this week in security — july 5 edition
|MC_PREVIEW_TEXT|
~this week in security~ a cybersecurity newsletter by @zackwhittaker (https://twitter.com/zackwhittaker)
volume 3, issue 27
View this email in your browser (|ARCHIVE|)
~ ~
** THIS WEEK, TL;DR
How police secretly took over a global phone network for organized crime (https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked) Motherboard: Police took down a massive global “secure” phone network, Encrochat, used almost exclusively by organized crime gangs by busting its encryption. Although details of the hack remain under wraps, police were able to collect and decode a hundred million encrypted messages and learn exactly what these criminals were up to: drug deals, murders and extortion plots. Using obtained documents and sources, @josephfcox (https://twitter.com/josephfcox) takes an in-depth look at Europe and the U.K.’s “biggest and most significant” law enforcement operation. More than 100 suspects have been arrested as a result, and police have seized more than 8,000 kilos of cocaine and 1,200 kilos of crystal meth. But questions remain open about the legality of the operation, something defense lawyers will no doubt be keen to capitalize on. More: Europol (https://www.europol.europa.eu/newsroom/news/dismantling-of-encrypted-network-sends-shockwaves-through-organised-crime-groups-across-europe) | BBC News (https://www.bbc.com/news/uk-53263310)
Foreign adversaries likely to try exploiting critical networking bug, U.S. says (https://arstechnica.com/information-technology/2020/06/foreign-adversaries-likely-to-exploit-critical-networking-bug-us-gov-says/) Ars Technica: The NSA and other U.S. cyber agencies are warning that nation-state hackers are “likely” working to exploit a bug in a widely used Palo Alto Networks’ firewall and VPN appliance. If exploited, it could allow unauthenticated access to the network. Remember last year (https://techcrunch.com/2019/04/12/enterprise-security-flaws/) when similar bugs were found and those that didn’t patch were exploited and delivered ransomware? Now the NSA is warning (https://www.cbsnews.com/news/national-security-agency-warns-that-vpns-could-be-susceptible-to-cyberattacks/) that it could happen again. More: CBS News (https://www.cbsnews.com/news/national-security-agency-warns-that-vpns-could-be-susceptible-to-cyberattacks/) | @CNMF_CyberAlert (https://twitter.com/CNMF_CyberAlert/status/1277674547542659074)
How hackers extorted $1.14m from University of California, San Francisco (https://www.bbc.com/news/technology-53214783) BBC News: After infecting UCSF with ransomware, hackers demanded $1.14 million from the university to get their files back. The ransomware, NetWalker, not only steals and encrypts users’ files, but it also publishes a portion on a hacker-owned website to “encourage” the victim to pay up. A tip-off let the BBC spectate on real-time negotiations of paying the ransom. More: @ProfWoodward (https://twitter.com/ProfWoodward/status/1277543475525926912) China’s malware stalked Uighurs earlier and more widely, say researchers (https://www.nytimes.com/2020/07/01/technology/china-uighurs-hackers-malware-hackers-smartphones.html) New York Times ($): New research shows that Uighur Muslims, an oppressed minority in China, of which more than a million are now in prison camps, have been targeted by Chinese authorities for far longer and more widely than previously thought (https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/) . Lookout Security found links between 8 kinds of malware that siphon off data from victims’ smartphones dating back to 2013. The Times called the hacking an “early cornerstone” in what became a full on front against the Muslim minority group. It’s also part of China’s efforts to monitor Uighurs — even after they fled China. More: Cyberscoop (https://www.cyberscoop.com/china-surveillance-uighur-xinjiang-lookout/) | @RonDeibert tweets (https://twitter.com/RonDeibert/status/1278290493147881473)
During a pandemic, stalkerware becomes even more sinister (https://www.cyberscoop.com/stalkerware-pandemic-coronavirus-domestic-violence/) Cyberscoop: The use of stalkerware is going up, according to researchers, and the pandemic is one of the main reasons why. Three antivirus companies told Cyberscoop that they saw a rise in stalkerware infections. This kind of spyware is also called “spouseware,” because it’s frequently used by people to spy on their spouses — without their permission. This was an insightful and telling insight into how trapped some of these people can be — and why stalkerware needs to be crushed out of existence. More: @shanvav tweets (https://twitter.com/shanvav/status/1278038295025537025)
Senate turns surveillance bill into anti-free speech bill (https://gizmodo.com/senate-turns-shitty-orwellian-surveillance-bill-into-po-1844252068) Gizmodo: Remember the Earn-IT Act? It was designed to nudge Facebook and other tech giants away from using end-to-end encryption. If they did, they wouldn’t have their Section 230 protections taken away — those same protections prevent Facebook et al from getting sued for what their users say on their platform. The bill was widely panned (https://foundation.mozilla.org/en/campaigns/oppose-earn-it-act/) , then gutted, and eventually reborn as an anti-free speech bill. @dellcam (https://twitter.com/dellcam) explains why. More: Mozilla Foundation (https://foundation.mozilla.org/en/campaigns/oppose-earn-it-act/) | Wired ($) (https://www.wired.com/story/security-news-encryption-busting-earn-it-act-advances-senate/) ~ ~ SUPPORT THIS NEWSLETTER
A big thank you to everyone who reads this newsletter! If you want to spare $1/month (or more for perks (https://www.patreon.com/posts/mugs-are-on-way-32666051) !) it helps to maintain its upkeep. Contribute to the Patreon here (https://www.patreon.com/thisweekinsecurity) ! ~ ~
** THE STUFF YOU MIGHT’VE MISSED
New Mac ransomware spreading through piracy (https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/) Malwarebytes: Meet ThiefQuest, a rare, new kind ransomware that targets Macs. The ransomware is bundled up in pirated software and, once installed, it scrambled the user’s Keychain, where all the device and user passwords are stored, and other user files. Always keep a backup! At least on the bright side, macOS Big Sur, expected out later this year, will stop similar attacks that use the “silent installations” (https://www.zdnet.com/article/new-apple-macos-big-sur-feature-to-hamper-adware-operations/) of profiles to remotely control and administer a device.
