A look at the Project Signal ransomware campaign

Security researchers at Flashpoint identified the ransomware campaign, seemingly organized by Iran’s Islamic Revolutionary Guard Corps using the contracting company ENP. The project began in the late summer of 2020, with malicious actors researching three to four websites per day as potential targets. Project Signal appears linked to the ransomware campaign Pay2Key that targeted a number of Israeli firms in November 2020, which used similar tactics. The researchers noted that Iran has a history of blending its operations with non-state-sponsored malicious cyber activity to give itself plausible deniability.

(CISO Mag)

Moscow facial recognition system used against protestors

The human-rights monitoring group OVD-Info reports Moscow’s camera system, previously used to enforce quarantine restrictions, catch criminals, and pay subway fares, was used to identify and detain about 1,800 people attending a protest in the Russian capital last week. The organizations also report social media activity and phone billing were used to track protestors. Critics say the system is being used to intimidate people from attending events that might later be deemed illegal by authorities. 

(Bloomberg)

Facebook Oversight Board to release Trump decision Wednesday

The decision will determine if  former President Trump’s accounts will remain indefinitely suspended, set to be announced at 9 a.m. ET on May 5th. The account was suspended “indefinitely” on January 7th following the President’s incitement to violence around the Capitol riots on January 6th. The Oversight Board said it received over 9000 public responses regarding the case. 

(CNN)

Florida law fines social platforms for blocking politicians

The Florida House of Representatives passed SB 7072, which if signed into law would fine social networks for banning politicians more than 60 days. The law wouldn’t apply to temporary social media bans on a candidate, and would allow specific posts to be removed for violating a platform’s terms of service. The bill also bars social platforms restricting restricting “journalistic enterprises,” with  at least 100,000 monthly active users, and also bans algorithmic deprioritization of those enterprises, sometimes referred to as “shadow-banning.” The bill carves an exemption for services that also own a theme park, seemingly carved out for Disney. The Senate has already passed a version of the bill, with the only matter to resolve the amount of fines between the two bills. 

(The Verge)

Thanks to our episode sponsor, Boxcryptor

We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption “Made in Germany” for OneDrive, Dropbox, Google Drive, and Co. as well as for Microsoft Teams. For more information visit Boxcryptor.com.

What3Words send legal threats to security researcher working on open source alternative

What3Words is a service that assigns three native language words to every 3 meter square to make it easier to determine location, useful for emergency services, and generates a lot of licensing revenue. Recently, security researcher Andrew Tierney found that What3Words sometimes has similarly named squares within a mile or so of each other, possibly causing confusion, but hard to find as the system is proprietary. An open source alternative called WhatFreeWords was created by reverse-engineering the What3Words system and implementing it for JavaScript and Go, only using enough data as was necessary for interoperability. When Tierney published his findings, SysAdmin Aaron Toponce helped Tierney with his research. Toponce received a letter last week from What3Words, requesting that he delete tweets related to WhatFreeWords and tell them who he shared WhatFreeWords software with. What3Words insists that WhatFreeWords includes its copyright-protected code, but there are no known court cases establishing a violation of copyright. 

(TechCrunch)

Dozens of apps leaking AWS keys

A new report from the BeVigil search engine, which checks an app’s security ratings and other security issues before installing, found over 40 apps that had hardcoded private Amazon Web Services keys embedded within them. These apps had been collectively downloaded over 100 million times. Adobe Photoshop Fix, Adobe Comp, Hootsuite, and IBM’s Weather Channel were among the apps listed. Analysis found that some of the exposed AWS keys had access to multiple AWS services, including credentials for 88 S3 buckets, ultimately providing access to 5.5TB of data, including source code, application backups, user reports, test artifacts, configuration and credential files. BeVigil owner CloudSEK said they contacted AWS and impacted apps independently to disclose their findings. 

(The Hacker News)

Tesla hacked via drone

Two security researchers demonstrated the zero-click attack, named TBONE, which exploits two vulnerabilities in the embedded internet connection manager ConnMan, to ultimately take control of a Tesla’s infotainment system. While this could impact steering and acceleration modes, the exploit did not yield drive control of the car. The researchers were able to use a drone to trigger the exploit over Wi-Fi on a parked car 100 meters away to unlock its doors. The attack worked against all current Tesla models. Tesla patched the vulnerabilities in October 2020, and the exploit was originally going to be shown at the Pwn2Own 2020 hacking competition, before the automotive portion was cancelled. 

(Security Week)

Fear leads to anger. Anger leads to hate. Hate leads to bad passwords.

What better way to celebrate May the 4th than to look at all the terrible Star Wars related passwords. Specops Software analyzed a trove of leaked passwords to look for the most commonly used words from the movies. Most commonly used “Yoda” was, followed by “starwars” itself. Somehow “ewok” ranked in number three ahead of “hansolo.” It seems like bad passwords keep up with the ever expanding Star Wars lore, as “grogu” came in at number 8. And much like critical reception of the film, “rogueone” came in last at number 20. To be fair, Phantom Menace didn’t even make the list.  

(Specops)