Cyber Security Headlines – November 2, 2021

Cyberattack disrupts healthcare in Canadian provinces

The provinces of Newfoundland and Labrador were hit with a cyberattack on October 30th causing several regional health systems to shutdown networks, resulting in the cancellation of thousands of healthcare appointments. Communications were also disrupted, with patients unable to connect to healthcare services directly or through 911 on the phone. Healthcare facilities largely turned to pen and paper, continuing to operate for vaccinations, emergency care, and other critical cases. Bleeping Computer’s sources say this was caused by a ransomware attack, although the Canadian government has not confirmed this. 

(Bleeping Computer)

Researchers discover Pink botnet

Qihoo 360’s Netlab security team discovered a botnet of over 1.6 million devices primarily located in China, primarily serving to launch DDoS attacks and inserting ads into HTTP traffic. The primary target for the botnet malware are MIPS-based fiber routers. The first malware sample dates from November 2019 and the name comes from a number of function names starting with “pink.” The researchers noted that hardware makers noticed the botnet activity, and attempted to update devices to remove access, with the botnet operators making multiple firmware updates over time to defeat these mitigations. The researchers estimate the network has carried out over 100 DDoS attacks to date. 

(The Hacker News)

Facebook takes down government-run troll farm in Nicaragua

Meta’s social network published details of how it worked with multiple government agencies to take down a network of fake accounts and media pages that spanned across Facebook, Instagram, TikTok, Twitter and YouTube that were engaging in coordinated inauthentic behavior. This network also operated a “complex network of media brands” across Blogspot, WordPress and Telegram. The network used its accounts to mass-report government critics and activists, while also “posting and artificially amplifying praise about the Nicaraguan government and the ruling FSLN party.” Facebook said the operation was unique because it scaled across government agencies, with government workers making activity in it part of their 9 to 5 schedule. Facebook traced the start of the network back to 2018. 

(Engadget)

Dell spins off VMware

Dell Technologies completed its spinoff of its 81% stake in VMware into an independent company. Dell originally announced plans for the spinoff in April. The spinoff will help Dell pay down debt it took on to acquire EMC in 2016 and go public again in 2018. VMware was last independent in 2004, acquired by EMC for roughly $630 million. Post spinoff, VMware has a stock market valuation of roughly $64 billion. According to VMware President Sumit Dhawan, the company will begin to invest and acquire aggressively to expand from a corporate data center focused operation into cloud computing.  

(TechRadar)

Thanks to our episode sponsor, Trend Micro

Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com

Roblox discovers scale is hard

Following up from yesterday, the gaming platform Roblox resolved an outage that saw its services down from October 28th through October 31st. According to CEO David Baszucki, this was caused by an “internal system issue” that was “caused by the growth in the number of servers in our data centers.” Diagnosing the actual bug took the most time for Roblox, who reiterated that the outage was not due to unexpected high peak traffic. 

(TechCrunch)

What goes into the Android Enterprise Recommended label?

Software updates, particularly around security, can be a sore spot among Android users, especially on a consumer level. Recently numerous manufacturers have made stated promises with a set number of years of security updates guaranteed. On the corporate side, the Android Enterprise Recommended headsets serve to mitigate this worry. XDA Developers recently delved into what it takes for a device to be in the program. The program started in 2014, providing APIs to add Android support to enterprise mobility management solutions. Today these phones are required to rollout prompt security fixes for critical issues, with fully disclosed bug reports published. There are also regularly updated hardware specs to ensure devices are usable. They also must support zero-touch enrollment into EMM, essential for fleet management. Currently there are 305 smartphones in the ANdroid Enterprise Recommended category.

(XDA Developers)

macOS flaw opened door to undetectable malware

Security researchers at Microsoft discovered a flaw in macOS’ System Integrity Protection (SIP), which would have allowed an attacker to install a hardware interface that allows them to “overwrite system files, or install persistent, undetectable malware”.  SIP is an OS-level Apple sandbox that contains several memory-based variables that shouldn’t be able to be modified in non-recovery mode. The researchers found that Apple “introduced a particular set of entitlements that bypass SIP checks by design,” as part of the system update process. Apple subsequently patched the issue in macOS Monterrey, Catalina and Big Sur.

(ZDNet)

EU to adopt new security rules

The European Commission issued a delegated act, ordering member states to update legislation in the Radio Equipment Directive, in an effort to introduce new security requirements for radio and wireless equipment sold in the EU. This would impact mobile phones, tablets, fitness trackers, and IoT devices. There are three security measures required to sell equipment covered under the law: improved network resilience, with a particular eye in preventing devices used in botnets, features to guarantee the protection of personal data, and features to reduce the risk of monetary fraud. These requirements are expected to go into effect by mid-2024.

(The Record)


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.