UK issues a report on Huawei 5G rollback
The UK House of Commons defence committee issued a report finding that “It is clear that Huawei is strongly linked to the Chinese state and the Chinese Communist Party, despite its statements to the contrary. This is evidenced by its ownership model and the subsidies it has received.” While the report warns that it should not “succumb to ill-informed anti-China hysteria”, it still commands bringing forward the date by which no Huawei 5G equipment can be used in telecom networks from 2027 to 2025 if necessary. It did not find a threat to encrypted communications.
Facebook will stop running political ads after the US election
The temporary measure will go into effect after the polls close on November 3rd, and will also impact social-issue ads. The company said this was a temporary step to “reduce opportunities for confusion or abuse.” Facebook previously announced it would add a label to any post from a candidate or political party claiming victory in the US presidential election prior to it being called by major news outlets.
US seizes domains tied to Iranian misinformation campaign
The US Department of Justice announced it seized 92 domains linked to Iran’s Islamic Revolutionary Guard Corps that were used to “unlawfully engage in a global disinformation campaign.” These included four meant to look like legitimate news outlets targeted in the US. Google initially tipped off the DOJ about the campaign. The domains were seized for violating the Foreign Agents Registration Act, which requires foreign entities to disclose sources of information when trying to influence US public opinion. Visiting the seized domains now displays an FBI notice.
App ad fraud makes an impression
Security researchers at White Ops looked at the income generated by a fraudulent ad business ring across 240 Android apps it dubbed Rainbow Mix. The apps displayed out of context ads, which appear to be legitimate, but come when the user is not active in the app that generates them, with the Rainbow Mix ads appearing to come from YouTube and Chrome. The researchers found the group of apps generated 15 million ad impressions per day. Code for the ads was found in packages from legitimate Android and Unity software development kits, included triggers for when a phones screen was on and not plugged in, and received a JSON payload from a C2 server after installing the apps. Google removed the apps from the Play Store at the end of August after being alerted by White Ops.
Thanks to this week’s sponsor, Detectify
Waterbear malware used against Taiwanese government agencies
Researchers at CyCraft spotted the attacks that originated in April 2020. The attacks were able to exploit a vulnerability in a common and trusted data loss prevention tool to load the malware, with the attackers targeting endpoints that were compromised from a previous unrelated cyberattack. The attackers then used DLL hijacking to inject shellcode into various Windows system services, which then let the Waterbear loader deploy additional packages. The attack also used an antivirus evasion technique called “Heaven’s Gate”, which has the malware declare itself to be a 32-bit process, but execute 64-bit code, hampering analysis and detection services.
UK businesses saw increased cyber attacks during COVID lockdowns
The British ISP Beaming reports that it saw UK businesses suffer over 177,000 targeted cyber attacks between April and June 2020, up 14% from Q1. The ISP saw attacks coming from over 340,000 unique IP addresses, with 37,000 of these traced back to different locations in China, 32,000 in Taiwan, and 17,000 in the U.S. Beaming found attacks against file-sharing applications were up 27% in that period, with an average of 5,900 attacks per company, while IoT-related attacks remain a prominent target, with an average of 14,000 attacks per company.
Flaws exposed in Azure’s App Services
The flaws in Microsoft’s service for hosting web applications were discovered by Paul Litvak at Intezer and could open the door for an attacker to take over an App Service administration server. One flaw was found in the open source KuduLite project used by App Services, which used hard coded credentials for SSH services. Using the stock credentials, attackers could gain access to App Service’s Software Configuration Management server, letting them listen to a user’s HTTP requests and inject malicious code into web pages. The second flaw was found in the KuduLite API, which could be used to gain access to file systems and execute remote code. Microsoft has issued fixes to both bugs.
Google ads cross-app security alerts
This comes as one of a number of security updates from the search giant. Cross-app security updates will now send you notifications across all of Google’s apps when a security issue is detected. The feature rolls out in limited testing on iOS first, with a larger rollout planned for early 2021. Google also rolled out a Guest Mode to Google Assistant that won’t save voice queries to a linked Google account. The company also revamped its Safety Center website with information about security and privacy settings across 13 Google products including Gmail, Chrome, YouTube, Android, and Pixel.