Cyber Security Headlines – January 11, 2022

Open source developer poisons his own well

The developer of the NPM libraries “colors” and “faker”, Marak Squires, intentionally introduced an infinite loop that caused the libraries to generate garbage text, effectively breaking apps using them. Colors and faker are used by 19,000 and 2500 projects on GitHub, respectively. Squires previously said he would no longer support large companies using his “free work” on the libraries. GitHub suspended his account and reverted to previous versions of the libraries. Many users initially thought the libraries had been compromised, before the developer posted a mocking “bug report” about the issues.

(Bleeping Computer)

Hacker group self-pwns

Sometimes, even threat actors have a bad day at the office. The Indian threat group Patchwork has been active since 2015, known for deploying remote access Trojans to exfiltrate data and other malicious activities, including recently hitting individual faculty members from biomedical research institutions. However researchers at Malewarebytes discover that the group infected itself with its own Trojan, “resulting in captured keystrokes and screenshots of their own computer and virtual machines.” The researchers were able to see how specifically the team’s malware worked, as well as targets within the Pakistani government, even what version of Java they were running when the malware was compiled. 

(ZDNet)

Microsoft finds TCC bypass vulnerability in macOS

The Microsoft 365 Defender Research Team detailed a vulnerability called powerdir, which could bypass sensitive data protection Apple set up in macOS under its Transparency, Consent, and Control stack. This uses a specially crafted TCC database that would allow the attackers to accessed protected data, including storing the consent history of app requests. This coud open the door to accessing microphone and video feeds. Microsoft disclosed the vulnerability to Apple on July 15, 2021, with Apple releasing a patch on December 13th. Apple’s documentation said this was a logic issue, which was resolved with improved state management. 

(Bleeping Computer)

Crypto miners are evidently just an antivirus thing now

Yesterday we covered some of the fallout from Norton’s integration of a crypto miner into its antivirus suite. But The Register points out that the German antivirus solution Avira also offers an opt-in Avira Crypto “feature” which mines Ethereum when activated. NortonLifeLock acquired Avira in early 2021, so it’s not too surprising to see corporate crypto synergy. Interestingly, NortonLifeLock also recently acquired the antivirus company Avast, which started labeling all cryptomining products as malware in its scanner back in 2018. 

(The Register)

Thanks to our episode sponsor, BlackBerry

CISO’s…Listen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We’re here to help. BlackBerry® Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24×7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com

Half of SMEs hit with breaches

According to a survey by the insurance firm Markel Direct, 51% of SME’s and self-employed individuals in the UK experienced a cybersecurity breach. Of these 24% were a result of malware, 16% from data breaches and 15% from phishing. 88% of respondents said they had at least one form of cybersecurity solution in place, with 70% reporting feeling confident about their security arrangements. 11% of respondents said that they did not intend to increase spend on cybersecurity measures, seeing them as an “unnecessary cost.” 68% of respondents found that the cost of mitigating the breaches exceeded £5000. 

(InfoSecurity Magazine)

Europol must review and delete up to 4PB of data

The European Data Protection Supervisor ordered Europol to delete personal data obtained by national police authorities in criminal investigations that’s been held for more than six months. According to documents seen by The Guardian, Europol currently stores 4 petabytes of personal data, gathered over the past six years. The regulator gave Europol one year to determine what data can still be lawfully kept. A 2019 report found Europol did not have checks in place to see if datasets shared by police verified if people listed should have data retained. Some EU residents attempted to contact Europol to obtain and delete old data, but were told there was no data  they were “entitled to have access to” stored by the law enforcement agency. 

(The Guardian)

Panasonic shares more details from recent breach

Panasonic confirmed that threat actors breached its systems back on November 26th. At the time it was unable to say if any sensitive information was accessed, but said it did go on for a while, from June 22nd through November 3rd. However late last week the company confirmed that personal data on some job applicants and interns were accessed during the incident. Panasonic said it’s in the process of contacting those impacted, which may be particularly galling for those that didn’t even get the job. 

(TechCrunch)

Chip shortage claims another victim

The ongoing semiconductor shortage has had a number of knock-on effects, with everything from cars to consumer electronics in short supply as a result. Now another enterprise staple is being disrupted, the toner cartridge. HP, Canon, Lexmark and other printer makers have long required chip-enabled cartridges, which can “enhance the quality and performance” for the “best customer experience” and also coincidentally maintain a recurring revenue stream for the first-party provider. However due to the chip shortage, Canon’s German support site now says the company will supply toner cartridges without chips that report low toner levels. To get around error messages when inserting the chipless toner, user can just click through the message and print normally, with “no negative impact on print quality.” This seems limited to imageRUNNER large-office printers for now.

(Ars Technica)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.