Twitter clarifies its election results policy
The company had previously said it will label misleading tweets claiming premature victory in the US presidential election. Now the company says it will begin labeling on the night of November 3rd, and will consider US election results official when they are confirmed by state election authorities or confirmed by two of the following outlets: ABC news, Associated Press, CBS News, CNN, Decision Desk HQ, Fox News, and NBC news.
Google discloses Windows zero-day
Google believes the flaw is being actively exploited. According to Google’s Project Zero lead Ben Hawkes, the company expects the flaw to be patched on November 10th, Microsoft’s next Patch Tuesday. The exploit is a two stage attack, beginning with a zero-day Chrome vulnerability disclosed last week, that lets attackers run malicious code in Chrome. The Windows side allows the attackers to escape Chrome’s sandbox and run the code at the OS-level. The flaw impacts all Windows kernels from Windows 7 through the most current stable Windows 10 release.
Maze ransomware operators call it quits
The ransomware group issued a press release titled “The Project is closed,” clarifying that any future use of its name or brand should be considered a scam. The Maze operators deny having formed a cartel with other ransomware groups. BleepingComputer’s sources say some Maze affiliates have moved on to a new ransomware operator called Egregor. Maze had been tied to ransomware attacks against Southwire, the City of Pensacola, Canon, LG Electronics, and Xerox. Maze has not responded to questions about whether they will release their master decryption keys.
Devices still vulnerable to SMBGhost
A patch for the Windows SMB vulnerability was issued over six months ago, but security researcher Jan Kopriva reports that a search of Shodan found over 100,000 unpatched machines still vulnerable to the exploit. Taiwan appears to have the most vulnerable machines, followed by Japan, Russia, and the US. Shodan shows that after an initial rush to apply the patch, the number of vulnerable machines has remained flat for months.
Thanks to our sponsor, Trusona
Google’s reCAPTCHA may have privacy problems
How effective is Facebook fact-checking?
New research from Columbia’s Tow Center reviewed fact-check labels assigned to stories on Facebook from October 1st to 5th. Facebook’s ten US fact-checking partners debunked over seventy claims, many related to President Trump’s COVID-19 diagnosis and treatment. The researchers identified 1,100 posts across Facebook and Instagram and found less than 50% carried any fact-checking labels. The researchers found that Facebook’s automated AI review of content was often fooled by minor variations of memes.
A look at the cyberthreats faced by the BBC
A recent Freedom of Information request in the UK revealed that the British Broadcasting Corporation blocked an average of 283,597 malicious emails per day during the first eight months of 2020. In that period the broadcaster blocked 51.9 million infected emails, with an average of 18,600 each month actively containing malware. Research by Barracuda Networks early in the COVID-19 pandemic found that phishing emails were up by 667%.
Bridgefy gets end-to-end encryption
The offline messaging app Bridgefy has recently been used by protest groups, as its combination of Bluetooth and Wi-Fi allows for messages to be sent when the internet is blocked. Earlier this year, security researchers at Royal Holloway, University of London published a paper outlining a myriad of security vulnerabilities with the app, with messages not encrypted, and lacking basic sender verification, letting it be spoofed by third-parties. A new update to the app now adds end-to-end encryption. The update also prevents man-in-the-middle attacks, and one-to-one messages will no longer send user IDs in plain text.