Apple accidentally notarized malware on macOS
The malware was initially discovered by college student Peter Dantini and passed on to security researcher Patrick Wardle. The campaign was distributing the “Shlayer” adware, and its unclear how the malware got past Apples checks and software scanning. Wardle notified Apple on August 28th, and the company subsequently revoked the notarizations the same day. However Wardle noticed on August 30th the malware was still being distributed, but notarized from a different developer account, and notified Apple of the update. In February, Apple began requiring all apps to be notarized to run on macOS.
(Wired)
Security researchers detail a Netwalker play-by-play
The Digital Forensics and Incident Response Report published details about a NetWalker ransomware intrusion. Overall the whole intrusion took around one hour, from a threat actor logging in through RDP, to delivering the NetWalker ransomware payload on all Domain joined systems. Command and control scripts were dropped in with 16 minutes of intrusion. The report details each step of the attack, resulting in a ransom note asking for $50,000 within 7 days.
Mozilla find out “Why We Still Can’t Browse in Peace”
A study by three Mozilla employees found that most internet users have unique browsing habits that can allow advertisers to track and re-identify users across different sets of user data that contain browsing history. The study found that a list of between 50 to 150 of a user’s most accessed domains were enough to create a profile. The study was a follow up to a 2012 study, and found that unique browsing histories have become more common, with reidentifiability of a user increasing from 38% to 50% using just 50 domains in a browser history.
(ZDNet)
Google and Facebook amend plans for undersea cable network
The companies revised their proposal for the Pacific Light Cable Network to no longer include Hong Kong, citing privacy concerns raised by the President’s administration. A revised proposal now calls for the companies to run cables to the Philippines and Taiwan. In June, the US Justice Department asked the FCC to deny the link to Hong Kong.
Thanks to our sponsor, Trusona
TikTok might get a bidder, but an acquisition is still murky
CNBC reports that according to sources, Tiktok has decided on a bid to acquire its operations in the US, Australia, and New Zealand. Tiktok will reportedly make the announcement later this week, however as reported yesterday, recent changes to Chinese technology export laws would require ByteDance to obtain a license from the Chinese government, before going forward with a sale.
(CNBC)
The iOS App Store won’t delay bug fixes anymore
The change was one of several announced to its App Store review policy at WWDC this year. Aside from no longer delaying bug fix updates to apps over guideline violations except for those related to legal issues, the company will also let developers suggest changes to App Store guidelines as part of the app review appeals process.
Cloud misconfiguration woes continue
AppOmni CEO Brendan O’Connor wrote a piece looking at the cost of cloud misconfiguration for enterprises. He points to the fact that misconfigurations are the root cause to most of the 33.4 billion records exposed in cloud breaches over the last two years. Part of this is due to a misunderstanding in the cloud that cloud vendors are responsible for the security of the cloud, but customers bear responsibility for security once in the cloud. With mass work from home as the result of COVID-19, he points to the need to evaluate change controls, review APIs as a threat surface, establish an explicit cloud architecture and strategy, and institute identity, credential, and access management systems to ultimately help solve the configuration problem.
Internet outage hits several security services
The outage was caused by an apparent misconfiguration or hardware failure across an internet backhaul connection, impacting CenturyLink, OpenDNS, Duo Security, Cloudflare, and Imperva among others on August 30th. Typically when a network can’t handle traffic, it simply routes to another network able to handle the load, but the affected network did not withdraw routes once a customer was disconnected. The affected network belonged to Level 3, which was acquired by CenturyLink in 2016. (InfoSec Handlers Diary)