Pete Recommends – Weekly highlights on cyber security issues, June 11, 2022

Subject: Ransomware coming for IoT devices, researchers warn
Source: GCN

In a demonstration project, researchers breached a networked IP camera and gained access to IT and operational technology infrastructure to plant ransomware executables.Threat actors can use vulnerabilities in internet-of-things devices and IP-connected operational technologies to spread ransomware through an enterprise, new research shows.

In a June 1 report released by Forescout Technologies’ Vedere Labs, researchers demonstrated a proof-of-concept for a new type of attack they call ransomware for IoT (R4IoT). The next-generation malware breaches networks via IoT devices and then moves laterally through the IT and OT infrastructure, disrupting critical business operations and exfiltrating data.

In a video demonstration, Forescout’s team breached an IP camera connected to a fictional community hospital and executed a remote command that allowed researchers to take over a Windows machine on the hospital network.

“Mixing IP cameras and diagnostic systems – or other business-critical devices – in the same VLAN means that there is a path for an attack to spread from an insecure camera to a critical device,” the report said.


Subject: A look at Justice Alito’s dissent as SCOTUS blocks Texas social media law
Source: Reporters Committee for Freedom of the Press

Alito drew criticism for raising the state’s argument that platforms’ exercise of editorial discretion was in tension with Section 230.

In a very welcome move, the U.S. Supreme Court last week narrowly granted an emergency application by the plaintiffs in NetChoice v. Paxton to block enforcement of H.B. 20, the Texas law that would allow the state to force large social media platforms to host speech they otherwise would not. The Court vacated an order by the U.S. Court of Appeals for the Fifth Circuit that permitted the law to go into effect.

The vote was 5-4. As is standard in emergency applications, the majority blocked the law in a brief, unsigned order. Justice Samuel Alito, joined by Justices Clarence Thomas and Neil Gorsuch, dissented. Justice Elena Kagan voted to deny the application to vacate the stay without further comment.

Notably, Justice Alito’s written dissent contended that it is “quite unclear” whether NetChoice, the trade association representing certain platforms possibly covered by the law, is likely to succeed on the merits of its First Amendment challenge to H.B. 20 under existing law.


Subject: Apple Updates iPhone with ‘Safety Check’ for Domestic Victims
Source: Gizmodo

Apple on Monday unveiled a new feature coming to iOS 16 designed chiefly to help people sever ties with their abusive partners who may tracking their locations or secretly reading their messages.“Many people share passwords and access to their devices with their partner; however, in abusive relationships, this can threaten personal safety and make it harder for victims to get help,” Katie Skinner, a privacy engineering manager at Apple, said during its keynote presentation at the 2022 World Wide Developer Conference, better known as WWDC.

This new feature, dubbed Safety Check, will allow users to quickly halt location information sharing via Find My and reset an iPhone’s privacy settings in the press of a few buttons. Activating Safety Check further helps safeguard users by signing them out on all other devices and restricting access to FaceTime and iMessage.


Subject: Crypto Retirement Trust Sues Winklevoss’ Gemini, Blaming Bad Security for $36 Million Hack
Source: Gizmodo

Back in February, hackers managed to squirrel away approximately $36 million in crypto assets from users’ retirement accounts. In the aftermath of that scam, it’s become less of a “who-dun-it” and more of a “who’s-gonna-take-the-blame?”In a lawsuit filed Monday against Gemini Trust Company, retirement investment company IRA Financial said it was let down by Gemini’s promise of security for its crypto assets.

Gemini is the crypto exchange fronted by the Cameron and Tyler Winklevoss, AKA the Winklevoss twins. IRA Financial was using Gemini’s architecture to secure users’ accounts, when on Feb. 8 an unknown actor began withdrawing bitcoin, ether and U.S. dollars from dozens of users, pilfering millions before the hack was spotted, according to CoinDesk. Gemini has previously blamed IRA for the hack, saying the transfers were made “by utilizing properly authenticated accounts” controlled by IRA that “complied with IRA’s approval processes and appeared to Gemini to be legitimate.”


Subject: Please Improve the American Data Privacy & Protection Act
Source: Gizmodo

After years of fizzled talks and stalled negotiations on a federal data privacy bill, House and Senate committee leaders finally set aside enough of their differences to release a draft of a new bipartisan tech privacy bill this past Friday.The legislation, called the “American Data Privacy and Protection Act,” is being spearheaded by House Energy and Commerce Chair Frank Pallone (D-N.J.), Cathy McMorris Rodgers (R-Wash.) and Sen. Roger Wicker (R-Miss.), ranking member of the Senate Commerce Committee.

And at least from a brief reading of the 10-pager outlining the bill’s basics, it looks pretty good! Upon a deeper reading though, the thing is… well, it’s not pretty good, or even remotely good. It carves out exemptions for bad bosses and law enforcement officials, while letting data brokers continue buying and selling vast amounts of our personal data with impunity.


Subject: Delivering emergency alerts to vehicle infotainment systems
Source: GCN

Drivers may soon receive real-time emergency and fire alerts and improved evacuation routing on their vehicles’ infotainment systems.

The $100,000 contract was awarded to Corner Alliance, Inc., a Washington, D.C.-based small business, to improve emergency alerts from first responders to drivers during emergencies. The contract follows work among DHS S&T and the Federal Emergency Management Agency’s Integrated Public Alert & Warning System program, or IPAWS, that aims to develop a Wildland Urban Interface integration model.


