HomePodcastCyber Security HeadlinesCyber Security Headlines – September 21, 2021

Cyber Security Headlines – September 21, 2021

Google expands app permissions reset

The company introduced the “permissions auto-reset” feature in Android 11 last year. This causes apps that haven’t been used in a while to lose access to various device permissions for sensors, SMS messages, and contact lists over time. In December Google will expand this feature through a Google Play Services update to devices running Android 6 and newer, impacting devices from as far back as 2015. Google estimates this will impact billions of devices. Enterprise-managed apps and apps with permissions that have been fixed by enterprise policy will be exempt from the feature. Developers will also have the option to ask users to disable auto-reset, designed for apps that always run in the background. 


Epik confirms it got hacked

Following an alleged hack by the hacktivist group Anonymous, the web host Epik confirmed an “unauthorized intrusion” to its systems. The 180GB of leaked data from the hack includes over 15 million email addresses belonging to both Epik’s customers and non-customers. Non-customer emails were obtained by Epik when it scraped WHOIS records of domains it didn’t own. These emails have been obtained by the data leak alert service HaveIBeenPwned. Other data in the leak includes names, phone numbers, physical addresses, purchases and passwords stored in various formats. Ars Technica reports that some of these records contained dated information that is no longer accurate. Epik did not confirm if credit card info was included in the breach, but encouraged customers to contact card issuers as a precaution. 

(Ars Technica)

Telegram suspends Russian election bots

Telegram suspended all chat bots used in the Russian elections campaign. According to founder Pavel Durov, this would abide by Russia’s “election silence” law that prohibits campaigning during the elections. This comes after Google and Apple removed a Smart Voting app from Russian app stores. Durov also said Google and Apple’s decision to remove the apps set a precedent that app’s in their ecosystem felt pressured to follow, with pressure to comply to local laws.

(Radio Free Europe)

Ransomware hammers banking

According to a new report by Trend Micro, the banking industry was disproportionately impacted by ransomware in the first half of 2021. Overall the industry saw attacks up 1,318% on the year, with analysts saying this is likely due to a perceived higher likelihood of a payout for the attackers. While ransomware was a dominant threat in the first half of the year, Trend Micro also found that business email compromise attacks increased only 4%, a slight 2% drop in the number of exploited zero day attacks, and hundreds of malicious apps trying to exploit COVID-19 scams. Overall the most detected malware in the 6-month period was crypto miners. 

(Security Magazine)

Thanks to our episode sponsor, Kanu Solutions

Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions’ Lunch-n-Learn by registering at kanusolutions.com/events.

Twitter settles on claims of misleading investors

Twitter announced it will pay $809.5 million to settle a shareholder class action lawsuit from 2016 that alleged the company misled investors about its daily and monthly user engagement numbers.  The individual defendants and Twitter will continue to deny any wrongdoing or any other improper actions and expects to pay the settlement amount with cash on hand in the fourth quarter of this year. Twitter switched to using average monetizable daily active users in its earnings as of Q4 2018, which claimed to be a more accurate way of showing how its making money from users. 


Nahoft encryption works in plain sight

The Android encryption tool Nahoft was released on the Play Store last week. This turns up to 1000 characters of Farsi text into a jumble of random words, which can be sent over any messaging app, then decrypted in Nahoft by another user. The app also employs steganography to embed encrypted messages into image files. While Iranians have encrypted messaging apps like WhatsApp available, Nahoft can still work even when a device is offline and is open source. THis allows messages to be sent openly in letters or oven the phone when internet communication is blacked out. The app also contains a passcode and a “destruction code” that will wipe all data. The app was developed by United for Iran, a San Francisco–based human rights and civil liberties group. 


Romance scams break hearts, cost millions

The US FBI reported that in the first six months of 2021, it received over 1,800 complaints about romance scams where victims were coerced into sending money digitally or trading cryptocurrency for another person. These scams resulted in losses of roughly $133 million. In a report, the FBI said scammers typically create trust with victims through dating or social apps, before roping them into scam investment opportunities that will turn a profit. These follow typical investment scam tactics of showing a big return on a small investment to prompt a much larger sum from the victim. Some scammers go so far as to operate fake “customer service” lines to extract additional “taxes and fees” owed on these investments. Since 2016, losses to romance scams have increased fourfold, according to data from the FTC. 


Another impact of WhatsApp’s privacy policy change

The Financial Times and cyber intelligence group Cyberint released data from a recent investigation into Telegram that the messaging service has seen “a 100 percent-plus rise in Telegram usage by cybercriminals” , following users switching to Telegram after a change in WhatsApp’s privacy policy that asked users to accept a revised policy allowing it to share data with its parent company Facebook. Investigators report groups circulating hacked credentials lists with hundreds of thousands of logins commonly circulating. According to analysts, Telegram gained popularity because it was easier to use than the Dark Web and less likely to be surveilled by law enforcement. 


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.

Most Popular