Cyber Security Headlines – August 25, 2020

Application Guard for Office is now in public preview

Microsoft released Application Guard for Office in public preview. This automatically opens files from untrusted sources in a secure container that is isolated from the device through hardware-based virtualization, and automatically blocks maliciously crafted files from exploiting vulnerabilities. Users are still able to read, edit, print, and save suspicious files while keeping them isolated. The feature works with Word, Excel, and PowerPoint and is off by default for Microsoft 365 subscribers. Application Guard for Office was originally launched in limited preview in November. 

(Bleeping Computer)

The WeChat executive order also faces a lawsuit

A group of WeChat users calling themselves the WeChat Users Alliance filed a lawsuit in the U.S. District Court in San Francisco challenging the US executive order that would bar transactions with WeChat. The lawsuit claims the order is unconstitutional, and violates rights to free speech, due process and equal protection under law. Bloomberg reported Friday that The US was reassuring businesses that the WeChat order would only affect its use and downloads in the US.

(The Wall Street Journal)

It’s like GitHub, but for China

China’s Ministry of Industry and Information Technology announced it picked the hosting service Gitee to construct an “independent, open-source code hosting platform for China.” This project will be managed by a consortium led by Open Source China with support from Chinese research universities and 10 private companies, including Huawei. Gitee claims to have hosted more than 10 million open-source repositories and served 5 million developers to date. 


Researchers find an ad platform stealing clicks on iOS

A rew report from security researchers at Snyk claims that the SDK for the advertising platform Mintegral hijacks the referral process when a user clicks on an add from another network in an iOS app, making it appear that the user was actually clicking on a Mintegral ad. In an emailed response, Apple says after speaking to the researchers about their findings, it did not see any evidence that the SDK was harming users. The researchers also found that the SDK logs users information including URLs visited, headers of URL requests that could include authentication tokens, and the device’s Identifier for Advertisers.  Mintegral claims its SDK is used by 1,200 apps that are downloaded a combined 300 million times a month.


Thanks to our sponsor Trend Micro

Automate security and compliance checks with Trend Micro’s Cloud One Conformity. Run reports on an endless combination of filters to exhaustively audit your entire multi-cloud infrastructure. Through hundreds of automated checks against industry compliance standards and cloud security best practice rules, you can continuously improve your security and compliance posture. Leverage detailed resolution steps to quickly rectify security vulnerabilities and reliability risks.

Smartphones found with factory installed malware

According to a report from Buzzfeed News and the mobile security company Secure-D the Chinese phone manufacturer Transsion embedded malware on its mobile devices sold in Africa. The report found that the company’s Tecno W2 smartphone came loaded with the xHelper and Triada malware which downloaded apps in the background and attempted to subscribe users to paid services, with the malware persisting through factory resets. According to Secure-D, Transsion phones accounted for 4% of user it saw in Africa, but represented 18% of suspicious clicks. Transsion blamed the malware on an unnamed vendor in its supply chain, and issued downloadable patches for both vulnerabilities by late 2019. According to the Africa Cybersecurity and Digital Rights Organization,Chinese phones with preinstalled malware have become a major threat on the continent.

(BuzzFeed News)

Mesh network messaging app riddled with security issues

The messaging app Bridgefy uses mesh networking and bluetooth to allow users to send messages without an internet connection, gaining popularity with the rise of mass protests in 2020, backed by claims of end-to-end encryption. However security researchers at Royal Holloway, University of London reverse engineered the app and found that it doesn’t offer cryptographic authentication, allowing any user to impersonate another if they’ve come into contact with that user at least once. The messaging app also uses an outdated encoding and formatting method, which is vulnerable to attacks to derive contents of the messages. The researchers also found that because sender and receiver IDs are sent in plain text, third parties can create social graphs showing who is communicating in a given mesh network. Combined with the Bridgefy API which lets users find friends on the app by phone number, this means organizations with large phone lists could determine real identities of users on the app. The researchers notified Bridgefy in April and the company has issued a statement saying it is overhauling the app to use the Signal protocol. 

(Ars Technica)

Palo Alto Networks intends to buy The Crypsis Group

Palo Alto Networks announced its intention to acquire the incident response company The Crypsis Group. Palo Alto plans to pay $265 million in cash in the deal, expected to close in its fiscal Q1. The company plans to integrate Crypsis’ tech stack into Cortex XDR to improve security telemetry collection, manage breaches and initiate rapid response actions. On Friday Palo Alto also closed on its $420 million acquisition of the SD-WAN company CloudGenix. 


CISA publishes its 5G security strategy

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published the National Strategy to Secure 5G as part of the United States National Cyber Strategy. The strategy includes five strategic initiatives: Support 5G policy and standards development by emphasizing security and resilience, expand situational awareness of 5G supply chain risks and promote security measures, partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments, encourage innovation in the 5G marketplace to foster trusted 5G vendors, and analyze potential 5G use cases and share information on risk management strategies. The strategy includes  objectives that define specific actions and responsibilities for each strategic initiative needed to ensure national 5G security.(Dark Reading)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.