Cyber Security Headlines: Cyberattack hits Albania, Speculative execution not patched, DARPA studies open-source

Albania hit with cyberattack

Albania’s National Agency of Information Society said it was forced to temporarily close access to online public services and government website due to a “ “synchronized and sophisticated cybercriminal attack from outside” the country. No official word where the attack may have originated. This comes after the country shifted most public sector services to online portals earlier this year. The government started working with Microsoft, the consulting firm Jones International Group, and local security companies to prevent the attack from “damaging or compromising Albanian information systems.” 

(The Record)

Vendors not patching for speculative execution

The firmware security company Binarly issued a report finding that many enterprise vendors are not patching with mitigations for a variety of speculative execution attacks. We recently reported on one such attack called Retbleed, which found a way to get around existing Return Tramoline, or repoline mitigations. But Binarly found that 339 firmwares from HP, Dell, and Lenovo didn’t even use the repoline mitigations in the first place, calling it a “failure in the firmware supply chain.” The report also said that in cases where firmware was updated to add mitigation, it found implementation mistakes that spawned subsequent security issues. 

(The Hacker News)

DARPA looks into open-source

We’ve covered a lot of software supply chain stories on the show, and it turns out DARPA took note too. The research agency launched the “SocialCyber” program, an 18-month long project designed to map-, understand, and protect open-source code and communities. This will combine automated tools for code analysis and social interactions of open-source development. This includes things like sentiment analysis to see what times of participants and events prove disruptive to open-source projects. DARPA contracted multiple teams of cybersecurity researchers who will look at code contributions to critical open-source projects, like the Linux kernel or Python, as well as identify areas of underinvestment, where important parts of the open-source ecosystem are run entirely by handfuls of volunteers. 

(Technology Review)

Alibaba hosting exposed databases

The Wall Street Journal’s sources say Shanghai officials called on Alibaba executives to answer questions from after a trove of Chinese citizen data appeared for sale on a dark web market. Cybersecurity companies speaking to the Wall Street Journal found that the exposed police database discovered earlier this month had been running using outdated technology that lacked a plugin needed to password protect it and used a security certificate that expired in 2018. The companies also found 13 other Alibaba-hosted databases using similarly outdated tech that had been left online for roughly a year. One exposed database had over 60TB of data, while another had 92TB. After the leak of the police database became public, Alibaba took theses databases offline. 

(WSJ)

Thanks to today’s episode sponsor, 6clicks

6clicks pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/lp-enterprise-hub-spoke.

TikTok CSO steps down

The platforms Chief Security Officer Roland Cloutier announced he will leave the role, transitioning to a strategic advisor. We’ve covered recent changes at TikTok to work with Oracle to process US user data, but Cloutier was not in charge of TikTok’s department managing that transition. The company said the move wasn’t related to renewed security concerns about the platform, stemming from a recent BuzzFeed News piece. Tiktok’s global head of security risk, vendor and client assurance Kim Albarella will serve as interim CSO.

(WSJ)

Spyware used on Thai activists

A new report from Citizen Lab found that at least 30 individuals in Thailand had NSO Group’s Pegasus spyware installed on devices, spanning activists, academics, and NGO workers, from October 2020 to November 2021. In many cases, the spyware deployed before protests or other political activity. Apple sent many of those impacted a threat notification in November 2021, who subsequently reported the intrusion to the local human rights group iLaw. Citizen Lab reports this marks part of a broader shift in Thailand, with the government more engaged in activist monitoring efforts since the 2014 coup in the country. NSO maintains its clients use spyware to target serious crime. 

(The Hacker News)

Facebook starts encrypting links

If a site or service wants to track what links you click on, tracking parameters in a URL are the industry standard. These track users across pages and properties. However, we’ve seen browser makers starting to offer URL stripping as a privacy feature. Mozilla notably rolled it out in Firefox version 102. In response to this practice, Facebook began encrypting entire URLs into a single ciphertext blob. Since there are no tracking perimeters that can be specifically identified by the browser, there’s little that can be done to stop the practice, short of decrypting the URLs. 

(Schneier on Security)

CISA goes international

The Cybersecurity and Infrastructure Security Agency announced it plans to open its first international outpost in London later in July. CISA routinely worked with the UK’s National Cyber Security Centre on joint advisories, and has seen collaboration increase since Russia’s invasion of Ukraine. This also comes days after the White House announced CISA and the FBI signed cybersecurity collaboration agreements with Saudi Arabia’s National Cybersecurity Authority. 

(The Record)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.