WyzGuys Tech Talk

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


US government is snooping on people via phone push notifications, says senator

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apple’s servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by Google.

But, it seems, it’s not just Apple and Google who can view them.

In a letter to Attorney General Merrick B. Garland, Senator Ron Wyden urged the Department of Justice (DOJ) to “permit Apple and Google to inform their customers and the general public about demands for smartphone app notification records.”

And, since Apple and Google serve as intermediaries in the delivery of these push notifications this puts them in “a unique position to facilitate government surveillance of how users are using particular apps, “ wrote Senator Wyden.

The type of information varies from app to app, but in certain cases, it might also contain unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in a notification.

In the letter, Senator Wyden asked the DOJ to repeal or modify any policies that hinder public discussions of push notification spying.  More…


US, India, Taiwan align on cybersecurity

India has joined the US and Taiwan in a trilateral initiative to enhance cybersecurity cooperation, which could provoke a response from China. Representatives from the three nations are meeting in New Delhi for a joint workshop under the Global Cooperation and Training Framework to deepen operational expertise and share best practices on cybersecurity.

Full Story: Deccan Herald (India) (12/11)


Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat.
A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a financially-oriented threat actor dubbed TA4557 with high financial data theft risks and possibly more risks such as intellectual property theft.In this social engineering campaign, the threat actor targets recruiters with benign content before infecting their machines with the More_Eggs malware. This threat actor takes extra care to avoid being detected.  More…


CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

12/13/2023 01:00 PM EST

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.

Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains TeamCity software that ultimately enabled them to bypass authorization and conduct arbitrary code execution on the compromised server. The joint CSA provides information on the SVR’s most recent compromise, actionable indicators of compromise (IOCs), and SIGMA and YARA rules.

The authoring agencies encourage network defenders and organizations review the joint CSA for recommended mitigations and rules. For more information on affiliated advanced persistent threats, see CISA’s Advanced Persistent Threats and Nation-State Actors and Russia Cyber Threat Overview and Advisories webpages. For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals.


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.