Samsung shipped devices with flawed encryption
In a paper set to be presented at the Real World Crypto and USENIX Security summit, researchers showed that Samsung failed to properly implement a part of its Keymaster Hardware Abstraction Layer in the Android Keystore, impacting Galaxy phones from the S8 through S21 models. This allowed researchers to reverse engineer the Keymaster app and conduct an Initialization Vector reuse attack to obtain encryption keys. Essentially the phones should use a different initialization vector each time in an encryption operation to produce different results from the same plain text, but Samsung’s implementation didn’t in all instances. The researchers alerted Samsung in May 2021, with Samsung releasing a patch for the flaw.
New York state gets cybersecurity center
New York state governor Kathy Hochul announced the Joint Security Operations Centers, in coordination with the mayors of New York City, Albany, Buffalo, Rochester, Syracuse, and Yonkers. The center will be located in Brooklyn and provide a central location for state officials to receive and analyze threat telemetry during a crisis. The center will be staffed with state and federal law enforcement, as well as local and county governments. This is the first such statewide cybersecurity coordination center in the US.
(ZDNet)
Microsoft Defender adds support for GCP
After adding support for Amazon Web Service late last year, Microsoft Defender for Cloud now supports Google Cloud, letting Microsoft use APIs for either competitor’s cloud service to provide further cybersecurity solutions. In a recent survey, Microsoft found 83% of business leaders listed “managing multicloud complexity” as their biggest pain point in 2022, with Microsoft Defender for Cloud pitched as the mythical single pane of glass solution. This comes as Microsoft’s overall security business continues to grow into a major unit within the company, growing revenue 45% on the year in 2021 to over $15 billion.
European Commission publishes the Data Act
The European Commission released a draft of the Data Act, which sets out rules on how companies can access non-personal data. The proposed legislation would require cloud service providers to make migrating data to other services easier, prohibit contracts that inhibit sharing data with smaller companies, and allow users access to data generated from connected devices. This will have to go to EU member states and the European Parliament for approval before becoming law, a process that may take years.
Thanks to our episode sponsor, Tines
Asustor NAS devices hit with ransomware
Owners of Asustor Network Attached Storage devices report that an active Deadbolt ransomware campaign is impacting devices, encrypting media and other stored content. Asustor said its investigating the attacks and disabled the myasustor.com Dynamic Domain Name Service as a precaution. Asustor recommends keeping any of its NAS products off the internet. The threat actors claim a zero-day vulnerability is being used in the campaign, which it will detail for 7.5 Bitcoins. For 50 Bitcoins, it will part with its master decryption key. Deadbolt ransomware previously targeted QNAP NAS devices with a similar campaign last month.
AirTag protections bypassed
Privacy and stalking concerns with AirTags have been present since the product launched last year. Security researchers have demonstrated ways to modify firmware or use the devices to transmit data over Apple’s Find My network in the past. To mitigate these concerns, Apple introduced a notification if a device notices the same AirTag in your vicinity that’s not yours. Security researcher Fabian Bräunlein created “bogus message” generators that would send device IDs from 2000 simulated AirTags every 30 seconds at random, which changed IDs every 15 minutes. Because Bräunlein knew all the generated ID numbers, he could track a volunteer for days, without them ever receiving notifications about a suspicious AirTag following them. The researcher recommended the Android app AirGuard to scan for potential tracking devices on the FInd My network.
UK firms most likely to pay ransoms
A new study from the security company Proofpoint found that on average 58% of firms that were victims of ransomware attacks paid ransoms to regain access to data. The UK led all countries in the study, with 82% of firms paying ransoms. Despite most firms paying ransoms, Proofpoint found that only half regained access to data after a first payment, with threat actors usually asking for more money. Despite this, only 4% of firms that paid were unable to retrieve data. The study also found that phishing attacks remain the most common way for attackers to gain access to a network.
(BBC)
Zombie malware surprisingly common
According to Bitdefender’s monthly Threat Debrief, WannaCry malware and the ransomware-as-a-service GandCrab were the most commonly detected malware in January 2022, making up 56% of all detections. This is surprising considering WannaCry first surfaced in 2017 and the organization behind GandCrab publicly spun down operations in 2019. Bitdefender said some of these could be false positives from malware collectors or testing systems, abandonware malware websites that still automatically spread the samples, or that similar code from both malware samples are being reused by other actors. For example, the operators of GandCrab resurfaced with REvil months after it supposedly shut down.