China’s biggest chip maker hit by US sanctions

The US Department of Commerce has stated that companies that export to Semiconductor Manufacturing International Corporation (SMIC) would now need a license, out of concern that SMIC posed an “unacceptable risk” of their technology being diverted to “military end use.” This move would severely set back China’s ability to manufacture chips, and will also affect other manufacturers in the supply chain such as Qualcomm. Paul Triolo, head of tech policy analysis at Eurasia Group suggests this would be a tipping point for U.S.-China relations.

(Financial Times)

Elon Musk unhappy over Microsoft’s exclusive licensing of OpenAI

Microsoft announced last Tuesday that it was exclusively licensing GPT-3, a natural language AI-powered tool made by OpenAI, a company co-founded by Elon Musk. GPT-3, which has the capacity to generate text that reads as though it were written by a human, was devised as an open concept software. Although the extent of the exclusivity has not been revealed, Musk took to Twitter to suggest OpenAI was now the opposite of open.

(Business Insider South Africa)

Google removes 17 Android apps doing WAP billing fraud from the Play Store

The 17 apps, spotted by security researchers from Zscaler, were infected with the Joker (aka Bread) malware, designed to steal SMS messages, contact lists, and device information, along with silently signing up victims for premium wireless application protocol (WAP) services. Google removed the apps from the Play Store, but users must manually remove the apps from their devices. This is the third time Google has come up against Joker-infected apps in the past few months.

(ZDNet)

Pastebin adds “Burn After Read” and “Password Protected Pastes”

These two features, already popular on other paste sites, allow Pastebin users to create pastes (pieces of text) that expire after a single read or that are protected by a password. This will make it easier to disguise malware operations. Pastebin has long been a go-to location for malware authors to store malicious code, and security researchers see this as a move that thwarts their efforts to detect malware operations.

(ZDNet)

Thanks to this week’s sponsor, ReversingLabs

ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world’s most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action–all with zero interruption to business critical systems.    
Learn more by watching an on-demand demo at reversinglabs.com/demo

Microsoft says China-linked hackers abused Azure in attacks

Microsoft this week announced that it recently removed 18 Azure Active Directory applications that were being abused by China-linked state-sponsored threat actor GADOLINIUM, which , according to Microsoft, has expanded its target list to include the Asia-Pacific region, as well as other targets in higher education and regional government organizations. Previously employing custom malware, the threat actor has added open-source tools to their toolset over the past year, making tracking more difficult.

(Security Week)

92% of U.S. organizations suffered data breach due to vulnerabilities in vendor ecosystems

A study from cybersecurity solutions provider BlueVoyant and based on responses from 1500 CISOs and procurement officers in the U.S., the U.K., Mexico, Switzerland, and Singapore revealed that 69% do not have full visibility over their full supply chain, and that key points include not working with suppliers to improve their security performance, and not offboarding suppliers with the rigor with which they were onboarded. 

(CISO Magazine)

Fileless malware tops critical endpoint threats for 1H 2020

The most common critical-severity cybersecurity threat to endpoints in the first half of 2020 was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of being stored on the hard drive. Also included in this list are dual-use tools such as those used in penetration testing, but that are also being exploited by threat actors.

(Threatpost)

Royal Ripper is a multi-stage phishing attack that adapts to victim input

A new evolution in phishing is emerging with customized, multi-stage attacks. Royal Ripper impersonates the UK’s government tax authority with the standard outstanding taxes owed or “refund due” message in SMS, but then harvests the sort code or routing number of the victim’s bank, which sends the victim to a secondary phishing page that impersonates their bank. PhishLabs points out that although many phishing sites impersonate target banks, this multi-stage progression adapts to victim input, making it appear less suspicious.

(PhishLabs)