Cyber Security Headlines – November 3, 2021

Facebook deletes 1 billion faceprints in Face Recognition shutdown

Facebook announced Tuesday that they plan to abandon use of their Face Recognition system and delete over 1 billion facial recognition profiles in coming weeks. Face Recognition analyzes uploaded photos to identify users and automatically tag them in Memories, photos and videos. Facebook’s concerns about the technology have been significant as they recently reached a $650 million legal settlement in Illinois which claimed the company collected and stored biometric data of their users without consent. Facebook’s VP of Artificial Intelligence, Jerome Pesenti, stated, “Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.” While this change is a victory for privacy advocates, it comes with a tradeoff of some features not working as designed including automatic tagging and Automatic Alt Text (AAT), which creates image descriptions for people who are blind or visually impaired.

(Bleeping Computer)

Tesla recalls nearly 12,000 vehicles due to software error

The National Highway Traffic Safety Administration (NHTSA) said Tuesday that Tesla is recalling 11,704 vehicles sold in the US due to a communication error that may cause false forward-collision warnings or activation of the emergency brakes, increasing the risk of rear-end collisions. Tesla said the issue began on October 23, after Model S, X, 3 and Y vehicles received a software update in its Beta version 10.3 Full-Self Driving (FSD) population. Tesla said software communication disconnect issues could produce “negative object velocity detections when other vehicles are present.” Upon reports of the issue, Tesla Chief Executive Elon Musk tweeted, “Seeing some issues with 10.3, so rolling back to 10.2 temporarily. Please note, this is to be expected with beta software.”

(CNBC)

Android patches actively exploited zero-day kernel bug

Google’s Android November 2021 security updates address 39 vulnerabilities, the majority of which plug flaws in framework and system or kernel and vendor components. Included in the update is a patch for a zero-day weakness tagged as CVE-2021-1048 that, according to Google, “may be under limited, targeted exploitation.” The flaw is caused by a use-after-free (UAF) kernel vulnerability which can be leveraged to gain administrative control over a system when paired with a remote code execution (RCE) bug. The update also addresses two critical remote code execution (RCE) vulnerabilities and two other critical flaws affecting Qualcomm components. Another 29 bugs are rated as high-severity, with patches addressing issues in the Framework, Media Framework, System, kernel, Android TV, MediaTek and Qualcomm components.

(Threatpost)

M365 outage blocks access to OneDrive and SharePoint files

Starting at approximately 11:40 AM EST on Tuesday, a Microsoft 365 outage prevented access to files stored on SharePoint Online, OneDrive, Office, and Microsoft Teams cloud storage services. An update from Microsoft explained that only new Excel sessions were affected by this outage and that older sessions were unaffected. At approximately 1PM EST, Microsoft said that the outage had been resolved and was caused by a code change for a different problem. Microsoft noted, “We reverted the offending change and monitored the service to confirm that this has resolved the problem.”

(Bleeping Computer)

Thanks to our episode sponsor, Trend Micro

Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com

50% of internet-facing GitLab installations still affected by critical bug

Cybersecurity researchers warn of a now-patched vulnerability in GitLab’s web interface that has been actively exploited in the wild. The vulnerability, tagged as CVE-2021-22205 and rated the highest possible severity on the CVSS scale at 10.0, affects all versions starting from 11.9, and is an improper validation issue that can lead to arbitrary code execution. While GitLab addressed the vulnerability back on April 14, 2021, researchers from Rapid7 reported that of the 60,000 internet-facing GitLab installations, 50% of installs are not patched against this issue, while vulnerability status for 29% of installs could not be determined, and only 21% are fully patched. GitLab users are recommended to update their installs immediately.

(Security Affairs)

Mobile phishing threats now targeting energy industry 

Lookout, Inc. released its Energy Industry Threat Report revealing that 17.2% of all cyberattacks originating on mobile endpoints targeted energy organizations, making the industry the biggest target of cybercriminals and nation-state-sponsored attackers. The report also indicated that, between the second half of 2020 and the first half of 2021, mobile phishing exposure surged 161% within the industry. The report noted that over that same period, 20% of energy employees were exposed to a mobile phishing attack and that the average mobile app threat exposure rate was nearly double the average of all other industries combined. Senior Manager of Security Solutions at Lookout, and report author Stephen Banda, stated “As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program,” 

(Security Magazine)

FBI ties ransomware attacks to significant financial events

According to a new report from the FBI, ransomware groups are increasingly using “significant financial events” such as mergers and acquisitions, as leverage during their attacks. The FBI noted that while ransomware groups indiscriminately distribute malware, they often carefully select their victims based on information obtained during initial intrusions. The report referenced several instances of ransomware gangs making direct threats to victims about potential adverse impacts to their stock prices and also sighted gangs using a popular Russian hacking forum to urge others to use the NASDAQ as leverage during the extortion process. Recorded Future’s Allan Liska stated that while these techniques are not new, “what the FBI is reporting is an escalation of these tactics.”

(ZDNet)

Google triples bounty for Linux kernel exploitation

Google is sweetening the pot for bug bounty researchers finding and exploiting privilege escalation flaws in the Linux kernel. Over the next three months, Google plans to shell out just over $31,000 for privilege escalation exploits using an already patched vulnerability, and over $50,000 for a zero-day kernel flaw or a novel exploitation technique. These amounts triple Google’s previous bug bounty payouts with the company saying, “We hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities.” The company also said the program complements the Android reward program, so exploits that work on Android could see a payout up to $250,000.  

(SecurityWeek)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.