Pete Recommends – Weekly highlights on cyber security issues, December 23, 2023

Subject: Justice Department cracks down on microtransaction scams
Source: UPI.com
https://www.upi.com/Top_News/US/2023/12/15/justice-department-fraud-microtransactionsamerican-officials-are-cracking-down-on-so-called-microtransactions-which-target-unsuspecting-consumers-the-us-justice-departm/1641702667665/

Dec. 15 (UPI) American officials are cracking down on so-called “microtransactions,” which target unsuspecting consumers, the U.S. Justice Department announced Friday. The department’s Consumer Protection Branch has filed several civil lawsuits that aim to “halt networks of fraudsters that use misrepresentations or unauthorized charges to steal money from consumers’ financial accounts.”

In both cases, suspects processed client payments using unauthorized charges on consumers’ accounts “and engaged in a variety of other illegal activities, including technical support scams.”

Justice Department officials contend the defendants use the “microtransactions,” also referred to as “microdebits” to slowly siphon money from an individual’s bank account via “unauthorized charges with a large number of low-value, straw transactions to lower the fraudster’s chargeback rate.”


Subject: Microsoft unveils new, more secure Windows Protected Print Mode
Source: BleepingComputer
https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-more-secure-windows-protected-print-mode/

Microsoft announced a new Windows Protected Print Mode (WPP), introducing significant security enhancements to the Windows print system. “WPP builds on the existing IPP print stack where only Mopria certified printers are supported, and disables the ability to load third-party drivers. By doing this, we can make meaningful improvements to print security in Windows that otherwise could not happen,” said Johnathan Norman, Microsoft Offensive Research & Security Engineering (MORSE) principal engineer manager.

“Print bugs played a role in Stuxnet and Print Nightmare, and account for 9% of all Windows cases reported to MSRC.”

The Microsoft Offensive Research & Security Engineering (MORSE) team analyzed all MSRC cases linked to Windows Print and “found is that Windows Protected Print Mode mitigated over half of those vulnerabilities.”


Subject: Google Just Denied Cops a Key Surveillance Tool
Source: WIRED
https://www.wired.com/story/google-geofence-warrants-security-roundup/

Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.

Geofence warrants, which require tech companies to cough up data on everyone in a certain geographic area at a certain time, have become an incredibly powerful tool for law enforcement. Sending a geofence warrant to Google, in particular, has come to be seen as almost an “easy button” among police investigators, given that Google has long stored location data on users in the cloud, where it can be demanded to help police identify suspects based on the timing and location of a crime alone—a practice that has appalled privacy advocates and other critics who say it violates the Fourth Amendment. Now, Google has made technical changes to rein in that surveillance power.

Chinese Hackers Are Invading a Disturbing Variety of US Critical Infrastructure


Subject: Zelle Will Offer Refunds to Victims of Scams
Source: Cord Cutters News
https://cordcuttersnews.com/zelle-will-offer-refunds-to-victims-of-scams/

After a policy change in June, thousands of banks who work with Zelle have started refunding money to victims of imposter scams as the company aims to strengthen consumer protections at the request of U.S. lawmakers and federal consumer watchdogs.There are 2,100 financial groups that offer money transfer services through Zelle. They began reversing fraudulent transactions on June 30 for customers conned into wiring money to scammers who claimed to be from government agencies, banks, and service providers, according to Early Warning Services, a company that owns Zelle.

While there are a lot of safeguards in place across financial institutions for people targeted by fraudsters who illegally gain access to a person’s account, there are few protections to help people tricked into sending money to scammers. Venmo, the other popular money-transfer service, doesn’t offer any way to get a refund after a payment is sent.

For more information, visit the Zelle Pay it Safe Education Center.


Subject: State, local agencies team with GSA for text alert service
Source: StateScoop
https://statescoop.com/gsa-state-local-government-text-messages/

A new texting service from the General Services Administration is helping state and local governments notify residents of application deadlines, fraud reduction tips and critical service updates.

Four state and local governments will be able to notify residents of application deadlines, fraud reduction tips, critical service updates and other notices via text messaging in a new partnership with the General Services Administration.

