Cyber Security Headlines – July 8, 2021

Russian APT targets Republican National Committee

Bloomberg’s sources say the threat actors were part of APT 29 or Cozy Bear, previously tied to the SolarWinds supply chain attack and the Democratic National Committee breach in 2016. In response to the report, RNC spokesperson Mike Reed said, “there is no indication the RNC was hacked or any RNC information was stolen.”  Reed went on to say an attack was detected, but administrators acted to block all access to its cloud environment, and further worked with Microsoft to review their systems. 

(Bloomberg)

White House urges mayors to review cyber security posture

At a virtual meeting with the bipartisan US Conference of Mayors, Deputy National Security Advisor Anne Neuberger urged US mayors to meet with state agencies’ chiefs to properly evaluate their cyber security posture. The Biden administration also reiterated they would provide additional resources for mayors to shore up cyber defenses, with the FBI and the Cybersecurity and Infrastructure Security Agency tasked to provide assistance. This comes as local and state governments are increasingly targets of ransomware, with the FBI issuing a public service announcement about the growing threat last year. 

(Bleeping Computer)

Incomplete PrintNightmare emergency patch released

Microsoft issued an emergency patch to fix a critical vulnerability dubbed PrintNightmare in the Windows Print Spooler service, that could allow for remote code execution with system level access. The patch is available for Windows Server, Windows 10, Windows 8 and Windows 7. After it was released, security researchers Matthew Hickey and Will Dormann found that while the patch is effective at preventing the remote code execution flaw, attackers could still use the local privilege escalation component to gain system privileges on vulnerable systems for older Windows versions. Further analysis by other researchers found that the entire patch could be mitigated if the Point and Print policy was enabled.

(Bleeping Computer)

More information on the Kaseya hack comes out

According to the company’s CEO Fred Voccola, between 800 and 1,500 businesses have been impacted by the supply chain attack against the company, although he acknowledged getting a more exact figure is difficult since the customers of its customers were the ones most impacted. He also had no comment on whether the company was negotiating with the ransomware operators. Voccola said in talks with the White House, the company didn’t see any “national risk” posed by the attack. The overall impact of the attack has been felt globally, with Coop supermarkets in Sweden forced to close, as well as over a dozen schools in New Zealand knocked offline. 

(Reuters)

Thanks to our episode sponsor, Viakoo

IT vulnerability remediation solutions don’t work for IoT. Viakoo’s award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com.

90,000 GETTR account details scraped

We previously reported that the social media platform GETTR was hacked on its launch, with major verified accounts defaced. Now a hacking forum has published email addresses, usernames, status, and location scraped from the site through use of its API. It’s unclear if the number of leaked users were all of GETTR’s members at the time or a subset. The API was already reported as having suspect security, with researchers noting it could already be used to see a user’s list of muted and blocked accounts.

(Vice)

Tencent uses facial recognition on Chinese gamers

Tencent introduced a facial recognition system called “Midnight Patrol,” designed to help keep the company in compliance with a 2019 law that requires limiting the time minors are allowed to play video games. The law also required all users, regardless of age, to register for games with real names and identities. The system scans a gamer’s face upon opening a game, running it through a list of registered names and faces. Tencent is rolling it out to 60 of its games including Glory of the King and Peace Elite, although its very popular League of Legends is not currently set to use the system.

(Digital Trends)

Mozilla study looks at YouTube algorithm

Mozilla published research on YouTube using crowdsourced data from its RegretsReporter browser extension, which lets users self-report on videos they regret watching. Mozilla found between July 2020 and May 2021, 71% of regret reports were videos recommended by YouTube, with recommended videos 40% more likely to be reported than ones from search. In light of the findings, Mozilla called on “common sense transparency laws, better oversight, and consumer pressure” to fix YouTube’s algorithm.

(TechCrunch)

Japanese government backs down from proposed fax machine ban

While the fax machine is largely seen as a relic of the 90s in the US, the technology has long proved popular in Japan. A cabinet body in charge of promoting reform initially called for abolishing the use of fax machines by government agencies by the end of June 2021, proposing for a switch to email as a replacement.  The Hokkaido Shimbun newspaper reported that hundreds of government offices protested the move, citing concerns over the security of sensitive information like court procedures and police work typically sent over fax. The government has since abandoned the effort, with an official saying that while some faxes have been replaced, “I can’t say with pride that we managed to get rid of most of them.”

(The Guardian)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.