HomePodcastCyber Security HeadlinesCyber Security Headlines – February 2, 2021

Cyber Security Headlines – February 2, 2021

Deloitte’s CDC vaccine system comes up short

The US vaccine distribution effort is being severely curtailed by inefficiencies in vaccine distribution and administration software, with the most prominent example being the Center for Disease Control’s new $44 million website called VAMS—the Vaccine Administration Management System. A report published in MIT Technology Review says VAMS has become a curse word in the healthcare sector, due to faulty design, browser incompatibility, randomly canceled appointments, unreliable registration, and problems that lock staff out of the dashboard they’re supposed to use to log records. VAMS was built by the consulting firm Deloitte, who obtained a no-bid contract that according to watchdogs is because government bidders must demonstrate a long history of federal contracts, which blocks smaller or newer companies that might be a better fit for the task. 

(MIT Technology Review)

Myanmar internet and telecom disruptions continue due to coup

Network data from the NetBlocks Internet Observatory indicate widespread internet disruptions in Myanmar amid reports of a military uprising and the detention of political leaders including Aung San Suu Kyi. Technical data show cuts affecting multiple network operators both state-owned and private, indicating a centrally ordered disruption targeting cellular fixed-line services. Findings are corroborated by users and journalists in the area. The military has declared a one-year state of emergency in the country. This remains a developing story. 


Sprite Spider emerges as one of the most destructive ransomware threat actors this year

CrowdStrike is offering details on an emerging major ransomware actor they call Sprite Spider, a gang that has grown rapidly in sophistication and damage capacity since 2015. They say it is now poised to become one of the biggest ransomware threat actors of 2021 and has a threat profile on par with what advanced persistent threat actors were five or ten years ago. The gang currently delivers a ransomware product named DEFRAY777, and can often escape detection because the code looks benign and can hide in open-source projects such as Notepad++. Sprite Spider ratcheted up its threat in July 2020 when it began targeting ESXi hosts, which are typically deployed by large organizations using VMware bare-metal hypervisor technology.

(CSO Online)

Apple now offers iCloud passwords extension for Chrome

The iCloud client for files, photos, and mail is Apple’s second largest offering after iTunes. Apple quietly published the extension to the Chrome Web Store on the evening of January 31 as part of its rollout of version 12.0 of iCloud for Windows. As of yesterday, February 1, however, users reports that Apple then withdrew version 12.0, although the Chrome extension still works for those who updated to 12.0 last week. Apple looks to have launched too early and doesn’t have all the components in place quite yet.


Thanks to our episode sponsor HID Global

Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa

New software supply‑chain attack targeted millions with spyware

Cybersecurity researchers at ESET yesterday disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. NoxPlayer allows users to play mobile games on PCs. Its manufacturer is Hong Kong based BigNox, and it is estimated to have over 150 million users in more than 150 countries. ESET believes the malware may indicate the intent of intelligence collection on targets involved in the gaming community, and said the operators behind the attack breached BigNox’s infrastructure to host the malware, with evidence alluding to the fact that its API infrastructure could have been compromised.

(The Hacker News)

Ford says ‘millions’ of its vehicles will run on Google’s Android starting in 2023

Google’s voice-activated Assistant, Google Maps, and other automotive-approved Android apps will be available in Ford’s cars without requiring the use of an Android smartphone. The deep integration of Android will allow drivers and passengers to use Google Assistant to change things like climate settings, and it will also enable over-the-air updates that can add new features or address some maintenance issues, according to Ford. Ford’s system will still be compatible with Apple CarPlay and Amazon’s Alexa as an option as well. Ford joins Volvo, General Motors, and the Renault-Nissan-Mitsubishi Alliance in striking a deal with Google to use its software to power its vehicle infotainment services.

(The Verge)

Emails wrongly blocked as spam after Cisco fails to renew domain name

The spamcop.net domain expired over the weekend, and when it did, it resolved to a domain parking service’s IP address, meaning that every subsequent spamcop.net lookup labelled all mail as spam and rejected it. As such, mail server administrators saw what looked like a deluge of spam. The domain has since been renewed, and spamcop will once again be fully functional as DNS servers take note and adjust accordingly. 

(The Register)

Hacked road sign talks back after driver complains to council

An electronic traffic information sign located between the towns of Burton and Swadlincote in central England was hacked recently to instruct Burton-bound drivers, “go back to Swadlincote, you idiots. we are supposed to be in lockdown!” A local Swadlincote resident, Karen Banks, expressed her displeasure over the sign on the Burton Life FaceBook group, demanding someone be fired over the incident. The outrage was apparently noticed, as the sign was changed later that day to read, “do you want to speak to a manager, Karen?” 

(Graham Cluley)


Most Popular