Pete Recommends – Weekly highlights on cyber security issues, June 29, 2024

Subject: Google Chrome Web Store still has security work to do
Source: The Register
https://www.theregister.com/2024/06/23/google_chrome_web_store_vetting/

All depends on how you count it – Chocolate Factory claims 1% fail rateGoogle this week offered reassurance that its vetting of Chrome extensions catches most malicious code, even as it acknowledged that “as with any software, extensions can also introduce risk.”

Coincidentally, a trio of researchers affiliated with Stanford University in the US and the CISPA Helmholtz Center for Information Security in Germany just published a paper about recent Chrome Web Store data that suggest the risk posed by browser extensions is far greater than Google admits to.

The paper, “What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions,” is scheduled to be presented at the ACM Asia Conference on Computer and Communications Security (ASIA CCS ’24) in July.

Browser extensions have long been a matter of concern because they have access to sensitive information. They may be able to see the data going into or out of your web browser, depending upon the permissions granted. They’ve been used by miscreants to spread malware, to track and spy on users, and to steal data. But since most extensions are free, there’s never been much of a revenue stream that browser store operators can use to fund security.

The boffins also point out that the store rating system doesn’t appear to be effective at separating good extensions from bad ones. That’s because the user ratings for malicious SNEs are not significantly different from benign extensions.

A Google spokesperson told The Register on Friday: We appreciate the work of the research community, and always welcome suggestions for ways to maintain the safety of the Chrome Web Store. We agree that unmaintained extensions are often less secure, which is one of the reasons we are taking steps to remove support for outdated Manifest V2 extensions. Manifest V3 addresses many of the concerns highlighted in the report, including the risks posed by remotely hosted code, so we are glad to see researchers supporting the importance of that transition.

More about

Filed: https://www.theregister.com/security/research/


Subject: Red Tape Is Making Hospital Ransomware Attacks Worse
Source: WIRED
https://www.wired.com/story/ransomware-health-care-assurance-letters/[h/t Sabrina]

Crippling ransomware attacks against hospitals and health care providers are on the rise. These ruthless cyberattacks can take medical systems offline for weeks—canceling appointments and surgeries and causing harm to patients. Doctors and nurses are plunged into crisis situations where they resort to using pen and paper, while IT staff work to make systems safe and bring them back online. The recovery can be long-lasting and brutal.Health care professionals, lawyers, and cybersecurity experts tell WIRED that amid the chaos caused by criminal hackers, a little-known bureaucratic process can slow down hospitals and medical providers getting their systems working again.

The red tape involves organizations hit by ransomware sending detailed “assurance” or “attestation” letters to companies that they connect their systems or software with. These letters are designed to convince organizations that it is safe to reconnect after the ransomware attack, but they can add extra pressure to those already dealing with physically and mentally draining recovery operations.

The letters aren’t required by any law and are not unique to medical organizations impacted by ransomware attacks, but experts say in situations where lives are at risk, more efficient processes should be considered.


Subject: U.N. launches global principles for online hate, disinformation
Source: NPR via AP via WHYY
https://whyy.org/articles/online-disinformation-hate-speech-united-nations-global-principles-big-tech/

Principles laid out Monday call on tech companies, advertisers and media to refrain from using disinformation and hate speech for any purpose and ensure the ethical use of AI.The United Nations chief on Monday launched global principles to combat online hate and lies and demanded that big tech companies use their power to reduce the harm they are doing to people and societies around the world.

Secretary-General António Guterres also demanded that advertising and public relations companies “stop monetizing harmful content” and strengthen information integrity. He urged media outlets “to raise and enforce editorial standards” and governments to commit to creating and maintaining a free and independent media landscape.

All parties involved in the development of artificial intelligence should take urgent and transparent measures to ensure that all AI applications are designed, deployed and used safely, securely, responsibly and ethically, and uphold human rights, according to the principles.

As for advertisers and the PR industry, the U.N. chief singled out the coordinated disinformation campaigns seeking to undermine action to address the climate crisis.

“No one should be at the mercy of an algorithm they don’t control, which was not designed to safeguard their interests, and tracks their behavior to collect personal data and keep them hooked,” he said.


