Cyber Security Headlines – November 12, 2020

Facebook extends ban on political ads

In the announcement, the social network said that the ban would extend for another month. Facebook cited the delays in election results for extending the ad moratorium. The company did say there may be an opportunity to resume political ads sooner as election results are finalized. Facebook originally announced in early October it would ban political ads starting on election day in the US. 

(Financial Times)

EU tightens cybersurveillance export laws

The rules are an effort to keep such tools from being used by repressive regimes. The new rules impact so-called “dual use” surveillance products and services, which can be used in both a civilian and military context. Member states will be required to consider “the risk of use in connection with internal repression or the commission of serious violations of international human rights and international humanitarian law,” when approving things like high-end computers and drones, identification software and spyware for export. It’s expected that the new rules will not immediately limit the flow of goods and technology, but will add greater transparency over exports. 

(The Register)

Palo Alto Networks acquires Expanse

Palo Alto plans to use the acquisition to bolster its Cortex portfolio with Expanse’s attack surface management solutions. The deal is valued at $800 million in cash, stock and replacement equity. Expanse currently offers dashboards for monitoring Internet assets and suspicious network activity, with APIs to integrate into existing infrastructure. The deal is expected to close in Palo Alto’s fiscal Q2.

(ZDNet)

TikTok petitions CFIUS for some attention

The move comes after TikTok said it received “no substantive feedback” regarding its proposal to form a new corporate structure with Oracle to satisfy national security requirements. An executive order requires TikTok in the US to be divested by parent company Bytedance by November 12. TikTok filed a petition in the US Court of Appeals for the DC Circuit Tuesday, calling for a review of actions by CFIUS. An October 30 preliminary injunction blocks a ban of TikTok, but the lack of communication prompted TikTok to make the new filing.

(CNBC)

Thanks to our sponsor, Blumira

CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira’s cloud SIEM that you can deploy in hours, not weeks or months. That’s Blumira.com.

Another exploit discovered in Intel’s SGX

Security researchers revealed a side-channel attack against Sandy Bridge and newer Intel chips called PLATYPUS that can remotely use the Running Average Power Limit or RAPL power meter to infer values, including crypto keys in SGX enclaves. Intel is elevating the privileges needed to access the RAPL power meter and a microcode fix that limits reported energy consumption. Crypto algorithms that are time constant can prevent the side channel attack from working. There is no indication the vulnerabilities were exploited in the wild. Energy meters in chips from AMD and others may be vulnerable to similar attacks. 

(Ars Technica)

Nvidia patches major GeForce Now exploit

The privilege escalation exploit could have allowed local attackers to execute arbitrary code through GeForce Now’s OpenSSL library. This library was vulnerable to binary planting attacks, which Nvidia warned were even more urgent as they were low complexity and require low privileges, although the exploit did require user interaction to execute code. The exploit only impacted the Windows client of the service, and Nvidia has now issued a patch to resolve the issue. 

(Bleeping Computer)

Facebook says 6% of content seen by users in political 

This statistic comes from a blog post by Alex Schultz, Facebook’s VP of analytics and chief marketing officer. The post noted that the platform saw twice the increase in posts on Halloween compared to election day in 2020. Schultz also clarified that lists of posts with the most engagement, pulled by third-party services like CrowdTangle, don’t equate to reach or what is going viral on Facebook, as the platform’s ranking model uses other indicators, like user surveys. According to Facebook, the US publishers with the largest reach in late October were cnn.com, foxnews.com, nbcnews.com, washingtonpost.com, and nytimes.com.

(Axios)

Campari ransomware saga gets a new twist

We reported last week that the Italian liquor conglomerate Campari was hit by a ransomware attack by the Ragnar Locker ransomware gang. With Campari seemingly unwilling to pay a ransom, the gang is now trying a new approach to put pressure on the company: Facebook ads. The ads were first spotted by security researcher Brian Krebs, and were posted from a hacked Facebook account. The ad threatened to release 2TB of sensitive data stolen in the initial ransomware attack if Campari refused to pay a $15 million ransomware in bitcoin. 

(ThreatPost)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.