Ukraine takes down social media bot farm
The Ukrainian Security Service announced it shut down two bot farms used to manage over 18,000 accounts that were supervised by “organizers from Russia.” Ukrainian autheorities said the bots were used to spread panic on social media, as well as send bomb threats. Authorities seized four GSM gateways and 3000 SIM cards used by the bot farm operators, which operated out of their apartments. Authorities did not provide specifics about how long the bot farm had been operating or what platforms they specifically targeted.
Federal use of cell siphoning tech on the rise
According to documents seen by The Intercept, fourteen of the fifteen US Cabinet departments acquired products from the Israeli surveillance company Cellebrite in recent years, as well as several other federal agencies. This includes the Departments of Agriculture and Education, HUD, and the CDC. In SEC filings, Cellebrite claims to have over 2,800 government customers in North America. The company’s flagship product is the Universal Forensic Extraction Device, a phone, desktop, and cloud hacking kit. Most federal agencies did not comment on how they use Cellebrite’s products, with the Department of Education and Department of Energy saying it was used to determine if a government-issued device were compromised.
Microsoft expands security business
In its most recent earnings report, Microsoft reported it’s security business is booming, with $15 billion in revenue in 2021, up 45% on the year. Following on that, two interesting bits of news showing Microsoft has further plans to expand it’s security business. Bloomberg’s sources say Microsoft is in discussions to acquire the cybersecurity research company Mandiant. Maniant only became an independent company again in 2021, after being spun out from FireEye.
Microsoft also launched a preview of a new Microsoft Defender app for Android and Windows in the US. This app shows all devices connected to the same Microsoft account, displaying the number of apps, links, and files scanned in the last 24 hours. On Android it will alert users to potentially malicious apps, on Windows it serves as a compliment to Windows Security, showing settings for virus & threat protection.
Microsoft’s war on macros continues
Last month, Microsoft disabled Excel 4.0 macros by default. Now starting in April, Microsoft Office will block all Visual Basic for Applications macros for files downloaded from the internet by default. Currently Office displays a banner warning about macros, but you can click through to use them. Microsoft will make this macro blocking default on all supported standalone versions of Office, going back to Office 2013, as well as Microsoft 365. Individual users can still allow macros in document properties, and organizations can change this default in Office’s control panel.
Thanks to our episode sponsor, Datadog
To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
Meta Oversight Board urges improvements to doxxing rules
The independent “Oversight Board” issued an opinion Tuesday recommending Facebook and Instagram tighten their restrictions on sharing home addresses. Facebook allows such information to be published without restriction if it’s considered “generally available,” which is currently defined as published in five separate news outlets. The Oversight Board recommended removing this exemption and creating specific enforcement channels to prioritize reports of doxxing. Meta requested advice on the policy from the Oversight Board last year, although it is not ultimately bound by the recommendation.
Siri interactions saved on iPhones without consent
In iOS 15, Apple includes an opt-in for sharing Siri recordings of voice interactions to improve the voice assistant. This opt-in generally occurs at device setup or when upgrading to a new version of the OS. Apple subsequently discovered a bug in iOS 15 that enabled this setting for some users who had already opted out, meaning Apple received recordings of some Siri interactions without consent. The company fixed the bug in iOS 15.2 and deleted all erroneous recordings. The company also said it completely turned off Siri interaction collection for “many” devices running iOS 15.2 as a precaution, even for those that opted in.
(ZDNet)
Ransomware decryption key party
We cover a lot of news coming out of forums on this show, usually around dark websites that are frequented by cybercriminals. However, Bleeping Computer proved that forums can also be a force for security good, recently publishing the master decryption keys for Maze, Egregor, and Sekhmet ransomware families. These were published by an alleged malware developer. Maze shutdown in November 2020, but was rebranded as Egregor in early 2021. Analysis of Sekhmet shows similarities to Egregor ransomware. The poster claimed this was a planned leak and not linked to a recent crackdown on ransomware operations by law enforcement. These keys were confirmed as legitimate by security researchers.
Twitter ditches Mitto
We’ve previously covered the reports that Mitto AG, a telecom service company, operated a surveillance service sold to government clients within its organization. This was reportedly headed by its co-founder Ilja Gorelik. As a reminder, Mitto denies that it ever operated the service and is investigating any wrongdoing. Now Twitter disclosed to U.S. Senator Ron Wyden that it is “transitioning” away from working with Mitto AG to send passcodes to users over text. Twitter cited a report by Bloomberg on the issue. Bloomberg’s source also say that the messaging companies Kaleyra and MessageBird have cut ties with Mitto.