Cyber Security Headlines – December 7, 2021

Biden admin looks to accelerate cybersecurity hiring spree

There are currently roughly 600,000 vacant cybersecurity positions across the US government, and the Biden administration is looking at ways to quickly fill this gap. One of the issues is the slow process of bringing people into the Federal workforce. GuidePoint Security and others have suggested training military veterans leaving the service for these positions. Another approach has seen the government partner with nonprofits and companies like Microsoft to provide a cybersecurity curriculum at community colleges and historically black colleges and universities. 

(Axios)

Text message service helped governments track phones

The company Mitto AG was founded in 2013, providing automated text message services for businesses, for things like appointment reminders or security codes. The company worked with global telco operators to deliver messages and served major technology platforms. However a report from Bloomberg and the Bureau of Investigative Journalism found that the company’s co-founder and COO Ilja Gorelik also sold access to its network to surveillance-technology companies to help locate devices. These companies were in turn used by government agencies. This service wasn’t shared with the company’s technology partners and was limited to a small group inside the company. Mitto denies the report.  

(Bloomberg)

US goes on the offensive against ransomware

Traditionally, the US government has seen ransomware attacks as the purview of law enforcement. But attacks this year against critical infrastructure have seen the US government go on the offensive against these groups. According to General Paul M. Nakasone, the  head of U.S. Cyber Command and the director of the National Security Agency, said the goal of US efforts will be to “impose costs” on ransomware groups, although he did not name specific measures or what groups would be targeted. He also said Cyber Command is working to secure the next major US elections, and that any future conflicts with nation states would likely involve cybersecurity threats against US critical infrastructure. 

(NYTimes)

Twitter’s new image consent policy immediately gamed

Last week, Twitter updated its private information policy to ban sharing photos or videos of private individuals without consent.The company acknowledged it mistakenly suspended accounts under this policy, citing “coordinated and malicious reports” targeting anti-extremism researchers and journalists. Twitter characterized its support staff as being overwhelmed by the number of bad-faith takedown requests of media. A Twitter spokesperson said “a dozen erroneous suspensions” occurred and that the company launched an internal newview to ensure the rule is “used as intended.” It’s unclear if all erroneous suspensions have been lifted at this time. 

(WaPo)

Thanks to our episode sponsor, Tines

Tines was founded by experienced security practitioners who cared about their teams. When they couldn’t find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines –  everything from phishing response to employee onboarding. To learn more, visit tines.com.

Verizon launches customer data collection program

Verizon sent out emails notifying customers of a new “Verizon Custom Experience” which helps personalize “relevant product and service recommendations” by collecting personal information on device. Verizon advises users “must opt in to participate” but reporters at The Verge and Input found they were already opted into the program in the My Verizon app. The program has two options, Custom Experience, which collects browser and app activity, and Custom Experience Plus, which also collects device location and phone numbers called. Opting-out of the program is located deep within the My Verizon app settings. Verizon says it does not sell this information to advertizers, and users can delete information collected in the app.

(The Verge)

US traces ransomware back to Russia

US investigators have traced money paid to ransomware organizations back to the Federation Tower East skyscraper in Moscow. The US is now targeting several companies operating out of the tower to penalize the organizations benefiting from this apparent money laundering. Researchers at Recorded Future have found about 50 cryptocurrency exchanges operating in the country with ties to illicit activity. Tying an exchange back to a specific location makes the deniability of Russian law enforcement much less credible, since the investigators are able to point to specific actors tied directly to payments by victims. 

(NYTimes)

Clearview AI set to get patent for facial recognition system

The US Patent and Trademark Office sent Clearview AI a “notice of allowance” for its patent on “methods of providing information about a person based on facial recognition,” including its “automated web crawler” which scans the internet for photos of faces and matches them in a database. This notice means the patent will be approved once Clearview pays administrative fees. This patent doesn’t do anything to resolve Clearview’s ongoing legal concerns. The company has been hit with cease and desist letters from the major social media platforms for scraping image data, and is facing legal challenges in Australia, the EU, and Canada. But at least their IP will be protected. 

(The Verge)

Catching up with Nobelium

Nobelium hit the headlines for its sophisticated supply chain attack against SolarWinds. While the company worked with Microsoft and others to eventually expel their presence, the group is still operating. The security researchers at Mandiant published research about what the group has been up to, finding the group continues to find ways to efficiently target large groups of organizations. This ranges from compromising networks of cloud solution providers and managed service providers, targeting enterprise spam filters to effectively reach more email addresses, and extracting virtual machines to determine internal routing configurations of networks. The report notes that the challenge with Nobelium is that they seem to add to their exploit toolkit with each new attack, with a uniqueness and speed that makes it challenging to stop.

(Ars Technica)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.