A quick Saturday digest of cybersecurity news articles from other sources.
Webinar: Anatomy of a Phishing Exploit
Cyber-hygiene alert!! You are invited to a one hour seminar titled Anatomy of a Phishing Exploit. I will be the presenter
Understand cyber-hygiene essentials to secure your data from phishing attacks in a highly informative, one-hour webinar organized by Vinsys. The heaping cases of cybercrime worldwide has raised a serious concern to organizations and their data. This webinar gives you a briefing about the many types of phishing attacks and methods to detect and avoid such attacks. It also takes you deeper into understanding the loopholes that could help you establish a highly secure network system.
Reduce risks of a phishing exploit. Don’t miss this webinar!
Webinar Details:
- Presenter – Bob Weiss
- Mode – MS Teams
- Date – Jan 25, 2022
- Timing – 1:00 pm – 2:00 pm (EST)
CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
Original release date: January 18, 2022
In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to:
- Reduce the likelihood of a damaging cyber intrusion,
- Detect a potential intrusion,
- Ensure the organization is prepared to respond if an intrusion occurs, and
- Maximize the organization’s resilience to a destructive cyber incident.
CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.
9 ways that cybersecurity may change in 2022
As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand.
REvil ransomware crew allegedly busted in Russia, says FSB
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous “REvil” ransomware crew.
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates
by Brian Krebs
At the U.S.’s request, Russia arrested 14 people tied to the REvil ransomware group. Some believe the crackdown is a cynical ploy to showcase the kind of cooperation the US won’t be getting going fwd if it places more sanctions on Russia in re: Ukraine. krebsonsecurity.com/2022/01/at-req…
More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers
by Bruce Schneier [2021.12.20] Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.
We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab:
We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.
Cytrox was reported to be part of Intellexa, the so-called “Star Alliance of spyware,” which was formed to compete with NSO Group, and which describes itself as “EU-based and regulated, with six sites and R&D labs throughout Europe.”
In related news, Google’s Project Zero has published a detailed analysis of NSO Group’s zero-click iMessage exploit: FORCED ENTRY.
Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
By the way, this vulnerability was patched on 13 Sep 2021 in iOS 14.8.
People Are Increasingly Choosing Private Web Search
by Bruce Schneier [2022.01.06] DuckDuckGo has had a banner year:
And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020 (23.6 billion). That’s big. Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google in search.
I use it. It’s not as a good a search engine as Google. Or, at least, Google often gets me what I want faster than DuckDuckGo does. To solve that, I use use the feature that allows me to use Google’s search engine through DuckDuckGo: prepend “!Google” to searches. Basically, DuckDuckGo launders my search.
EDITED TO ADD (1/12): I was wrong. DuckDuckGo does not provide privacy protections when searching using Google.
Norton’s Antivirus Product Now Includes an Ethereum Miner
by Bruce Schneier [2022.01.07] Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%.
It’s hard to uninstall this option.
Fake QR Codes on Parking Meters
by Bruce Schneier [2022.01.10] The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.
Using Foreign Nationals to Bypass US Surveillance Restrictions
by Bruce Schneier [2022.01.13] Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation.
New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed.
What’s most interesting to me about this new information is how the US used the Australians to get around domestic spying laws:
For legal reasons, the FBI did not monitor outgoing messages from Anom devices determined to be inside the U.S. Instead, the Australian Federal Police (AFP) monitored them on behalf of the FBI, according to previously published court records. In those court records unsealed shortly before the announcement of the Anom operation, FBI Special Agent Nicholas Cheviron wrote that the FBI received Anom user data three times a week, which contained the messages of all of the users of Anom with some exceptions, including “the messages of approximately 15 Anom users in the U.S. sent to any other Anom device.” […]
Stewart Baker, partner at Steptoe & Johnson LLP, and Bryce Klehm, associate editor of Lawfare, previously wrote that “The ‘threat to life; standard echoes the provision of U.S. law that allows communications providers to share user data with law enforcement without legal process under 18 U.S.C. § 2702. Whether the AFP was relying on this provision of U.S. law or a more general moral imperative to take action to prevent imminent threats is not clear.” That section of law discusses the voluntary disclosure of customer communications or records.
When asked about the practice of Australian law enforcement monitoring devices inside the U.S. on behalf of the FBI, Senator Ron Wyden told Motherboard in a statement “Multiple intelligence community officials have confirmed to me, in writing, that intelligence agencies cannot ask foreign partners to conduct surveillance that the U.S. would be legally prohibited from doing itself. The FBI should follow this same standard. Allegations that the FBI outsourced warrantless surveillance of Americans to a foreign government raise troubling questions about the Justice Department’s oversight of these practices.”
I and others have long suspected that the NSA uses foreign nationals to get around restrictions that prevent it from spying on Americans. It is interesting to see the FBI using the same trick.
Share
JAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com