Google and Amazon patch DNS-as-a-Service bugs
At Black Hat, security researchers from the cloud security company Wiz demonstrated a vulnerability in hosted DNS service providers that can be used to take over a platform’s nodes, access incoming DNS traffic, opening the door to map[ing customers’ internal networks. The researchers found that some providers, including Amazon and Google did not blacklist their own DNS servers inside their backends, letting the researchers add those servers inside the backend and point it to their internal network. While not all DNS traffic was visible, the approach did expose dynamic DNS updates. Amazon and Google subsequently released updates to resolve the issue, with an unnamed provider currently working on a fix.
Asian telcos hit by separate Chinese cyber attacks
The security firm Cybereason found that at least five Southeast Asian telcos have been hacked by three different Chinese espionage groups over the past year. The groups Gallium, Naikon APT, and APT 27 are believed to be responsible. The goal of these operations appears to be to maintain continuous access to their infrastructure to collect sensitive information to further compromise high-profile business assets. The three groups used different tactics to hit the same victims, in some cases maintaining a presence on a network from as far back as 2017. Cybereason didn’t see any coordination between the groups in the attacks, and believes it likely that other telcos have been compromised.
US government struggles against the cyber security skills shortage
The shortage of potential employees with cyber security skills has been an ongoing industry narrative for a while, with the US government also feeling the issue. Senior officials have said that the slow pace of security hirings is a national security threat. The overall security workforce in the government has increased 8% since 2016. For context, a Department of Homeland Security hiring sprint in May and June resulted in 300 cyber security hires and 500 more job offers, but even with that DHS estimates there are 1,700 more cybersecurity vacancies left to be filled. Replacing retiring workers may also become an issue as there are an estimated 16 times more federal IT workers older than 50 then there are younger than 30. Possible solutions include paid cyber security internships to shepherd in new talent, and opening the door to higher salaries to compete with the private sector.
(WaPo)
Google has fired dozens of engineers for data abuse since 2018
This finding comes from internal documents seen by Motherboard, detailing the firing of Google employees from 2018 to 2020 for abusing access to company tools or data. In 2020, 36 employees were terminated for those reasons, with 86% of all security-related allegations against employees involving mishandling of confidential information, while 10% involved misuse of systems. According to the documents, mishandled data can also result in warnings, training, and coaching for employees. In response to the story, Google said these “mostly relate to inappropriate access to, or misuse of, proprietary and sensitive corporate information or IP.”
Thanks to our episode sponsor,
PlexTrac
Political ad researchers get banned from Facebook
Facebook banned the personal accounts of researchers with the NYU Ad Observatory, saying the researchers violated its terms by scraping user data without permission. The researchers created a browser plug-in called Ad Observer, which collected data on political ad targeting for use by researchers, but claimed to not collect any personally identifiable information. Facebook says it offered to provide data to the researchers directly and warned them of a possible ban last year.
Google consolidates sign-in offerings
This comes in the form of “Google Identity Services,” which puts all “Sign In With Google” under a unified interface with improved fraud protection and security features. Sign In With Google now includes an “authentication module” for its One Tap menu, which can integrate into an existing site and not kick out to a separate page, with developers receiving a secure token to authenticate the user. Google claims integrating this authentication module requires minimal code and in testing has seen an increase in “new user sign up and returning user conversion by almost 2X.”
Facebook trying to serve ads against encrypted messages
The Information’s sources say Facebook is hiring AI researchers specializing in homomorphic encryption, in the hopes of building the ability to analyze the content of encrypted data without having to decrypt it. Such an approach could open the door to eventually targeting ads based on encrypted messages. In response to the report, Facebook told The Information, it’s “too early for us to consider homomorphic encryption for WhatsApp at this time.”
(Engadget)
Ransomware operators recruiting insiders to breach corporate networks
No, that headline wasn’t algorithmically generated based on cybersecurity buzzwords. The LockBit 2.0 ransomware operators are actively recruiting insiders to breach networks. This effectively cuts out the middleman for many ransomware-as-a-service schemes, which typically uses affiliates to breach networks for a share of the ransom. Since relaunching in June, LockBit has added new wallpaper to encrypted Windows machines, promising millions for access to RDP, VPN, and corporate email credentials to gain network access, promising to send willing accomplices a virus to install on a work machine. Bleeping Computer believes these messages are targeted at external IT consultants who work for multiple clients.