Subject: U.S. Bans Kaspersky – Here Are the Best Antivirus Alternatives
Source: tech.io
https://tech.co/news/us-bans-kaspersky-best-antivirus-alternatives

After years of warnings and threats, the US has officially banned Kaspersky, the Russian-backed antivirus software and cybersecurity firm.

Now, the company is entirely banned from operating in the US, which means any leftover users are going to need an antivirus alternative to keep their data secure. Luckily, we can help/

US Bans Kaspersky – The Biden administration announced this week that all Kaspersky products are banned from use in the US, over fears that the company is a willing participant in Russia’s attempts to use the data to subvert US interests.

“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people.” – Gina Raimondo, US Secretary of Commerce

The ban doesn’t go into effect immediately, though. Users have Kaspersky products have 100 days to find an alternative, at which point these services will be entirely unavailable in the US.

https://quotes.tech.co/antivirus-comparison


Subject: Preserving competition is essential to foster innovation
Source: Mastodon
https://newsie.social/@[email protected]/112677347867679317

Preserving competition is essential to foster innovation.Today we have informed Microsoft of our preliminary view that it has breached EU antitrust rules by tying Teams to its popular productivity applications included in its suites for businesses, Office 365 and Microsoft 365.
Our preliminary findings indicate that the changes made by Microsoft since July 2023 are insufficient to address our concerns and more changes are necessary to restore competition.More: europa.eu/!VB8t7t

Subject: AI Tools Make It Easy to Clone Someone’s Voice Without Consent
Source: Proofnews via Mastordon
https://newsie.social/@[email protected]/112677760722681363

Several companies have made it easy to impersonate voices using AI tools, with little regard for consent. Proof News examined the policies and enforcement of eight popular voice cloning tools, revealing widespread gaps in ensuring voices are cloned ethically. https://www.proofnews.org/ai-tools-make-it-easy-to-clone-someones-voice-without-consent/

RSS: https://www.proofnews.org/tag/the-ai-democracy-projects/rss/


Subject: Snowblind is a new Android banking malware abusing a safety tool
Source: Android Headlines
https://www.androidheadlines.com/2024/06/snowblind-android-banking-malware.html

Mobile app security provider Promon has uncovered a never-before-seen Android banking malware. Dubbed Snowblind, it uses a novel technique to exploit Android OS functionalities and compromise banking apps. The firm says the malware is effective on all Android devices, including the best ones with the strongest security measures. It requires app-level security enhancements to nullify potential financial loss.Snowblind is a first-of-its-kind Android banking malware

Snowblind appears to be one of the most advanced Android banking malware with novel anti-detection techniques. According to Promon, the malware manipulates a Linux kernel safety feature built into Android OS called “seccomp” (secure computing). The feature “controls what an app is allowed to do by limiting the system calls, or requests, an application can make from the operating system.”

To make their work easier, Snowblind can disable security features such as two-factor authentication (2FA) and biometric verification. It can also exfiltrate sensitive personally identifiable information and transaction data from the app. This data can be exploited later for fraudulent activities, including impersonation. Since Snowblind attacks the app itself, it is effective on all modern Android devices.


Subject: Zero-Day Exploits: Definition & How It Works (With Examples)
Source: TechRepublic
https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/ – [h/t Sabrina]

Zero-day exploits use unknown vulnerabilities to infiltrate PCs, networks, mobile phones and IoT devices. For unprepared security teams, these exploits bring financial consequences and long-term risks.

Highlights

  • Zero-day exploits are vulnerabilities in software or hardware that are unknown to the vendor or developer, so there is no patch or fix available at the time of their discovery.
  • A zero-day attack occurs when a threat actor exploits this vulnerability before a patch can be created and distributed.
  • Some of the most common attack vectors are buffer overflows, phishing, malicious websites and direct network attacks that exploit protocol flaws. The most infamous cases of zero-day exploits include the MOVEit and Stuxnet vulnerabilities.

Zero-day exploits are code vulnerabilities and loopholes that are unknown to software vendors, security researchers and the public. These critical vulnerabilities have severe impacts on businesses, governments and individuals. Cybercriminals and even foreign governments use these exploits to compromise data, disrupt operations and jeopardize national security.

