Cyber Security Headlines – June 29, 2021

Windows 11 CPU confusion continues

Last week, Microsoft said CPUs with Trusted Platform Module 1.2 would be supported except on new OEM builds where it would need TPM 2.0. However in a blog post yesterday, the company added more uncertainty. The post doesn’t talk about TPM 1.2. It says, “we are confident that devices running on Intel 8th generation processors and AMD Zen 2 as well as Qualcomm 7 and 8 Series will meet our principles around security and reliability ”  And Microsoft also says “we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles.” 

The PC Health check tool  that had initially caused this confusion has been temporarily pulled. Microsoft “will get it back online in preparation for general availability this fall.” 

(Microsoft)

EA ignored domain vulnerabilities for months

Security researchers from Cyberpion approached the game publisher Electronic Arts in late 2020 after it found multiple domains that could be subject to takeovers as well as misconfigured and potentially unknown assets alongside domains with over 500 misconfigured DNS records. Cyberpion sent detailed documentation of the problems it found with a proof of concept exploit, but the researchers never heard back from EA after an initial acknowledgement. After being contacted for comment by ZDNet about the lack of action on the security issues, Cyberpion found 7 of the critical issues it named were fixed within 48 hours. These issues were not responsible for EA’s recent data breach from a threat actor abusing Slack privileges.

(ZDNet)

Ransomware often hiding in VMs

In 2020, security researchers discovered the Ragnar Locker ransomware operators hiding a payload inside a virtual machine on infected hosts as a way to get around security measures. The vector proved successful enough that various other ransomware gangs have followed suit, with Maze adopting it later in 2020 and now seen Conti and MountLocker ransomware strains. Hosting encryption software within a self-started VM means typical anti-virus software can’t detect it. Then when a VM is spun down, it removes a significant amount of forensic evidence. Security firms say the best way to combat this new vector is to use detection rules for the unauthorized installation of virtual machine software on their networks.

(The Record)

US States consider outlawing ransomware payments

Conventional security wisdom has consistently said not to pay ransomware demands. The FBI has also consistently tried to discourage the practice. Now in the wake of the Colonial Pipeline attack and subsequent ransom payment, New York, Pennsylvania, North Carolina, and Texas are all considering bills that would put legal barriers in the way of paying ransoms. New York is the only state considering barring private sector businesses from paying ransoms. The other three states, and a separate bill in New York, would bar paying a ransom with state and local taxpayer money or other public money. The hope is such bills would reduce the financial incentive of attackers targeting the public sector. 

(CSO Online)

Thanks to our episode sponsor,
Keyavi

7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions slash-sessions — to learn how self-protecting data equals peace of mind.

Binance banned from regulated activity in the UK

The UK’s Financial Conduct Authority (FCA) banned the cryptocurrency exchange Binance from conducting any regulated activity in the country. The FCA regulates some cryptoasset derivatives and securities, and crypto-related firms have had to register with the agency since January. Binace said the move would not impact services provided on Binance.com. This comes as the FCA issued a broader warning about the growth of crypto-related securities scams. 

(Reuters)

YouTube removes videos from Chinese human rights group

Reuter’s sources say video testimonials from a human rights group highlighting disappearances in China’s Xinjiang region have been removed from YouTube. The service blocked the channel of June 15th, citing a violation of its ‘cyberbullying and harassment’ policy. About 1000 videos have since been transferred over to the blockchain-based video service Odysee. The groups had published almost 11,000 videos on YouTube with over 120 million views since 2017. The channel was initially reinstated on June 18th after the organization filed an appeal, but was subsequently removed again with YouTube citing concerns content would promote violent criminal organizations. YouTube said this was a result of automated scanning, and that the group’s videos are still available but set to Private. 

(Reuters)

Seniors lost $1 billion to fraud in 2020

According to a new report from the US FBI’s Internet Crime Complaint Center, 28% of all fraud losses in the US came from victims 60 and older, with losses of roughly $1 billion in 2020. The age category saw fraud losses increase 42% on the year. The age category saw an average $9,175 loss from fraud, although almost 2000 individuals lost over $100,000. Romance scams, tech support fraud, and investment scams were the most common approaches for seniors. 

(Hot For Security)

There’s nothing heroic about super bad passwords

The security firm Specops published their list of the most common passwords found in breach databases that used names of Marvel and DC characters. Marvel characters accounted for about 68% of the passwords, with attackers finding the password Loki causing mischief 151,000 times. Thor was the second most popular, followed by a string of DC characters: Robin, Joker, Flash, Batman, and Superman. And much like the critical fate of the film, GreenLantern ranked at the bottom of the list.  

(SpecOps)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.