A look at the Project Signal ransomware campaign
Security researchers at Flashpoint identified the ransomware campaign, seemingly organized by Iran’s Islamic Revolutionary Guard Corps using the contracting company ENP. The project began in the late summer of 2020, with malicious actors researching three to four websites per day as potential targets. Project Signal appears linked to the ransomware campaign Pay2Key that targeted a number of Israeli firms in November 2020, which used similar tactics. The researchers noted that Iran has a history of blending its operations with non-state-sponsored malicious cyber activity to give itself plausible deniability.
Moscow facial recognition system used against protestors
The human-rights monitoring group OVD-Info reports Moscow’s camera system, previously used to enforce quarantine restrictions, catch criminals, and pay subway fares, was used to identify and detain about 1,800 people attending a protest in the Russian capital last week. The organizations also report social media activity and phone billing were used to track protestors. Critics say the system is being used to intimidate people from attending events that might later be deemed illegal by authorities.
Facebook Oversight Board to release Trump decision Wednesday
The decision will determine if former President Trump’s accounts will remain indefinitely suspended, set to be announced at 9 a.m. ET on May 5th. The account was suspended “indefinitely” on January 7th following the President’s incitement to violence around the Capitol riots on January 6th. The Oversight Board said it received over 9000 public responses regarding the case.
Florida law fines social platforms for blocking politicians
The Florida House of Representatives passed SB 7072, which if signed into law would fine social networks for banning politicians more than 60 days. The law wouldn’t apply to temporary social media bans on a candidate, and would allow specific posts to be removed for violating a platform’s terms of service. The bill also bars social platforms restricting restricting “journalistic enterprises,” with at least 100,000 monthly active users, and also bans algorithmic deprioritization of those enterprises, sometimes referred to as “shadow-banning.” The bill carves an exemption for services that also own a theme park, seemingly carved out for Disney. The Senate has already passed a version of the bill, with the only matter to resolve the amount of fines between the two bills.
Thanks to our episode sponsor, Boxcryptor
What3Words send legal threats to security researcher working on open source alternative
Dozens of apps leaking AWS keys
A new report from the BeVigil search engine, which checks an app’s security ratings and other security issues before installing, found over 40 apps that had hardcoded private Amazon Web Services keys embedded within them. These apps had been collectively downloaded over 100 million times. Adobe Photoshop Fix, Adobe Comp, Hootsuite, and IBM’s Weather Channel were among the apps listed. Analysis found that some of the exposed AWS keys had access to multiple AWS services, including credentials for 88 S3 buckets, ultimately providing access to 5.5TB of data, including source code, application backups, user reports, test artifacts, configuration and credential files. BeVigil owner CloudSEK said they contacted AWS and impacted apps independently to disclose their findings.
Tesla hacked via drone
Two security researchers demonstrated the zero-click attack, named TBONE, which exploits two vulnerabilities in the embedded internet connection manager ConnMan, to ultimately take control of a Tesla’s infotainment system. While this could impact steering and acceleration modes, the exploit did not yield drive control of the car. The researchers were able to use a drone to trigger the exploit over Wi-Fi on a parked car 100 meters away to unlock its doors. The attack worked against all current Tesla models. Tesla patched the vulnerabilities in October 2020, and the exploit was originally going to be shown at the Pwn2Own 2020 hacking competition, before the automotive portion was cancelled.
Fear leads to anger. Anger leads to hate. Hate leads to bad passwords.
What better way to celebrate May the 4th than to look at all the terrible Star Wars related passwords. Specops Software analyzed a trove of leaked passwords to look for the most commonly used words from the movies. Most commonly used “Yoda” was, followed by “starwars” itself. Somehow “ewok” ranked in number three ahead of “hansolo.” It seems like bad passwords keep up with the ever expanding Star Wars lore, as “grogu” came in at number 8. And much like critical reception of the film, “rogueone” came in last at number 20. To be fair, Phantom Menace didn’t even make the list.