With such high stakes on the line, it is critical for IT, security and business professionals to have a good understanding of how zero-day exploits work in order to grasp their potential impact and devise effective countermeasures.

What is a zero-day exploit?

[…]

The zero-day ecosystem is evolving quickly and touches every market. For more dedicated training and certification, check out The All-in-One Ethical Hacking & Penetration Testing Bundle from TechRepublic Academy.

Filed: https://www.techrepublic.com/topic/security/

RSS: https://www.techrepublic.com/rssfeeds/topic/security/

Must-read security coverage


Subject: International roaming down for AT&T, T-Mobile & Verizon users
Source: Android Headlines
https://www.androidheadlines.com/2024/06/international-roaming-down-for-att-t-mobile-verizon-users.html

Americans touring other parts of the world are facing major mobile connectivity issues due to an international roaming outage. Roaming services are down on all three major US wireless carriers—AT&TT-Mobile, and Verizon. The companies are aware of the issues but don’t seem to have devised a fix yet.International roaming is down for all major US carriers

Over the past few hours, hundreds of American mobile subscribers have reported issues with international roaming. Posts on Reddit and other online platforms suggest roaming services are completely down for some users, while others are getting intermittent connectivity that lasts a while and then goes away.

As of this writing, the carriers haven’t specified the root cause of the issue. Users are speculating that a mistake while making changes to the way that carriers support legacy data standards (2G and 3G) led to an international roaming outage. Syniverse, the firm that helps carriers in this transition, recently said that carriers are working on this switch.


Subject: Google already had defense against Snowblind Android malware
Source: Android Headlines
https://www.androidheadlines.com/2024/06/google-already-had-defense-against-snowblind-android-malware.html

Yesterday, a security firm published a report about a never-before-seen Android malware named Snowblind. It allegedly abuses a built-in Android safety feature to avoid detection. Its novel technique made all modern Android devices and apps vulnerable to it. However, Google refutes the claim. In a statement to Android Headlines, the Android maker said it was already aware of the malware and has implemented safety measures against it.Google Play Protect can detect and block Snowblind Android malware

“Based on our current detection, no apps containing this malware are found on Google Play,” the official statement added. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

[…]


Subject: Interpol Arrests Almost 4,000 People in Crackdown on International Online Scams
Source: Gizmodo
https://gizmodo.com/interpol-fraud-scams-ftc-operation-first-light-2024-1851566535

Americans lost $10 billion to fraud in 2023, with $1.4 billion worth starting on social media, according to the FTC.Police around the world have arrested 3,950 people and seized assets totaling $257 million in a coordinated effort to crack down on online scams, according to a news release Thursday from Interpol. Dubbed Operation First Light 2024, the scammers engaged in a variety of online crimes, including phishing, investment fraud, taking in money from fake shopping sites, and romance scams, the international law enforcement agency says.

News of the arrests, first reported by The Record, comes as authorities in the U.S. warn about a huge uptick in online scams, with over $10 billion lost by consumers last year alone. And fraud isn’t just achieved through electronic payments like crypto.


Subject: TeamViewer investigating intrusion of corporate IT environment
Source: The Record
https://therecord.media/teamviewer-investigating-intrusion-it

Software company TeamViewer said it is investigating a possible intrusion of its internal corporate IT environment after discovering irregularities on Wednesday.

In a statement published on Thursday afternoon, the company explained that it immediately activated teams to begin looking into the issue. But TeamViewer — which creates a popular brand of remote access and remote control software — said its corporate environment is “completely independent from the product environment.”

“There is no evidence to suggest that the product environment or customer data is affected. Investigations are ongoing and our primary focus remains to ensure the integrity of our systems,” the company’s statement said, adding that it plans to provide more updates as the investigation continues.

When reached for more information about the incident, a company spokesperson told Recorded Future News that it is “unable to provide further details beyond the previously shared statement at this time.”

Tagged:

Posted in: AI, Cybercrime, Cybersecurity, Economy, Financial System, Privacy