Cyber Security Headlines – January 13, 2022

EU planning supply chain attack simulations

Bloomberg’s sources say the EU will launch a large-scale simulation of cyberattacks against multiple member states this week. The simulation will go on for six-weeks and include some knock-on socio-economic impacts in other states, as well as look at how participants handle public communication and diplomatic responses. Documents for the simulation say that the EU doesn’t currently have a framework for coordinating a joint response to a major attack on its supply chain. The simulation will escalate to something that would qualify as armed aggression under the United Nations Charter, and will be modeled on recent attacks or likely near future scenarios. 

(Bloomberg)

TellYouThePass ransomware returns

A new report from Crowdstrike details the return of the ransomware, which emerged last month as part of attack exploiting Log4Shell. The ransomware is now Golang-compiled. This has had two impacts, the smaller dependency library means there is less communication with C2 servers, reducing detection rates. It also features 85% code similarity between Linux and Windows samples, meaning it took very little adjustment to give it cross-platform support. It also uses a new encryption scheme, with no free decryptor currently available. No macOS samples have been spotted, but could be possible thanks to the versatility of Golang. 

(Bleeping Computer)

A look at Senate confirmations for cyber positions

The US Senate voted 60-31 to approve President Biden’s nomination of Alan Davidson to head the National Telecommunications and Information Administration this week. NTIA will manage distribution of the $48 billion of infrastructure spending on broadband deployment, so it’s a big deal. However other agencies with major cyber oversight are in limbo over personnel, with nominated commissioners for the FTC and FCC both awaiting votes. Currently both bodies are largely stuck in partisan splits, putting major privacy and information security efforts on hold.

(The Record)

Magniber ransomware found using signed certificates

Researchers at the Korea cybersecurity company AhnLab published a report, showing the ransomware group is using Windows application package files signed with valid certificates. These are used to insert malware that appears as a Chrome or Edge browser update. Victims must first visit a malicious website, where they received an alert to update their browser manually and provided the signed malicious file. Installing this immediately begins the encryption process, so its not believed to be part of a double extortion scheme. It’s unclear how Magniber is getting people to these malicious URLs, but phishing seems the most likely vector. 

(Bleeping Computer)

Thanks to our episode sponsor, BlackBerry

With ransomware attacks like REvil, DarkSide, Conti, and recently Log4Shell, how confident are you in your cyber solution to prevent threats today and into the future? With BlackBerry’s Prevention-First endpoint security, we prevent breaches vs responding to and mitigating future attacks. With our Cylance Artificial Intelligence(AI), threats are detected and prevented pre-execution. Traditional AV vendors can’t do this.Get Prevention-First protection to keep your data and organization safe. Learn more at BlackBerry.com.

Bug alerts as a phone service

Cyber security professionals are often forced to follow Twitter accounts to stay on top of cybersecurity developments in a timely fashion, but finding the signal in the noise can often be time consuming or at least tedious. Product manager Matt Sullivan is trying to get around that with Bugalert, a crowdsourced site that will phone you when there is a relevant vulnerability discovered. Bugalert uses a geographically dispersed group of vetted volunteers who review incoming bug reports on Twitter and other sources, and send push alerts to registered users. There’s even a telephone option that will play a text-to-speech version of a vuln alert. Most of the services current users opt for SMS alerts. Sullivan argues the service is needed as relying on CVE number assignations is too slow. 

(The Register)

FTC antitrust suit against Meta cleared to proceed

US District Judge James Boasberg ruled that the Federal Trade Commission proceed with its antitrust lawsuit against Meta, after the company filed a motion to dismiss it. The FTC’s initial case was found lacking in evidence, but the judge invited the agency to refile it, saying the “core theory” of the lawsuit is unchanged, just backed with more robust evidence this time around. In the ruling, the judge cleared the FTC to proceed with its claims that Meta’s strategy with competition was to “buy and bury” them, but did not invite the agency to refile its claims of Meta stifling competition by restricting access to its APIs. The company then called Facebook dropped those API policies in 2018 and did not enforce them since 2013. 

(Ars Technica)

Dorsey proposes bitcoin legal defense fund

The Block, Inc. CEO proposed creating the fund for developers of the cryptocurrency on the bitcoin-dev mailing list. The post was cosigned by Chaircode Labs co-founder Alex Morcos and Martin White. Dorsey said the fund was needed to provide legal support for the community, currently facing “multi-front litigation” and “threats.” The fund is currently not looking to raise outside capital, and is free and voluntary for developers. The Fund’s first activity will be defending a lawsuit targeting bitcoin developers related back to the theft of cryptocurrency from the Mt Gox hack. 

(CoinDesk)

Mozilla expands Total Cookie Protection

The browser maker added its Total Cookie Protection feature to its lightweight Firefox Focus mobile browser on Android. This feature came to the desktop Firefox browser in February 2021. Total Cookie Protection is designed to prevent cross-site tracking by separating cookies in separate logical “jars,” keeping browser data away from different sites. This is part of Mozilla’s concerted efforts to add tracking protections, automatically blocking cookies from known trackers and auto-blocking browser fingerprinting scripts back in 2020. 

(Bleeping Computer)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.