SSID Stripping is a new take on spoofing

Researchers at AirEye disclosed the newly discovered vulnerability, which impacts devices running Windows, macOS, Ubuntu, Android and iOS. The researchers showed how malicious actors could alter SSIDs to make them appear to be legitimate networks. One approach used a NULL byte in the name, which would show only the name of the network before that byte on Apple devices. Similar approaches with non-printable characters also served to erroneously display SSIDs. While most operating systems have protections against spoofed SSIDs, SSID Stripping can cause the networks to be displayed as legitimate, prompting users to manually connect. AirEye released a free assessment tool to determine vulnerability of corporate networks to the attacks. 

(Security Week)

Industrial control systems hammered by cyber attacks

According to new data from Kaspersky, 33.8% of industrial control systems (or ICS) that it monitored were targeted by a cyber attack in the first half of 2021. Internet-based threats were the leading vector with 18.2% of attempts, with removable media accounting for 5.2% followed by email attachments with 3%. The one encouraging sign, unlike attacks on IoT systems, which saw a doubling of attacks in the first half of 2021, ICS attacks only increased 0.4% from the last half of 2020. Still the number of unpatched or unsecured systems exposed to the public-facing internet is troubling, with the number of ICS vulnerabilities reported up 41% in the first half of the year. 

(InfoSecurity Magazine)

Olympus has fallen…to ransomware

TechCrunch’s sources say Olympus is recovering from a ransomware attack that hit its system on the morning of September 8th. The company’s only statement said it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network. A note on an infected machine reportedly implicates the BlackMatter ransomware group, the latest ransomware-as-a-service provider to make a splashy attack. An Olympus spokesperson said customer service was not impacted, but declined to provide further details. 

(TechCrunch)

China orders big tech to play nice

China’s Ministry of Industry and Information technology advised tech companies to stop blocking links to each other’s sites. Tencent restricts users from sharing links to Bytedanc’e Douyin in WeChat and QQ. Douyin filed a complaint in court in February. And Alibaba’s Taobao and Tmaill marketplaces do not allow Tencent’s WeChat Pay to be used as a payment option. Tencent and Alibaba said they would both comply with the guidance. The MIIT also announced Monday it believes there are too many EV makers in the country and it encourages consolidation.

(Reuters)

Thanks to our episode sponsor, Sonrai

Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud – sensitive data, identities, and platform configuration – and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more.

Firefox hacks Edge’s browser default toggle

Firefox 91 let’s users set it as a default browser in Windows 10 using the same one-click method found in Edge. Previously this required going into settings. This isn’t officially supported by Microsoft, rather Mozilla reverse-engineered the exclusive Edge feature, circumventing anti-hijacking browser protections implemented by Microsoft. Mozilla has long been critical of Windows’ default browser behaviors, penning an open letter about it in 2015. Windows 11 also introduces changes that will require users to specify a default browser by file type, rather than having a single default. 

(Windows Central)

Facebook sets different content moderation rules for some users

The Wall Street Journal’s sources say Facebook set up a program called XCheck, proposed as a way to provide extra quality control around moderation for high-profile accounts, with flagged posts from these accounts sent to better-trained moderators. According to documents seen by the Journal. 5.8 million users were enrolled in XCheck in 2020, but only 10% of posts sent through the program were actually reviewed. Users were not told if they were enrolled in XCheck. Facebook said it’s aware of issues with the program and working to fix them, saying it started to address the issues before the Journal published its report. 

(The Verge)

Apple wins against Epic, with one minor exception

Judge Yvonne Gonzalez Rogers ruled that Epic breached its contract with Apple when it implemented its own alternative payment system in Fortnite, saying the company could not be found to be a monopolist or engaging in anti-competitive conduct. Epic plans to appeal that decision. However, in a separate ruling, Judge Rogers issued a permanent injunction against Apple, saying that iOS apps must be allowed to direct users to payment options beyond those offered by Apple. This injunction goes into effect December 9th. Apple said it is considering whether it will appeal.

(The Verge)

CISA gets a new Chief of Staff

CISA filled the role with Kiersten Todt, who previously served as the managing director of the Cyber Readiness Institute, a non-profit she founded in 2017. Todt also served as executive director for the Presidential Commission on Enhancing National Cybersecurity under President Barack Obama. At CRI, Todt worked with global companies to develop free resources to improve the cyber-readiness of small and medium-sized enterprises, bringing in Apple, Microsoft, ExxonMobil, General Motors, MasterCard, PSP Partners, and Principal Financial Group as members. As Chief of Staff, she’ll work allocating resources and planning CISA’s long-term security objectives and goals. 

(InfoSecurity Magazine)