Cyber Security Headlines – Week in Review – Nov 1-5, 2021

This week’s Cyber Security Headlines – Week in Review, Nov 1-5, is hosted by Rich Stroffolino with our guest, Davi Ottenheimer, vp, trust and digital ethics, Inrupt

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion

Facebook deletes 1 billion faceprints in Face Recognition shutdown

Facebook announced Tuesday that they plan to abandon use of their Face Recognition system and delete over 1 billion facial recognition profiles in coming weeks. Face Recognition analyzes uploaded photos to identify users and automatically tag them in Memories, photos and videos. Facebook’s concerns about the technology have been significant as they recently reached a $650 million legal settlement in Illinois which claimed the company collected and stored biometric data of their users without consent. Facebook’s VP of Artificial Intelligence, Jerome Pesenti, stated, “Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.” While this change is a victory for privacy advocates, it comes with a tradeoff of some features not working as designed including automatic tagging and Automatic Alt Text (AAT), which creates image descriptions for people who are blind or visually impaired.

(Bleeping Computer and The Hill)

Iranian Black Shadow hacking group breaches Israeli Internet hosting firm

The group compromised the server of the Israeli internet hosting company Cyberserve, taking down several of the sites that it hosts. The group announced the attack on Twitter on Friday, and then published some of the stolen data shortly afterwards, stating that Cyberserve had not yet contacted them. Black Shadow was responsible for the hack of Israeli insurance firm Shirbit in December last year. In that attack it had a $1 million ransom, but the victim refused to pay it.

(Security Affairs)

Microsoft to work with US community colleges to fill 250,000 cybersecurity jobs

Microsoft made the announcement on Thursday stating their plan was to happen over the next four years, by 2025, in order to fill the country’s cybersecurity workforce shortage. The company’s commitment will include providing training for the faculty of 150 community colleges, providing free curriculum to thousands of US public community colleges, providing scholarships and supplemental resources to 25,000 students. CEO Brad Smith explained that US community colleges are cheaper to attend, are more diverse in terms of graduates, are located in every US state, and are more flexible with their students’ programs.

(The Record)

Global chip shortage ‘is far from over’ as wait times get longer

The global semiconductor shortage is worsening, with wait times lengthening, buyers hoarding products and the potential end looking less likely to materialize by next year. Demand didn’t moderate as expected. Supply routes got clogged, and unpredictable production hiccups have slammed factories already running at full capacity. What’s left is widespread confusion for manufacturers and buyers alike. Some buyers trying to place new orders are getting delivery dates in 2024, said Ian Walker, operations director at electronic-components distributor Princeps Electronics Ltd., which helps companies find chips. Apple Inc. warned Thursday that supply-chain disruptions are hindering iPhone and other product manufacturing ahead of the holiday-shopping quarter.(Wall Street Journal)

Thanks to our episode sponsor, Trend Micro

Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com

macOS flaw opened door to undetectable malware

Security researchers at Microsoft discovered a flaw in macOS’ System Integrity Protection (SIP), which would have allowed an attacker to install a hardware interface that allows them to “overwrite system files, or install persistent, undetectable malware”.  SIP is an OS-level Apple sandbox that contains several memory-based variables that shouldn’t be able to be modified in non-recovery mode. The researchers found that Apple “introduced a particular set of entitlements that bypass SIP checks by design,” as part of the system update process. Apple subsequently patched the issue in macOS Monterrey, Catalina and Big Sur.

(ZDNet)

CISA creates exploited bug catalog

The US Cybersecurity and Infrastructure Security Agency continues its efforts to shore up security within the federal government. It published a catalog of software vulnerabilities known to be exploited in the wild, issuing a binding operational directive requiring federal agencies to patch these within specified deadlines. The catalog currently includes 306 vulnerabilities across vendors, including Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, and IBM, with some dating back to 2010. For vulnerabilities discovered this year, agencies have until November 17, 2021 to apply patches. Older vulnerabilities must be patched by May 3, 2022.

(The Record)

Bots used to scam 2FA codes

Vice reported on fraudsters using automated bots to steal multi-factor authentication codes or one-time passwords to authorize cash transfers. Services impacted include Apple Pay, PayPal, Amazon, Coinbase, and a wide range of specific banks. Speaking to sellers of these bot services, these cost a few hundred dollars, and lowers the barrier to entry for engaging in this behavior. Typically these services call a victim posing as a fraud alert system, asking them to verify their identity with a two-factor code sent to a phone. This code actually comes from the fraudster attempting to login to the victims account. Services for these bots operate on Telegram or Discord, where “customers” enter in a victims phone number, and the service provider users a platform like Twilio to place the automated call. 

(Vice)

Cybercriminals sell access to international shipping, logistics giants

On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. The researchers stated, “While already in a volatile and precarious position — especially as we head into winter — “a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy.” Although the logistics industry is constantly targeted, big names like Conti and Five Hands are appearing in the IAB research along with many newcomers.

(ZDNet)