Cyber Security Headlines – December 23, 2021

Five Eyes issues Log4Shell advisory

The United States, United Kingdom, Australia, Canada, and New Zealand issued a joint advisory on the emerging threat of the Log4j vulnerabilities. This comes as the vulnerabilities have been used for remote code execution, with nation-state and ransomware organizations already exploiting it. In the advisory CISA director Jen Easterly reiterated this was “the most severe” vulnerability she’s seen in her career. The advisory builds on previous guidance from CISA, with more of a focus on securing traditional IT and cloud vendor-based networks as well as operational and industrial control systems.

(The Record)

NSO Group deal with Uganda spurred backlash

Ars Technica reports that a 2019 deal by NSO Group to sell its Pegasus spyware to the Ugandan government started a chain of events that saw the company run afoul of the US. Two years after the deal took place, someone used Pegasus to hack phones of 11 American diplomats and embassy employees. NSO has always told customers that US phone numbers were off limits, but Ars notes the diplomats used Ugandan numbers with Apple logins tied to State Department emails. While US and Israeli officials declined to confirm the hacked phones led to NSO being placed on the Commerce Department’s entity list, an anonymous US official said being placed on the list was “not by chance.”

(Ars Technica)

Microsoft PhotoDNA inverted to reveal images

Microsoft’s PhotoDNA creates “unique digital signature” hashes of images that can be matched against a database to identify images like CSAM. The company claims it is not reversible, meaning the underlying images cannot be extracted from the hashes. MIT Computer Science grad student Anish Athalye demonstrated a machine learning tool called Ribosome, which is able to create low-resolution images from PhotoDNA hashes. This is a lossy function, but demonstrates that the hashes leak significant information about the original output. 

(Anish Athalye)

China nixes data sharing deal with Alibaba over Log4j

China’s Ministry of Industry and Information Technology suspended an information-sharing partnership with Alibaba Cloud after the company did not immediately report on the recently discovered Log4j vulnerabilities. The suspended program involved sharing data on cybersecurity threats, and will be reviewed in six-months to check on Alibaba’s internal reforms. While Alibaba discovered the Log4j vulnerability, it notified the Apache Software Foundation, but not government regulators directly. This comes as Chinese regulators have ordered state-owned companies to migrate data from private cloud operators like Alibaba to state-backed cloud systems in 2022. 

(Reuters)

Thanks to our episode sponsor, Lookout

Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we’re at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions.

Americans distrust tech platforms

According to a new Washington Post-Schar School poll, a majority of respondents distrusted how Facebook, TikTok, Instagram, WhatsApp, and YouTube handled their personal data. The only platform with a majority of respondents saying they trusted to handle personal data was Amazon. 72% of respondents said their personal tech devices often listens to them in ways they don’t agree with. 64% said that the government should do more to regulate how Internet platforms handle privacy issues, up from 38% in a similar 2012 survey. 

(WaPo)

New ransomware group takes the top spot in November

According to NCC Group’s November insights on ransomware, his dubious distinction goes to the ransomware group PYSA, otherwise known as Mespinoza, which saw a 50% rise in the number of targeted organizations, including a 400% increase in the government-sector. Conti had previously been the most active ransomware group, but saw activity down about 10%. This could well change in December, as researchers saw the group come up with a full weaponized attack chain against Log4Shell.  

(Threatpost)

Scammer hacks NFT site before launch

Twitch co-founder Justin Kan’s new NFT platform Fractal suffered a security breach. A scammer hacked the announcement bot for Fractal’s Discord, using it to send out a fraudulent link to its 100,000 users. This message pointed users to over 3,000 commemorative NFTs for the site’s launch, taking them to a minting site where they received nothing in return for Solana cryptocurrency. 373 users appear to have lost the equivalent of $150,000 in the scheme. Fractal said it will compensate the impacted users over the next few days.  

(TechCrunch)

Omicron already messing with events in 2022

COVID-19 basically canceled all in-person events in 2020, and the Omicron variant looks like it’ll have an impact on 2022 as well. The organizers of the RSA Conference announced they are moving the event from February to June 6-9 due to a spike in COVID-19 cases. While the Consumer Electronics Show is still on schedule to take place next month, Amazon, Meta, Pinterest, and Twitter canceled plans to attend due to the surge in COVID-19 cases globally. AMD and T-Mobile announced they will limit in-person presence at the show. Samsung, Sony, and Alphabet still plan to attend but said they are monitoring the situation. 

(The Record)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.