GSA on Thursday announced the partnerships, which use Notify.gov, a text messaging service that helps all levels of government communicate with residents. The new partnerships include the states of Wisconsin and Washington, the City of Norfolk, Virginia, and Montgomery County, Maryland.

RSS Feed: https://statescoop.com/feed/


Subject: Former IT manager pleads guilty to attacking high school network
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/former-it-manager-pleads-guilty-to-attacking-high-school-network/

Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023. Last week, the U.S. Department of Justice (DOJ) announced that LaHiff pleaded guilty to one count of unauthorized damage to protected computers, violating the Computer Fraud and Abuse Act (CFAA).

The DOJ announcement describes the cyberattack as an act of retaliation, specifically targeting Apple and IT administrator accounts to cause damage and disruption to the school’s operations.

This is another case of a disgruntled former employee using their not-revoked high-level access to cause damage to critical networks out of spite. The simple act of coordinating human resource decisions with IT department actions, such as revoking account access for dismissed personnel, would significantly mitigate such risks. Interestingly, despite his actions, LaHiff had already filled a similar position at another public high school, which the judge is requiring LaHiff to notify about the guilty plea. LaHiff is scheduled to be sentenced on March 20, 2024, and faces a potential maximum penalty of 10 years in prison and fines of up to $250,000.

Tagged:


Subject: Hundreds of US synagogues receive bomb threats as spree continues despite arrests
Source: Jewish Telegraphic Agency
https://www.jta.org/2023/12/17/united-states/hundreds-of-us-synagogues-receive-bomb-threats-as-spree-continues-despite-arrests

(JTA) — Hundreds of synagogues and Jewish institutions across the United States received bomb threats by email this weekend, in a substantial acceleration of a months-long spree of hoax threats. The Secure Community Network, which coordinates security for Jewish institutions nationwide, said early Sunday that it had tracked 199 threats over the past 24 hours, with nearly 100 in California and 62 in Arizona. Synagogues in at least 17 states plus Washington, D.C., were affected, according to local media reports.

The surge in threats comes at a time of high anxiety for American Jews amid a spike in reports of antisemitic incidents amid Israel’s war in Gaza. It also follows multiple arrests of people who have been charged with sending bomb threats targeting Jewish and other institutions, including a minor in California last week and a man in Peru in September.


Subject: Xfinity discloses data breach after recent Citrix server hack
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/xfinity-discloses-data-breach-after-recent-citrix-server-hack/

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19.

Cybersecurity company Mandiant says the Citrix flaw had been actively exploited as a zero-day since at least late August 2023. Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to an undisclosed number of customers from its systems.

“After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords,” the company said.

Users’ passwords reset without any info. While Xfinity says it has asked users to reset their passwords to protect affected accounts, customers report that they had been getting password reset requests last week without any indication as to why that was happening.


Subject: #StopRansomware: Play Ransomware
Source: CISA via Sabrina
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a #StopRansomware: Play Ransomware

ACTIONS TO TAKE TODAY TO MITIGATE CYBER THREATS FROM PLAY RANSOMWARE:

  1. Prioritize remediating known exploited vulnerabilities.
  2. Enable multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems.
  3. Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments.

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations as recently as October 2023.

Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe. As of October 2023, the FBI was aware of approximately 300 affected entities allegedly exploited by the ransomware actors.

In Australia, the first Play ransomware incident was observed in April 2023, and most recently in November 2023.

The Play ransomware group is presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data. Ransom notes do not include an initial ransom demand or payment instructions, rather, victims are instructed to contact the threat actors via email.

The FBI, CISA, and ASD’s ACSC encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. This includes requiring multifactor authentication, maintaining offline backups of data, implementing a recovery plan, and keeping all operating systems, software, and firmware up to date.


Subject: Artificial intelligence can find your location, alarming privacy experts
Source: NPR
https://www.npr.org/2023/12/19/1219984002/artificial-intelligence-can-find-your-location-in-photos-worrying-privacy-expert

A student project has revealed yet another power of artificial intelligence — it can be extremely good at geolocating where photos are taken. The project, known as Predicting Image Geolocations (or PIGEON, for short) was designed by three Stanford graduate students in order to identify locations on Google Street View.

