Cyber Security Headlines – December 16, 2021

Log4J vulnerability used by APTs

Microsoft and the security firm Mandiant report they observed groups with ties to China, Iran, Turkey, and North Korea launching attacks with the exploit. This includes the China-backed group that was responsible for widespread attacks on Exchange servers earlier this year. These appeared to be both tests of the vulnerability’s effectiveness, as well as actual attacks against targets. Checkpoint Research reported its seen almost 600,000 attempts to use the vulnerability since disclosure. In related news, CISA ordered all federal civilian agencies to patch Log4J bv December 24th.

(WSJ, The Record)

Attacks on web apps surge

According to research by the security firm Imperva, attacks on web apps in the UK increased 250% since October 2019, fueling the surge in data breaches seen during that time. The report found that remote code execution and remote file inclusion attacks have similarly grown 271% in the same period. The growth of attack doesn’t appear to be slowing down either, with web app attacks up 68% on the quarter in Q3. 

(InfoSecurity Magazine)

Meta expands bug bounty program to include scraping

This will see Meta pay security researchers who discover workarounds to its existing anti-scraping protections, even if the data is public. Meta will also pay out for researchers who find data from previous scaping attacks, although this will only be for unique datasets not previously reported. These datasets must include over 100,000 user records and include personal information. Meta will pay to a charity of the researcher’s choice for scraped data, to avoid researchers trying to get paid twice for scraping loopholes and data they might exfiltrate themselves. 

(The Record)

Mitto COO departs after surveillance allegations

We previously reported that the Swiss text forwarding company Mitto AG had come under fire for allegedly operating a secret surveillance service that was sold to government agencies. This had reportedly been operated by a small team within the company, led by co-founder and COO Ilja Gorelik. Now Mitto says that Gorelik is no longer with the company. It’s unclear if this is a permanent change or if he left on his own accord. He is still listed as a member of Mitto’s leadership team and Swiss records still list him as a board member. Mitto said it’s investigating the allegations, and denies having ever operated a “a separate business, division or entity” that provides surveillance services.

(Bloomberg)

Thanks to our episode sponsor, Tines

Tines is no-code automation for security teams, trusted by the world’s best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.

Apple removed mention of CSAM program

Apple removed mentions of its announced program to scan iCloud Photos for child sexual abuse materials from its Child Safety webpage. Apple announced it would indefinitely delay the feature back in September following concerns from privacy and security researchers. An Apple spokesperson confirmed that while it removed mention of the program, Apple’s plans for it have not changed since September, meaning it remains delayed but not canceled. 

(MacRumors)

Zoom joins online counterterrorism group

The video-conferencing stalwart joined the Global Internet Forum to Counter Terrorism, an indepdent group whose members share information to combat terrorism and violent extremism. The group was founded in 2017 by Meta, Microsoft, Twitter, and YouTube, growing now to 18 companies this year. Zoom will utilize the groups hash-sharing database to help identify content that has been removed from other services. 

(Reuters)

DJI faces more sanctions

The Financial Times’ sources say the US Treasury will add eight Chinese companies, including DJI, to its “Chinese military-industrial complex companies” list, blocking US citizens from investing in the companies.This stems from DJI’s alleged involvement  in surveillance of Uyghur Muslims in China. The surveillance system producer NetPosa and the cybersecurity firm Xiamen Meiya Pico are also expected to be added to the list. The US Commerce department already named DJI to its entity list, which bars US firms exporting to it without a license.

(Apple Insider)

Internet Association shuts down

The Washing trade group did not provide a specific reason for disbanding, although the group had been struggling with financial support since Microsoft pulled out of the group last year. The Internet Association formed nine years ago and served as a powerful lobbying force for its members, which included Google, Facebook, and Amazon. The group had been experiencing infighting over policy debates, with smaller tech company members wanting a very different line of lobbying on antitrust action versus the big tech members. 

(Politico)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.