Cyber Security Headlines – August 10, 2021

Ransomware demands surge in 2021

According to an analysis by the Unit 42 security consulting group, ransomware demands were up 518% on the year in the first half of 2021, while actual payments were up 82% over the same period. This means the average ransom payment has now hit $570,000, up from $312,000 last year. The growth of payments actually slowed compared to last year, when payments were up 171% over 2019. The researchers noted the rise of multitiered extortion schemes opened the door for higher payments. 

(Info Security Group)

Flaw found in IOT random number generators

Bishop Fox security researchers Dan Petro and Allan Cecil published an analysis of dedicated hardware random number generators or RNG peripherals on IOT boards, and found that many lack checks for error code responses. Failures for RNGs can occur when the device has run out of entropy from a physical processes or phenomenа. This lack of error code checks can result in predictable number generation or crypto keys containing plain zeros. The researchers said including a cryptographically secure pseudorandom number generator API on the devices, similar to those used in desktop systems, could solve the problem. IOT makers could also block calls for random numbers when a device has exhausted entropy. 

(The Hacker News)

Apple says nation states cannot add to CSAM scanning lists

Apple updated its FAQ, stating that its newly announced client-side scanning technology coming to iOS and MacOS is limited to child sexual abuse material stored in iCloud and “we will not accede to any government’s request to expand it.” The company said the images it uses to create hashes for scanning come from the National Center for Missing and Exploited Children (NCMEC) and other child safety organizations, with the same list maintained over all devices to prevent individual targeting.

(The Verge)

Google Cloud tool hopes to leave less unattended instances

Google Cloud moved the Unattended Project Reminder feature into public preview, which scans API, network and user activity to find cloud-computing projects no longer in use. This feature is part of Google Cloud’s Active Assist and can save organizations from paying for unneeded resources, but also address security issues of leaving network instances online. The feature looks at a variety of signals to determine if a project is unattended or intentionally has a low level of activity.

(ZDNet)

Thanks to our episode sponsor, Sotero

It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.

Now we need to worry about power LEDs

The mad scientists/security researchers at Ben-Gurion University’s Cyber@BGU team published details about a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs back into the audio signals that caused those fluctuations. These fluctuations are not perceptible to the human eye, but can be read by a photodiode coupled to a simple optical telescope, then run through a Analog/Digital Converter for direct playback. Because this is completely passive, it would not be picked up by any electronic countermeasure sweep. 

(Ars Technica)

Firefox usage in decline

According to Firefox’s Public Data Report, the browser had 198 million monthly active users in Q2 2021, down 46 million since January 2019. The web traffic analysis site StatCounter shows Firefox’s global market share down 1.2% to 3.45% over the same period. Firefox is notable as the only browser with significant market share that’s available across platforms and not based on Chromium. While Apple’s Safari browser is based on Webkit and has significantly higher market share, it is limited to macOS and iOS. 

(It’s FLOSS)

Gigabyte hit with ransomware

The OEM became the latest PC-brand to be hit with an attack, following recent attacks on Acer and Quanta. The group RansomEXX reportedly stole 112GB of sensitive internal data as well as some of the company’s code repository. Gigabyte said it reported the incident to law enforcement but declined to say if it paid the ransom. RansomEXX began in 2018 under the name Defray, before rebranding in 2020 as it focused on higher profile targets including the Brazilian government, Texas’ Department of Transportation, and Ecuador’s state-led telecom.

(Engadget)

Facebook revamps its data transfer tools

Facebook’s “Transfer Your Information” tool lets you export some data for use by other services, previously mainly limited to photos. But Facebook just updated it with the ability to export to different services simultaneously, and filter exports so it’s not all-or-nothing. In addition to photos, the tool now supports the Facebook Events data type to export event listings to Google Calendar. And Photobucket has been added to the list of places you can export your photos. Facebook already supports exporting images to Google Photos, Dropbox, Blogger, and WordPress. The UI also got a tweak in an effort to make it easier to use. 

(9to5Mac)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.