Covid tracking apps from Google-Apple partnership gaining traction in the U.S.
Six months after the release of API technology built for hosting Covid-19 exposure alert apps on smartphones, 10 states plus Guam are making it available, giving contact tracing access to 21 percent of the U.S. population. The delay was initially due to the expense of developing phone apps and a lack of a cohesive national phone app policy. Open sourcing from countries such as the UK, Germany, and Canada are making it easier for the apps themselves to be made available.
FBI works more closely with spy agencies to hunt foreign hackers
After having received 467,361 complaints, resulting in more than $3.5 billion in losses to individuals and businesses, the program emphasizes partnerships with foreign law enforcement agencies and private internet companies, which often have the best information into a hacker’s activities, said FBI cyber division assistant director Matt Gorham. The program will also focus on “mission centers” with separate cyber divisions within the FBI aimed at Russia, China, and Iran, viewed as the greatest threats in cyberspace
Phishing-with-worms campaign is declared a game-changer in password theft, account takeovers
In a blog post on Medium, cybersecurity expert Craig Hays describes a sophisticated scam in which phishing emails were being sent as replies to genuine ones, as opposed to the typical out-of-the-blue phish. A bot running on a remote server used the original subject line and Reply All to connect with people on a legitimate group email, using wording that appeared contextually appropriate. Hays states that this method beats traditional credential stuffing techniques and exploits the fact that people don’t use multifactor authentication on trusted emails.
Microsoft Office 365 phishing attack uses multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that’s targeting the hospitality industry by using visual CAPTCHAs. Though the use of CAPTCHAs in phishing attacks is not new, this attack shows that three different CAPTCHA checks are used on targets before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page. Hackers use CAPTCHA technology to verify the authenticity of live victims as well as to exploit users’ cognitive bias in believing the site they are visiting must be legitimate.
Thanks to this week’s sponsor, Detectify
Researchers move closer to identifying malware authors’ fingerprints
Malware can reveal the specific writing style of individual coders, say Itay Cohen and Eyal Itkin of Checkpoint. Fingerprinting an exploit writer’s characteristics creates a unique hunting signature that helps identify individual malware coder’s handiwork on other seemingly unrelated exploits. Although this seems like a needle in a haystack exercise, the researchers point out a Kaspersky report that shows how numerous zero-day exploits can be attributed to a small number of actors.
Microsoft explains the cause of the recent Office 365 outage
A bug in the deployment of an Azure AD service update caused a worldwide outage in a range of Microsoft Office 365 applications last Monday. The AADSTS90033 transient error message prevented sign-ins for customers. Microsoft states that a bug in its Safe Deployment Process (SDP) caused a service update to be deployed to all rings simultaneously rather than first being deployed to the test ring. Microsoft tried to perform an automated rollback of the change, but the bug had corrupted its metadata, requiring a much longer manual rollback.
Ttint: a new form of router-based IoT botnet
Unlike the many IoT botnets already in existence, Ttint does not just infect routers to perform DDoS attacks, but also implements 12 different remote access methods to the infected routers, uses them as proxies to relay traffic, tampers with their firewall and DNS settings, and gives attackers the ability to execute remote commands on the infected devices. Pascal Geenens, cybersecurity evangelist at Radware told ZDNet, “Ttint could mark the beginning of the maturing of general IoT malware and broader leverage in more sophisticated campaigns.”
HP Device Manager susceptible to dictionary attacks
Security experts from HP have discovered security vulnerabilities in certain versions of its HP Device Manager, a software that allows system administrators to manage their HP Thin Client devices. In a security advisory, HP stated the vulnerabilities could allow malicious actors to remotely gain unauthorized access to resources and also SYSTEM privileges. The flaws could also expose the Device Manager to dictionary attacks due to weak cipher implementation. In dictionary attacks, hackers try to obtain illicit access to a system by using a large set of words to generate potential passwords.