Cyber Security Headlines – March 3, 2021

Microsoft announces end-to-end encryption support for Teams, plus passwordless logins

Microsoft announced that it is adding end-to-end encryption support to Microsoft Teams later this year. At its Ignite Conference yesterday, it stated that a preview of end-to-end encryption in Teams will be available in the first half of this year for commercial customers. It will be available for 1:1 unscheduled Teams calls and is designed for more sensitive conversations. This is something that its main competitor, Slack, does not have. Microsoft also announced that it is making passwordless login a standard feature for Azure Active Directory, a cloud-based service customers can use to handle their employees’ login chores.

(The Verge and CNet)

U.S. unprepared for AI competition with China, commission finds

A comprehensive report released this week by the National Security Commission on Artificial Intelligence states that White House leadership and a substantial investment will be needed to ensure US superiority in artificial intelligence by 2025. Commission Chair and former Google chief executive Eric Schmidt said he believes China is catching the U.S. up on AI. Initiatives proposed by the commission include the creation of a Technology Competitiveness Council within the White House to be chaired by the vice president, a Steering Committee on Emerging Technology within the Defense Department to coordinate and advance implementation of technology, and the creation of an accredited, degree-granting digital services academy to help build a pipeline of civil service tech talent.


Tom Cruise deepfake videos rattle security experts

Three mysterious deepfake videos of Tom Cruise that have gone viral on TikTok are the handiwork of Chris Ume, a video visual effects specialist from Belgium. The videos have drawn attention from experts and nonexperts alike for being among the most convincing examples of the genre of fake videos yet produced. Deepfakes are created using artificial intelligence that use a technique that trains two neural networks in tandem to either create or identify facial imagery. While some technologists and security experts fear deepfakes will become a potent weapon for political disinformation, Chris Ume downplays such concerns. Consumers just need to become more skeptical of what they see, he argues.


Karmen ransomware makes it easy (and cheap) to launch attacks

A new ransomware do-it-yourself kit called Karmen is making it easy for wannabe cybercriminals to launch ransomware attacks. Packaged with a small loader and small in size, it can detect if it is operating in a sandbox environment and can automatically delete portions of its code to prevent security researchers from analyzing it. Karmen scrambles files with AES 256-bit encryption and operates with minimal connections to its command and control server. As a ransomware-as-a-service product, Karmen also automates many processes—including payment processing—so users can concentrate on distributing the ransomware. At $175, Karmen lowers the barrier to entry to the ransomware market. 

(Eric Venderburg – via LinkedIn Pulse)

Thanks to our episode sponsor, TrustMAPP

Are you a vCISO? Building your practice and client base is hard enough – don’t waste time building the tools you need to operate. TrustMAPP’s turnkey SaaS platform gets you up and running quickly, so you can focus on your business.

Malicious NPM packages target Amazon, Slack with new dependency attacks

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. This flaw works by creating packages that use the same names as a company’s internal repositories or components. When hosted on public repositories, including npm, and RubyGems, dependency managers would use the packages on the public repo rather than the company’s internal packages when building the application. This “dependency confusion” would allow an attacker to inject their own malicious code into an internal application in a supply-chain attack. We first reported this story last month in terms of malicious code being stored on public repositories, but this new report from Bleeping Computer shows that the packages are now being deployed.

(Bleeping Computer)

ObliqueRAT trojan now lurks in images on compromised websites

Since its initial discovery, as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft, ObliqueRAT has been upgraded with new technical capabilities and utilizes a wider set of initial infection vectors. It now employs a technique called steganography to hide its payload inside graphic bitmap BMP files. Four new versions of the malware have been discovered that include checks for blocklisted endpoints and computer names, as well as the the ability to extract files from external storage. A new command prompt, as of yet unassigned, also indicates that additional updates will occur in the future.


Facebook settles photo-tagging class-action lawsuit for $650 million

The settlement is with users in Illinois who indicted the social media giant for using photo face-tagging and biometric information without their consent. A significant battle was fought within this case over a choice-of-law provision in Facebook’s user agreements, specifically whether California law applied to the exclusion of a claim under a new and untested statute, the Illinois Biometric Information Privacy Act (BIPA) as Facebook argued. Per the terms of the settlement each claimants within the lawsuit will receive at least $345 as compensation.


Drunk robot vacuums spark complaints from owners

Owners of Roomba robot vacuums have complained the devices appear “drunk” following a software update. A poster on Reddit listed a number of problems including their Roomba spinning around and bumping into furniture, moving in “weird patterns,” travelling diagonally away from its charging dock, and recharging five times while cleaning one room but only for a total of eight minutes The devices’ maker iRobot has acknowledged its update had caused problems for “a limited number” of its i7 and s9 Roomba models, and has promised to deploy a new update to all customers over the course of the next several weeks.

(BBC News)