Cyber Security Headlines – December 9, 2021

Ransomware hits GitLab and Confluence

Over the past several days, a ransomware organization hit the servers of the two services, impacting hundreds of servers across Windows and Linux environments. The ransom note dropped into the README on impacted servers is identical to one use by Cerber, a now-defunct ransomware operation, active between 2016 and 2019. It’s believed the attackers used two known remote code execution bugs to get full control over unpatched systems. These vulnerabilities had been exploited by multiple malicious actors since September. The majority of impacted servers are located in China, Germany, and the US.

(The Record)

QNAP is having another bad day

The network-attached storage appliance maker issued a new advisory this week, warning that a cryptominer is targeting its devices. Once infected, the malware can use up to 50% of the device’s CPU, mimicking a kernel process. QNAP did not share the initial access vector or other information about the malware. Impacted users can remove it by restarting the devices. The company recommends updating to the latest OS, enforce strong passwords, and not directly connecting the NAS to the internet as mitigations. QNAP devices have been targeted by large scale malware campaigns four times since July 2020. 

(The Hacker News)

A look at health data leaks in 2021

According to data submitted to the Office for Civil Rights at the Department of Health and Human Services, over 40 million people in the US had personal health information exposed through data breaches this year. The total number of breaches impacting 500 or more people, which healthcare organizations are required to disclose, were down from 599 in 2020 to 578 in 2021. But the number of people impacted increased 53% on the year. The largest leak impacted 3.5 million people of the Florida Healthy Kids Corporation health plan. Much of this comes from under investment in cybersecurity by healthcare organizations, even as federal rules have required them to use electronic medical records.

(The Verge)

Twitter tests updated tweet reporting system

Twitter began testing a new system for users to report potentially policy-violating tweets. This system no longer asks which policy a user believes a tweet is violating, but instead will ask for general information on the tweet. The system will then suggest a rule it might be breaking, with the user able to accept or deny the suggestion. Twitter compared the new system to describing symptoms to a doctor versus self-diagnosing. Currently this is in testing with a small group o f users in the, but the company plans to expand testing in 2022. Twitter hopes by analyzing this data, it can see which tweets fall into gray areas in its policies.

(TechCrunch)

Thanks to our episode sponsor, Tines

Tines is no-code automation for security teams, trusted by the world’s best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.

UK announced 2G and 3G phase out plan

The government reached agreements with mobile-network operators Vodafone, EE, Virgin, O2 and Three to phase out the two legacy cellular networks by 2033. The actual date of shutdowns will likely be before that date, with EE already announcing plans to phase out 3G by 2023. EE estimates consumers will be able to receive 5G “anywhere” in the UK by 2028. 2G may actually hold out longer, with its slower speeds making it ideal for embedded technology like smart utility meters. 

(BBC)

Location service sells location data

According to a report by The Markup, Life360, a family safety service, is reportedly selling location data on 31 million families and kids to a dozen data brokers, some of which sold data to US government contractors. Other data brokers also sell location data to “virtually anyone who wants to buy it”. The report also notes Life360 is failing to protect data privacy, which allows data to potentially be linked back to the original people using the service. This comes as Life360 intends to acquire Tile, a company with an extensive network of location tracking beacons. The company’s CEO said it had no plans to sell data on Tile users.

(Gizmodo)

A look at dark web justice

The threat intelligence firm Analyst1 looked at how dark web markets and forums have created systems to mediate disputes between threat actors. These take place in forums, with accusers opening dedicated threads titled Arbitrage on the sites, submitting claims along with evidence. Forum admins generally serve as arbiters, looking at the merits of the claim and hearing counterclaims from defendants. If an accuser’s claim is upheld, defendants have to pay restitution or face a ban on the platform. This can often get personal, with a common tactic of de-anonymizing scammers as a form of punishment. Across Russian-language cybercrime forums, Analyst1 saw thousands of arbitration cases. 

(Analyst1)

Quantum cryptographic keys are here

Cambridge Quantum announced a platform that can generate cryptographic keys using a quantum computer. The service will be called “Quantum Origin” marketed to financial services and security organizations at first. The company describes the resulting keys as “particularly random,” making them more secure and less vulnerable. The is the first quantum-computing-powered security service to be offered commercially.

(TechRadar)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.