This week’s Cyber Security Headlines – Week in Review, May 30-June 3, is hosted by Rich Stroffolino with our guest, Steve Zalewski, Co-host, Defense in Depth
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Pro-Russian hacker group KillNet plans to attack Italy today
The pro-Russian hacktivist group is one of the most active non-state actors operating within the Russia-Ukraine war theater. It started its operation on February 25, 2022, and prior it had been selling a cyber technologies. The group declared war on Anonymous and on Western countries, it has its own Telegram channel with tens of thousands of members. The group announced a massive attack against Italy, planned for today, Monday, May 30 at 05:00 a.m. Italian time. So this, of course will be a developing story.
China makes offer to ten nations to help run their cyber-defenses
China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors. Reuters broke the news of China’s ambitions after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling on a tour of Pacific nations this week and next. The draft agreement proposes assistance with data governance, training local police, mapping the marine environment, supplying customs management applications, possible funding of data links to island nations, and cyber-security assistance. The nations which may include Kiribati, Samoa, Fiji, Tonga, Vanuatu, Papua New Guinea and East Timor, are all very small and heavily reliant in internet, but are also highly strategic for communications, shipping, and a range of other international priorities.
(The Register And CNN)
Ransomware demands acts of kindness to get your files back
GoodWill ransomware, which security firm CloudSEK described this week, isn’t interested in extorting money from you. It wants you to do something good for the world. Like most other ransomware, GoodWill encrypts the usual file types – documents, databases, photographs, and videos – locking away your content. But rather than demand thousands of pounds worth of cryptocurrency in exchange for the decryption key, the GoodWill ransomware wants you to do something good for the world – three things, actually: The first request is for you to donate new clothes and blankets to the homeless. The second involves taking five poor children (under the age of 13) to Dominos, Pizza Hut, or KFC, and allow them to order any food that they wish, and the third, involves providing financial assistance to those who need urgent medical assistance, but cannot afford to pay for it themselves. Video proof of each is required.
(Tripwire)
China censoring open-source code
Earlier this month, the popular Chinese code repository platform Gitee made open-source code from thousands of developers private and hidden from view. The platform explained that the code was being manually reviewed before it could be published, saying it “didn’t have a choice” in the policy. This new policy requires developers to submit an application and confirm their code doesn’t contain anything that would violate copyrights or Chinese law. Although projects are being restored after submitting applications, developers worry this could lead to decreased collaboration and reluctance to contribute open-source code going forward.
Thanks to today’s episode sponsor, Feroot
Learn more at www.feroot.com.
Turns out China is good at SEO
The Brookings Institution and the Alliance for Securing Democracy issued a report showing that Chinese state news agencies are very good at optimizing for search engines. At least one Chinese state news article appeared in the top 10 searches for “Xinjiang” around 88% of the time on Google and Bing, and 98% of the time on Youtube. They’re even better when it comes to news-focused sections. Chinese state media accounted for 22% of observed pages in Google News and Bing News related to Xinjiang and coronavirus origins vs. 6% on web search.
IBM to pay $1.6 billion for poaching customer account
On Monday, a US District Judge in Houston ordered IBM to pay $1.6 billion to BMC Software for swapping in its own software while servicing their mutual client, AT&T. After a seven-day non-jury trial, the judge rejected IBM’s claim that it fairly acquired the business from AT&T, who was one of BMC’s core customers. The judge noted that IBM’s role in AT&T’s choice to dump BMC, “smacked of intentional wrongdoing.”
Hackers can steal WhatsApp accounts using call forwarding
Rahul Sasi, founder and CEO of CloudSEK, has posted details of a trick that allows attackers to hijack a victim’s WhatsApp account. First, the attacker tricks the victim into calling a number that starts with a Man Machine Interface (MMI) code, which can be easily found on the Internet. This prompts the carrier to forward calls to the attacker’s number who can then begin the WhatsApp registration process. After choosing to receive the one-time password (OTP) via voice call, they can then enable two-factor authentication (2FA) and lock legitimate owners out of their accounts. The attack can be easily thwarted by enabling 2FA, which would prompt a would-be attacker for a PIN upon their attempt to register the account.
SCOTUS puts Texas social media law on hold
The Supreme Court ruled 5-4 in favor of putting Texas’ HB20 law on hold while a constitutional challenge goes forward in a lower court. The court doesn’t release opinions with these emergency rulings, just how the court ruled, so we don’t know the specific rationale, although one can assume its on First Amendment grounds. After the law was initially passed, a federal judge granted an injunction on it from going into effect, but this was overturned by an appeals court panel. A group of tech industry trade groups filed an emergency appeal with the Supreme Court to prevent it from going into effect. The law would ban social media platforms with over 50 million users from moderating content on the basis of viewpoint.
Australia names first cyber security minister
Australia’s Prime Minister Anthony Albanese appointed Victorian MP Clare O’Neil into the newly created post. Previously cyber security belonged with the Home Affairs ministry, with cyber-related announcements often handled by the Australian Signals Directorate with the defense ministry. O’Neil was also named Minister for Home Affairs, so it remains to be seen how separate the two ministries will be. She previously served as the Shadow Minister for Innovation, Technology and the Future of Work.
(IT News)
Leaked Conti chats confirm gang’s ability to conduct firmware-based attacks
The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques which would give threat actors significant powers, since they are hard to detect, are highly destructive, and attackers can use them to achieve long-term strategic goals. Researchers from security firm Eclypsium discovered that the Conti ransomware gang was working on attacks targeting both UEFI/BIOS and the Intel Management Engine (ME) or Intel Converged Security Management Engine (CSME).