force companies to comply with its new code of conduct.

(WSJ)

Huawei restructures AI and cloud business

The company formed its core cloud and artificial intelligence business group 14 months ago, but announced today it would be closing the unit, reflecting its struggles from going to a device-maker to a service provider. Server and hardware storage operations from the group will be subsumed into Huawei’s internet products department, which houses its R&D. Cloud business will become its own business unit. Huawei’s core business of carrier networks, enterprise business, and consumer products has been significantly disrupted by continuing US sanctions. 

(Nikkei Asia)

Apple details new tools for advertisers without user tracking

With Apple set to rollout its  App Tracking Transparency in iOS 14.5, the company published details on two privacy-preserving ad measurement technologies that advertisers can utilize without tracking users. SKAdNetwork lets advertisers see how often an app was installed after seeing an ad without sharing device information, while Private Click Measurement provides a way to measure the impact of ads that lead users to a website. It’s unknown when Apple will release iOS 14.5, with the company only committing to an “early spring” release. 

(Mac Rumors)