Cyber Security Headlines – August 28, 2020

You can teach a Qbot new tricks

The banking trojan Qbot was initially discovered in 2008, but a new report from Check Point Research finds that it has become a “swiss-army knife” of malware, continuously developed to expand its capabilities. The researchers found that a large Qbot campaign ran this year from March through June and saw updated versions delivered as part of the Emotet botnet throughout the summer. A new capability of the trojan uses a ‘email collector module’ to extract all email threads on an Outlook client to a remote server, which are then used to deliver malware through a zip file with a Visual Basic Script file enclosed, all looking like part of an existing email thread. 

(Bleeping Computer)

Researchers expose unsecure printers

The security team at CyberNews accessed 27,944 unsecured printers, forcing the devices to print a short 5-step guide on how to properly secure a printer. The researchers used IOT search engines to look for open devices that utilized common printer ports and protocols. After weeding out false positives, the researchers estimated they could successfully target approximately 500,000 devices, targeting 50,000 of them with a custom printing script. The researchers noted that many printers store jobs in memory, which could be accessed by malicious actors. In the guide, CyberNews recommended securing printing ports, using a Firewall, keeping printer firmware up to date, and changing the default password. 


The FBI releases details about ransomware scheme at Tesla

An unsealed complaint showed that the agency worked with Tesla to prevent a group of ransomware hackers from attacking Tesla’s Gigafactory in Neveda. According to the released FBI complaint, a Russian citizen traveled to the US in July and made contact with a Russian-speaking employee at the Gigafactory, offering to pay the employee $1 million to introduce malware to extract corporate data and affect Tesla’s operations. The complaint says this was part of group effort that would eventually ask Tesla for a ransom to not release the information. The Tesla employee immediately informed Tesla, who handed the information to the FBI, ultimately wearing a wire and sharing texts with the FBI to further the investigation. The Russian citizen was arrested on August 22nd.


New players enter the TikTok sweepstakes 

The Wrap reports that, according to sources, Oracle has now taken the lead position to acquire TikTok from ByteDance in a proposed deal worth at least $20 billion. The deal would see Oracle pay ByteDance $10 billion in both cash and stock, as well as provide 50% of TikTok’s annual profit for the next two years. This comes as Walmart announced that it was joining with Microsoft’s bid for TikTok’s operations in the U.S., Canada, Australia and New Zealand, and TikTok CEO Kevin Mayer announced his resignation after four months on the job. 

(The Wrap)

Thanks to our sponsor Trend Micro

Automate security and compliance checks with Trend Micro’s Cloud One Conformity. Run reports on an endless combination of filters to exhaustively audit your entire multi-cloud infrastructure. Through hundreds of automated checks against industry compliance standards and cloud security best practice rules, you can continuously improve your security and compliance posture. Leverage detailed resolution steps to quickly rectify security vulnerabilities and reliability risks.

ByteDance CSO talks security

Cyberscoop recently published an interview with ByteDance’s global chief security officer Roland Cloutier. He said that TikTok does not actively share any information with national governments, and that all specific requests go through the US Government. He also said the company files regular transparency reports, and that China has not sent any requests for user data. Cloutier also clarified that TikTok and Douyin, which operates in China, are run entirely separately, on separate servers.


Fastly acquires its way to new security offerings

The CDN provider Fastly announced it acquired the security monitoring and management company Signal Sciences in a deal worth $775 million. Fastly plans to use the acquisition to boost its ability to provide better security for applications, and APIs, ultimately to ensure that apps don’t go offline and can be downloaded quickly. 

Full disclosure: CISO/Security Vendor Relationship Podcast co-host, Mike Johnson, works for Fastly. 


Smarter Stand-In Processing brings AI to transaction approval

Visa announced it developed an AI system that can approve and decline credit and debit card transactions for banks whose own networks are down. The payment processor envisions this as a backup system for banks, and will start offering it as the Smarter Stand-In Processing service in October. Unlike earlier backup systems which used defined rules for accepting or declining transactions, the new service used a model to sift through billions of data points of cardholder activity to define correlations on its own. Tests show the system was 95% accurate in replicating a bank’s decision to approve a transaction, double the accuracy of older methods. 

(The Wall Street Journal)

Italy leads in GDPR fines

We reported earlier this week about the top GDPR fines issued in 2020. A new report from the financial analysts at Finbold found that Italian-owned businesses and organizations lead the EU in GDPR fines, accounting for €45.6 million out of a total of 68 million so far this year. The fines came as a result of 13 investigations. Spain currently leads the EU in total GDPR-related investigations with 76, but has only issued €1.9 million in fines as a result. 

(IT Pro)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.