But when presented with a few personal photos it had never seen before, the program was, in the majority of cases, able to make accurate guesses about where the photos were taken.

Like so many applications of AI, this new power is likely to be a double-edged sword: It may help people identify the locations of old snapshots from relatives, or allow field biologists to conduct rapid surveys of entire regions for invasive plant species, to name but a few of many likely beneficial applications.

Stanley worries that similar technology, which he feels will almost certainly become widely available, could be used for government surveillance, corporate tracking or even stalking. “From a privacy point of view, your location can be a very sensitive set of information,” he says.

AI has arrived at your destination…The Stanford students trained their version of the system with images from Google Street View. “We created our own dataset of around 500,000 street view images,” Alberti says. “That’s actually not that much data, [and] we were able to get quite spectacular performance.”

Filed: https://www.npr.org/sections/technology/

Tagged:


Subject: Rite Aid Banned From Using Facial Recognition Tech
Source: The Verge via Newser
https://www.newser.com/story/344075/rite-aid-banned-from-using-facial-recognition-tech.html

Due to what the Federal Trade Commission calls Rite Aid’s “reckless” use of facial recognition technology in hundreds of stores from 2012 to 2020, the drugstore chain is now prohibited from using it for five years. The ban is part of Rite Aid’s settlement with the FTC over charges that its use of AI-based facial recognition technology harmed customers, the Hill reports. The FTC says the retailer didn’t alert customers that the tech was being used, then captured images of all customers and created a database of anyone believed to be shoplifting or otherwise acting suspiciously. For some customers, their names and birth dates were included in the database, the Verge reports….


Subject: INTERPOL Arrests 3,500 Suspects in Sweeping Cybercrime Operation
Source: Gizmodo
https://gizmodo.com/interpol-arrest-3-500-cybercrime-operation-300-million-1851113003

Interpol, an international police organization, has arrested nearly 3,500 people allegedly connected to cybercrime in a sweeping operation announced on Tuesday. $300 million worth of assets across 34 countries were reportedly seized. The operation, Haechi IV, blocked over 80,000 suspicious bank accounts and warned government officials of new types of scams using AI and fake NFTs.

Malicious hacks have dominated the news cycle recently, as Interpol’s operation reported a 200% surge in arrests this year. Comcast experienced a data breach affecting 36 million accounts according to the Wall Street Journal Tuesday, potentially compromising every single Xfinity account.


Subject: How to Check If Something Online Was Written by AI
Source: Gizmodo via beSpacific
https://www.bespacific.com/how-to-check-if-something-online-was-written-by-ai/

Gizmodo: “Generative artificial intelligence is everywhere you look these days, including on the web: advanced predictive text bots such as ChatGPT can now spew out endless reams of text on every topic imaginable and make all this written content natural enough that it could plausibly have been written by a human being. So, how can you make sure the articles and features you’re reading online have been thought up and typed out by an actual human being? While there isn’t any foolproof, 100 percent guaranteed way of doing this, there are a variety of clues you can look out for to spot what’s AI-generated and what isn’t…”

Subject: Google brings privacy washing to Android
Source: Proton
https://proton.me/blog/google-privacy-washing-android

Published on December 21, 2023

Google has made sure that 2023 will go down as the year of privacy washing (new window). It introduced a new “ad privacy feature” for Chrome (new window) in September, and now it’s broadened the release of the beta version of Ad Topics for Android (both part of its misleadingly named Privacy Sandbox initiative). In both instances, Google sold a move to give itself total monopolistic control over the ability to spy on your activity as a “privacy feature”.

Unfortunately for us, Google as a business is entirely dependent on advertising. In 2022, Alphabet, Google’s parent company, made roughly $224.5 billion from advertising (new window), or almost 80% of its revenue. Even minimal attempts to introduce true privacy would fundamentally alter the company.

Google wants to have it both ways — it wants to appeal to the global privacy movement that only continues to grow without actually giving up any of its access to your information. Hence it dresses up new surveillance systems as privacy features.

Posted in: AI, Criminal Law, Cybercrime, Cybersecurity, Financial System, Government Resources, Information Management, Legal Research, Privacy, Search Engines, Search Strategies, Spyware