Samsung guards against zero-click attacks
One of the things that makes spyware, like NSO Group’s Pegagus, hard to guard against is because they require no interaction from users to exploit, just sending a SMS message with a malicious payload. To guard against this, Samsung introduced Message Guard for Galaxy smartphones and tablets to protect users from zero-click attacks. Message Guard isolates image attachments sent to Samsung Messages or Messages by Google, and then scans them before processing, to help prevent device infection. It’s available on the Galaxy S23 now and will roll out to Galaxy phones running OneUI 5.1 or later. This comes as device makers continue to harden consumer hardware against spyware, after Apple introduced its Lockdown Mode last year in iOS 16.
Rethinking ransomware cat and mouse
It’s a cliche in cybersecurity that the industry is always in a game of cat and mouse with threat actors. As we patch and update our tooling, the bad guys find new things to target. A new report from the security firm Ivanti shows that many organizations aren’t keeping up on this game as well as they could. It aggregated threat intelligence from Securin, Cyber Security Works, and Cyware, looking at vulnerabilities used in 2022 ransomware attacks. It found that ransomware attacks used 344 unique vulnerabilities in the year, up 19% on the year. But overall it found that 76% of flaws used in attacks were from 2019 or older, with the oldest being a 2012 vulnerability in Oracle Fusion.
Norway seizes Lazarus Group crypto
The country’s National Authority for Investigation and Prosecution of Economic and Environmental Crime seized 60 million Norweigen Krone, about $5.8 million USD, worth of cryptocurrency from the North Korean threat group. Lazarus stole the funds in March 2022 as part of the $620 million theft in the Axie Infinity Ronin bridge attack. Back in September, the US announced it recovered over $30 million. The law enforcement agency said it worked with international partners to piece together a money trail on the group, able to seize the funds when they became active before they could be laundered.
Meta begins paid verification
The company began rolling out Meta Verified in New Zealand and Australia, offering paid verification on Instagram and Facebook for $11.99 a month on the web, or $14.99 on mobile. CEO Mark Zuckerberg said Meta Verified will offer a verification badge on accounts, increased visibility, exclusive stickers for Reels and Stories, and priority customer support. Like other verification systems, Meta claims this will help prevent impersonator accounts. Zuckerberg didn’t position this as a way to generate revenue for the company, instead saying it was about “increasing authenticity and security across our services.” Users must be at least 18 years old and submit a government ID. Meta won’t make changes to previously verified accounts that were designed for notoriety or newsworthiness. Meta Verified will roll out to more countries “soon.”
And now a word from our sponsor, Barricade Cyber Solutions
Outlook spam filters break
Numerous users reported that on the morning of February 20th, Microsoft’s Outlook spam rules appeared to be broken, resulting in junk emails appearing in its Focused Inbox. Based on reports, this appears limited to personal Outlook accounts. Microsoft did not comment on the outage, and its status page does not indicate any issue with Outlook. Some users said contacting support resulting in Microsoft requesting they DM about further issues. This appears to have been resolved later in the day. If nothing else, a PSA to look out for spam emails from early in the morning if you use the client.
Ransomware leads to earnings hit
Usually when we talk about ransomware attacks on this show, the impacts we discuss involve downtime or leaked data. This week we found an example of the financial impact of ransomware. Applied Materials is a key company in the semiconductor supply chain, providing tech across the industry. On its earnings call, it disclosed a ransomware attack on an unnamed supplier will cost it $250 million next quarter. While not named, one of its suppliers, the engineering company MKS Instruments, delayed its earnings call after discovering a ransomware attack on February 3rd. MKS reported itself in a “recovery phase” following the attack, still trying to determine the full scope of the attack.
Twitter hacker faces extradition
The person allegedly behind the 2020 attack on Twitter, which hijacked numerous high profile verified Twitter accounts, now faces extradition to the US. Spanish officials arrested Joseph James O’Connor in the city of Estepona back in July 2021. The country’s High Court agreed with the US request for extradition. The court determined both the evidence in the case and damages of the alleged hack both reside in the US. The Spanish government must still confirm sending him to the US, but it typically complies with High Court decisions.
Microsoft limits Bing AI conversations
Over the weekend, it seemed every outlet decided to run a similar story about Microsoft’s New Bing chatbot getting weird. This included behavior like threatening other users or seemingly taking on multiple personas within a single chat. Now Microsoft introduced temporary conversation limits to the service. It capped questions at 50 per day and only five questions per chat session. Microsoft said the vast majority of users find answers within 5 questions, with one 1% of conversations containing over 50. The company previously said extended chat sessions cause Bing “to give responses that are not necessarily helpful or in line with our designed tone.” Microsoft said “we will explore expanding the caps on chat sessions,” based on feedback.