Malicious hackers target the Covid-19 vaccine ‘cold chain’

As the world waits for the COVID-19 vaccine, a very complex distribution process is underway that requires the vaccine to be kept at extremely cold temperatures. Security researchers at IBM have discovered that for months there’s been a campaign by malicious hackers using phishing emails to target those companies involved in this distribution cold chain. This is just an extension of what hackers previously identified in China, Russia, and North Korea have been doing for months during the development of the vaccine.

(Wired)

Hackers target US think tanks

A warning was issued yesterday by CISA and the FBI after observing APT actors performing “persistent continued cyber intrusions.” According to the warning, the malicious activity they detected was often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. Techniques have included sending spear-phishing emails and exploiting third-party message services directed at both corporate and personal accounts. CISA and FBI urged individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness and implement mitigation strategies.

(Infosecurity Magazine)

Massachusetts passes ban on police facial recognition

The state’s House and Senate passed the bill which is part of a larger police reform package, which is now waiting to be signed into law. The law restricts the use of facial recognition by law enforcement in the state. Under the new rules, police could only use facial recognition with a warrant or if there is evidence it would prevent serious injury or death. Several US cities like Portland Maine, Boston, Oakland, and San Francisco have banned the technology since last year. 

(Engadget)

Chris Krebs Responds to Threatening Comments By Trump’s Lawyer 

Joe diGenova, a lawyer for President Trump, said Chris Krebs, the former director of cybersecurity and infrastructure security agency, should be “taken out and shot”. Prior to his firing by President Trump, Krebs had announced that this year’s Presidential election was the most secure in America’s history. On the Today show, Krebs said that diGenova’s comment was “certainly more dangerous language, more dangerous behavior” and he was following the law of the land. He alluded to the fact that he may be pursuing legal action against this comment and other death threats he’s received.

(Today)

Thanks to our episode sponsor, SecureLayer7

Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:  SecureLayer7.net

Task force hopes to teach BGP good MANRS 

The Mutually Agreed Norms for Routing Security group, or MANRS, announced the formation of the task force in an effort to help CDNs and other cloud services adopt best practices to harden the Border Gateway Protocol. The group has formed similar task forces aimed at network operators in the past. With recent high profile BGP hijacking attacks and route leaks, the need for industry-wide best practices is growing. The task force will promote the adoption of Routing Public Key Infrastructure, which is a database of cryptographically signed and validated BGP routes. As a member of MANRS, Google will also use its Peering Portal site to flag services that don’t use best practices. Earlier this year, Google started proactively contacting peers about potentially invalid routing information. 

(Wired)

TrickBot’s new module aims to infect UEFI firmware

TrickBot malware developers have created a new module that probes for UEFI vulnerabilities, (Unified Extensible Firmware Interface) giving ultimate control over infected machines. This module allows for compromised machine persistence that resists operating system reinstalls or replacing of storage drives. Apart from using UEFI implants as leverage in negotiations to drive up the ransom price, the cybercriminals could maintain access to the machines even after the victim pays them to release systems from TrickBot control. Researchers discovered the module on October 19 and named it TrickBoot, a pun on its functionality and the name of the botnet malware that deploys it.

(BleepingComputer)

Hack can take over iPhones within WiFi range

Using a mere $100 of equipment, professional hacker Ian Beere, a member of Google’s hacking team Project Zero, demonstrated a way to remotely hijack iPhones, simply by pointing a homebrewed antenna at them. In a posted video, Beere hijacks 26 phones at once with a single broadcast. The hack sends out a wifi signal and can intercept the phones even if they’re not connected to the Internet. Apple fixed the bugs that Beer’s hack targeted in its May release of iOS 13.5. But, not every phone has been updated, which means there are still iPhones that could be susceptible to such an attack. 

(Futurism)

CISOMag’s Top Three Cyberthreats for 2021

CISO Mag has come out with its top three list of cyberthreats, based in part on the crises of the 2020 pandemic that affected business models globally. According to the magazine, the top threats are: 1. Weaponized Artificial intelligence /machine learning  for advanced cyberattacks, including enhancing of malware and disrupting anti-malware and facial recognition systems;  2. Evolving social media attacks including more election tampering, disinformation campaigns, and fake news; and 3. Illicit trading of human identities, specifically personally identifiable information. The magazine also adds that cybersecurity practices were enhanced in 2020, making this a continued horserace.

(CISOMag)