Hong Kong internet firms must comply’ with police demands under new security law (https://www.scmp.com/news/hong-kong/law-and-crime/article/3091618/national-security-law-hong-kong-internet-firms-will) South China Morning Post: Here might be a major, largely overlooked consequence of the new Beijing-imposed national security law (https://www.bbc.com/news/world-asia-china-52765838) in Hong Kong: any company now based in the city-sized nation state will now have to comply with government demands for data from China. “Now the law has given police the power to ask the companies for assistance, we will just have to do it… there is no resisting this,” said one expert. That could have serious consequences for Western companies that use Hong Kong as a strategic outpost in Asia.
Android hackers impersonate U.S., European postal services (https://www.cyberscoop.com/fakespy-android-cybereason-postal-service/) Cyberscoop: Researchers at Cybereason (https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world) say they’ve found a hacking group impersonating U.S. and European postal services. By sending thousands of victims a link in a text message alerting them to a non-existent package to pick up, the hackers can trick the victims into downloading and installing a malicious app, not found in the Google Play app store. Once installed, the hackers can steal financial data from mobile apps.
Inside the invasive, secretive “bossware” tracking workers (https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers) Electronic Frontier Foundation: EFF experts have a great in-depth analysis on “bossware,” like stalkerware but mandated for employees by bosses who want to snoop on them as they work from home. “At a technical level, these products are indistinguishable from stalkerware,” wrote the experts. Anyone who uses a work computer should take note. ~ ~
** OTHER NEWSY NUGGETS
A bitcoin wallet flaw leads to double spend attacks and inflated balance (https://techcrunch.com/2020/07/01/a-vulnerability-in-some-bitcoin-wallets-leads-to-double-spend-attacks-and-inflated-balance/) A new vulnerability found in popular hardware cryptocurrency wallets “might lead to an incorrect balance on your wallet as unconfirmed transactions are taken into account in your total balance,” reports @romaindillet (https://twitter.com/romaindillet) . “The attacker could revoke the transaction before it is confirmed, which could lead to some confusion.” Interesting write-up, particularly if you’re a cryptocurrency owner.
EFF files amicus brief arguing ‘geofence warrants’ violate the Fourth Amendment (https://www.eff.org/deeplinks/2020/07/eff-files-amicus-brief-arguing-geofence-warrants-violate-fourth-amendment) Long-time readers of this newsletter will know about geofence warrants — also known as reverse-location warrants — when police give big tech companies a set of location coordinates and a time, and they demand to know everyone who was in that “geofence” for a time period where a crime was committed. The aim is to catch the criminal. But frequently these warrants pick up entirely innocent people. If the EFF gets its way, these warrants may no longer be allowed. ~ ~
** THE HAPPY CORNER
This week, we’re all about the masks. Wear one! It’s literally the least you can do. If you need one, here’s one (https://twitter.com/julian_west/status/1277675180266061824?s=21) for the networking nerds out there. Twitter said this week it is working on more inclusive dev language (https://twitter.com/twittereng/status/1278733305190342656?s=21) , by replacing historically used words like “blacklist/whitelist” with “allowlist/denylist,” a move that sparked a debate in the tech community. While some have noted that it’s a good start, others have argued that it’s window dressing at best and doesn’t do much to address the core issue of racism in our society.
In other news, this Chromium changelog (https://twitter.com/mrdoob/status/1278736041034133504?s=21) hits the nail on the head. “Open source proves that many voices, many contributions, together can change the world. It depends on it.” Hell yeah.
And… one last thing. This edition marks two years (https://tinyletter.com/zackwhittaker/letters/this-week-in-security-july-8-edition) since I started this newsletter. A big thanks to everyone who reads, subscribes, sends in cybercats, and contributes to its Patreon. Thank you. If you want to nominate some good news from the week, feel free to reach out (mailto:this@weekinsecurity.com?subject=Good%20news%20for%20your%20newsletter) . ~ ~
** THIS WEEK’S CYBER CAT
This week’s cyber cat is Smitten T. Kitten, protector of the home office — except this time, as you can see, was caught sleeping on the job, Good thing you’re cute, eh? A big thanks to @erinmj5 (https://twitter.com/erinmj5) for sending in the photo! Don’t forget to send in your cyber cats! The more, the merrier. You can email them in here (mailto:this@weekinsecurity.com?subject=Cyber%20Cat%20submission&body=Please%20include%20a%20JPG%20of%20your%20cyber%20cat%2C%20their%20name%2C%20and%20also%20your%20name%20and%20Twitter%20handle%20if%20you%20want%20credit.) . ~ ~
** SUGGESTION BOX
That’s all for now. Thanks for reading! As always, you’re welcome to drop any feedback in the suggestion box (https://docs.google.com/forms/d/e/1FAIpQLSebkpf8z8TvMJoixuSzmrR-CTLcOv_ufF7voso1HZBI_f5zrw/viewform) . Hope to see you again next Sunday — have a great one, folks.
============================================================ |IFNOT:ARCHIVE_PAGE| |LIST:DESCRIPTION|
Our mailing address is: |LIST_ADDRESS| |END:IF| You can update your preferences (|UPDATE_PROFILE|) or unsubscribe from this list (|UNSUB|) .