Cyber Security Headlines – December 21, 2021

Mobile network vulnerability goes back to 2G

A new paper from researchers at New York University Abu Dhabi discloses a security vulnerability in mobile network handover, impacting all mobile networking generations going back to 2G. Handover occurs when data is transferred from one cell site to another during transmission. While cell signals are cryptographically protected, content is not verified, meaning an attacker could force a device to move to a cell site operated by a malicious actor, opening the door to denial-of-service or man-in-the-middle attacks.

(The Hacker News)

UK agency shares password trove with Have I Been Pwned

The UK National Crime Agency shared a collection of over 585 million compromised password with the breach notification service. This is the second agency to work with Have I Been Pwned, after the US FBI announced a collaboration with it in May. Troy Hunt announced that of the disclosed passwords, 225 million were new and unique to its database. The NCA said it found the passwords, paired with emails, in an account at a UK cloud storage facility, although the agency was not able to attribute the credentials to any specific platform. 

(The Record)

Who watches the DarkWatchman? 

Researchers at Prevailion released a report detailing a new malware named “DarkWatchman,” which is a Remote Access Trojan in use by Russian-speaking actors targeting Russian organizations. The malware first showed up in early November, being sent through phishing emails with a ZIP file containing a disguised executable. Clicking through would deploy the RAT paired with a C# keylogger. The malware is extremely lightweight, using only 8.5KB of space, and using a scheduled task to launch the malware on login. The keylogger writes data in Windows Registry key that’s used as a buffer, which the trojan clears and transmits to a C2 server. DarkWatchman can load additional payloads remotely, so it could be used as a first-stage before a ransomware deployment.  

(Bleeping Computer)

Meta sues to disrupt phishing campaign

Meta filed a lawsuit against the relay service Ngrok to uncover the identities of a group operating a large-scale phishing campaign. Meta claims the group is operating over 39,000 websites designed to get people to enter login information for Facebook, Instagram and WhatsApp. The scammers are using Ngrok to redirect people to malicious sites. Meta began working with Ngrok in March to suspend thousands of URLs used in the campaign.

(Engadget)

Thanks to our episode sponsor, Lookout

Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we’re at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions.

Bluetooth connectivity bug persists in iOS 15.2

Complaints about Bluetooth connectivity issues on iOS 15.1 surfaced on Apple Support Communities, and it was hoped that the issue would have been resolved with 15.2. This doesn’t appear to be the case, with users reporting vehicles from a wide range of manufacturers dropping Bluetooth connections with minutes of connecting to a call. This appears limited to calls, not media playback, and impacting iPhone 12 and 13 models. 

(Phone Arena)

Joker malware discovered on popular Android app

The malware was discovered on the Color Message app, which had over 500,000 downloads on the Google Play Store. According to the security firm Pradeo, once installed, the app accesses contacts lists, sends them to a remote server, and subscribes the user to unwanted paid services. The app also has the ability to hide its icon once installed, and can simulate clicks on ads to generate revenue. The underlying Joker malware was initially discovered in 2017 and has been tied to billing fraud and intercepting personal information from devices, infamous for skirting Android’s built in protections and validations. 

(The Hacker News)

A look into Facebook moderation scale

According to documents obtained by Finland’s national public broadcasting company Yle, Meta employs eleven people in Berlin for Finnish-language moderation on Facebook. The documents also show Meta has not developed Finnish-language automated moderation for hate speech, violent content, or nudity. Automated moderation systems do look at content published in Finland in other languages, including English, Swedish, Russian and Arabic, which Meta estimates is about a fifth of Facebook content in the country. Globally Meta uses roughly 15,000 workers to moderate content across 70 languages.

(YLE)

Google Authenticator hits a milestone

The Google Authenticator provides second factor authentication on supported web services. The app recently surpassed 100 million installs on the Play Store. Android Police points out the app hit this milestone despite last being updated in May 2020, when it added a dark mode and the ability to export credentials to a new device. While Google has mostly switched focus to phone-based approach to 2FA rather than using app codes, the app remains popular.

(Android Police)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.