Cyber Security Headlines – November 13, 2020

Finland pushes through change to ID code law 

The Finish government said it was preparing new legislation to allow citizens to change their personal identity codes in cases of data breaches that carry a high risk of identity theft. The move comes after thousands of citizens had their personal information stolen during a hack of patient records at the Vastaamo psychotherapy clinic. Previously, Finnish law did not allow for changing a ID code in order to prevent criminal activity. The government expects to have the legislation finished in early 2021.

(Security Week)

Researchers find Trickbot is still kicking

Last month, the US Cyber Command, Microsoft, and other companies participated in a coordinated effort to disrupt the Trickbot botnet. A new report by the threat intelligence firm Intel 471 now finds that the botnet is down but not out. According to the firm, Trickbot appears to have shifted to a different tool called BazarLoader to distribute Ryuk ransomware. BazarLoader uses similar code and infrastructure to Trickbot. While the original Trickbot architecture appears to have been mostly wiped out, the group has spun up new C2 servers, and in some cases has begun launching successful targeted ransomware campaigns again. According to Intel 471, the only way to permanently disrupt Trickbot would be to arrest the actual operators. 

(Dark Reading)

New study looks at the source of Android malware

The study comes from security researchers from NortonLifeLock and the IMDEA Software Institute, who found that 67% of unwanted and malware app installs on Android came from the Google Play Store. This study looked at the origin of app installations across 12 million Android devices from June through September 2019, analyzing 34 million APK installs. The Play Store accounted for 87% of overall app installs in the study. Alternative app marketplaces came in second with 10% of unwanted installs. Overall the study found 12 major categories of app installations, including web browsers, mobile device management services, instant messaging platforms, and side loaded through a local file manager.

(ZDNet)

Most Americans reuse passwords on work devices

A September survey by Visual Objects found that 63% of respondents reused passwords across multiple accounts on work devices. The survey also found that 91% of employees said employers were more responsible for cybersecurity than their employees. The survey also found an interesting age gap: 2% of baby boomers admitted to always reusing work-related passwords, compared to 13% of millennials. 

(InfoSecurity Magazine)

Thanks to our sponsor, Blumira

Staffing a 24/7 full-time security operations center with trained security analysts isn’t a reality for many organizations. Blumira’s end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours with a free 14-day trial at Blumira.com.

Microsoft calls to stop using phone-based MFA

Microsoft’s Director of Identity Security Alex Weinert has spent the past year encouraging Windows users to enable multi-factor authentication. In a new blog post, Weinert advises that users avoid telephone-based MFA solutions if possible, citing known security issues in phone networks. These include SMS and voice calls being transmitted in cleartext, the easy availability of phishing tools to acquire phone-based MFA codes, and the prevalence of SIM swapping attacks to transfer phone numbers to an attackers SIM. Weinert expects the security gap between phone-based MFA and other solutions to widen in the future. Weinert recommends authenticators apps as a more secure solution, with hardware security keys as the most secure option. 

(ZDNet)

CISA head reportedly resigns 

CISA’s assistant director for cybersecurity Bryan Ware confirmed to Reuters that CISA head Christopher Krebs handed in his resignation on November 12th, after the White House reportedly asked for him to leave earlier this week. Krebs came under fire in the White House for CISA’s “Rumor Control” website that debunked misinformation about the election, with CISA refusing to delete accurate information at the White House’s request. Krebs had previously drawn bipartisan praise for how the agency handled security around the 2020 election. 

(Reuters)

Animal Jam breach leaks data on 46 million accounts

The platform is aimed at children ages 7-11, with 130 million registered users. After a threat actor published partial databases with information on millions of accounts, Animal Jam publisher WildWorks launched an investigation, finding that the leak came from a compromised server from a third-party vendor. The database includes 7 million email addresses of parents and 32 million usernames and encrypted passwords, as well gender, birthday, and payment address information. WildWorks recommends all account holders change their passwords as a precaution.

(Security Affairs)

Google patches more Chrome zero-days

Another day, another couple of Chrome zero-day exploits fixed. The latest release of Chrome 86 fixed two new zero-day flaws in the popular web browser, marking five zero-days patched by Google over the last three weeks. Unlike the previous three, these were not discovered by internal Google engineers, but submitted by an anonymous source. Details about the exploits haven’t been published yet, or whether they were standalone flaws or used in combination. The Chrome changelog lists the patches as impacting the V8 JavaScript engine and a memory corruption bug with Chrome’s Site Isolation feature. 

(ZDNet)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.