Subject: ExpressVPN Protects Data Privacy by Removing Servers from India

VPN users can rest easy knowing that their data is safe, even from questionable data privacy laws in India, as ExpressVPN has decided to remove servers from the country to better protect user information.The whole point of a VPN is to protect your data from external sources. These handy business tools hide your internet activity and are generally used to improve overall security.

However, news data laws in India threatened to compromise that security by requiring VPNs to store user data. Fortunately, the provider took a stand.

“As countries’ data retention laws shift, we frequently find ourselves adjusting our infrastructure to best protect our users’ privacy and security. In this case, that has meant ending operations in India.”

As far as actual functionality is concerned, we do believe that ExpressVPN is a solid provider when it comes to this kind of business resource. However, our research showed that it’s not necessarily the best option on the market. Our research shows that the best VPN for business is Perimeter 81, as it offers a similarly strict no-logging policy, functionality across all devices, and zero-trust security model.


Subject: Organizations hit by ransomware temporarily or permanently close
Source: Tech Republic

In addition to being permanently or temporarily closed due to ransomware attacks, many victims also suffered employee layoffs and executive resignations.A successful ransomware attack can devastate an organization. And even paying the ransom doesn’t mean your company won’t suffer lasting damage. A report released Tuesday by security provider Cybereason looks at the impact of ransomware on many organizations and offers advice on how to defend yourself against these types of attacks.

Also See


Subject: How Binance became a hub for hackers, fraudsters and drug sellers
Source: A Reuters Special Report

A Reuters Special Report – How crypto giant Binance became a hub for hackers, fraudsters and drug traffickers

For five years, the world’s largest cryptocurrency exchange Binance served as a conduit for the laundering of at least $2.35 billion in illicit funds, a Reuters investigation has found.

In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase, the Slovakian exchange, according to account records that Binance shared with the police and that are reported here for the first time.

“Binance had no idea who was moving money through their exchange” because of the anonymous nature of the accounts, said Eterbase co-founder Robert Auxt, whose firm has been unable to locate or recover the funds.

Eterbase’s lost money is part of a torrent of illicit funds that flowed through Binance from 2017 to 2021, a Reuters investigation has found.

As Reuters reported in January, Binance kept weak money-laundering checks on its users until mid-2021, despite concerns raised by senior company figures starting at least three years earlier. In response to that article, Binance said it was helping drive higher industry standards and the reporting was “wildly outdated.” In August 2021, Binance compelled new and existing users to submit identification.


Subject: U.S.: Chinese govt hackers breached telcos to snoop on network traffic
Source: Bleeping Computer

Several U.S. federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data.

As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks.

Once compromised, the threat actors used the devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting,” the advisory explains.

The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

The federal agencies advise organizations to apply security patches as soon as possible, disable unnecessary ports and protocols to shrink their attack surface, and replace end-of-life network infrastructure that no longer receives security patches.

Related Articles:


Subject: How to Find Out if Your Passwords Are Being Sold Online
Source: Make Use Of via beSpacific

Make Use Of: “Whether you have the strongest or weakest passwords, countless scenarios can leak your password online. It could be a data breach, or you accidentally shared your credentials with a malicious actor through a phishing website. But how do you tell if your password has been hacked? And what are some of the easiest ways to find that? Here, we share some of the most effortless methods through which you can check if your password has ever leaked online…”

Subject: Malware-Infested Word Documents Are Arriving in Email Inboxes

Microsoft Word documents aced with a novel strain of malware are being sent to unsuspecting user’s email inboxes, security researchers have confirmed.

The malicious code – which goes by the name of SVCReady – is being spread via phishing attacks, and computers without antivirus software installed are most at risk.

Security researchers have observed several updates have been released already which suggests it’s far from the finished article.

It’s also not the only case of Microsoft Word being weaponized for malicious purposes this week – Snake Keylogger malware was found inside PDF attachments being distributed for much the same effect.

Protecting Yourself from Phishing Attacks

Microsoft Word documents are sent, received, and opened by millions of users every day — which makes them the perfect vehicle for spreading malware.

There are some golden rules when it comes to email safety. For example, never opening attachments from email addresses you don’t recognize.

Phishing emails are often riddled with spelling mistakes and will try to inject a sense of urgency into victims with some sort of call to action — such as suggesting an account will be blocked or payment will be taken. Being able to recognize these telltale signs is essential.

It’s also a good idea to install antivirus software that has the capacity to scan emails and perform pre-emptive checks on files you download, detect and remove any malware that does make its way onto your system.


Subject: This hacking group quietly spied on their targets for 10 years
Source: ZDNet

Hackers crafted social lures and used a fake removable device to trick targets into installing malware. Researchers have discovered a stealthy espionage campaign by a most likely China-backed hacking group that has targeted government, education and telecommunication organizations since 2013.The attackers used a range of techniques to infect targets with malware, such as via malicious Word documents, fake removable devices leading users to malicious folders, and fake antivirus vendor icons that led to executable files.The group relied on users’ familiarity with the Windows folder icons and the File Explorer interface to dupe victims into running malicious executables. Dubbed Aoqin Dragon by researchers at SentinelLabs, the group’s prime targets were organizations in the Asia Pacific (APAC) region, including Australia, Cambodia, Hong Kong, Singapore, and Vietnam….
Posted in: Cybercrime, Cybersecurity, Gadgets/Gizmos, Legal Research, Privacy, Social Media