The shifting ways of Chromeloader
Microsoft and VMware warned of an ongoing malware campaign using Chromeloader. Researchers observed this dropping malicious browser extensions, node-WebKit malware, and ransomware. This isn’t an extremely new campaign, with Red Canary researchers warning of an uptick in attack in Q1 2022. This shows a change of pace for the malware, which initially redirected traffic to advertising sites for click fraud. While the attackers still use Chromeloader for this type of attack, Palo Alto Network reported that it evolved into an info-stealer in July. The most current strain comes from ISO files sent through malicious ads, browser redirects, and YouTube video comments. Researchers note that starting as adware meant Chromeloader didn’t appear on a lot of analyst’s radar until it escalated into a more capable threat.
Ransomware attacks fall in first half
No, that wasn’t a typo. According to a new report from the cyber insurer Coalition, ransomware attack frequency and cost both fell from the second half of 2021 to the first half of 2022. Average ransomware payment demands fell 35% in that time to $896,000. In the first half, Lockbit was the most commonly claimed ransomware strain at 12%. Lorenz accounted for the highest average ransom demand at $3.5 million. While ransomware had a bit of a down start to 2022, phishing saw an uptick. Insurance claims citing phishing accounted for 60% of all claims, up from 32% in 2021.
Pentagon orders review of social media influence campaigns
Last month, we covered disclosures from Meta and Twitter identifying networks of fake accounts believed to be tied to influence operations by the US military. Now the Washington Post’s sources say that the Pentagon ordered a sweeping review of US information warfare operations conducted on social platforms. All branches of the military will reportedly provide a full account of all operations by next month. The White House reportedly became increasingly concerned about the use of these psychological operations in the wake of last month’s reporting.
(WaPo)
Parler pivots to web services
In early 2021, we covered the social network Parler’s ban from many app stores after being linked to the January 6th Capitol Riots. The app actually got started in 2018 as a “no-censorship platform,” a space notably more crowded since the launch of Truth Social and Gettr. Now the social media platform announced it restructured into Parlement Technologies, which will provide “uncancelable” cloud services. Rather than start from scratch, the company used a recent $16 million funding round to acquire the California-based cloud services company Dynascale to provide these services.
Thanks to today’s episode sponsor, 6clicks
Court upholds Texas’ social media law
The U.S. Court of Appeals for the 5th Circuit ruled that Texas’ HB20 law does not violate the First Amendment rights of social media platforms. The law bars platforms with over 50 million users from acting to “block, ban, remove, de-platform, demonetize, de-boost, restrict, deny equal access or visibility to, or otherwise discriminate against expression” based on viewpoint. So under the law, platforms can still operate content moderation, just not based around specific viewpoints. Now you may recall that the Eleventh Circuit Court of Appeals ruled a similar Florida law did violate these platforms’ First Amendment rights back in May. So two very similar laws, one of which doesn’t violate the freedom of speech, and another that does. What this means is that an appeal to the Supreme Court appears likely.
(Axios)
Wyden warns about CBP data collection
US Senator Ron Wyden raised the alarm again on wide discretion US Customs and Border Protection agents have to access US Citizen’s devices at the border. All that’s required is “reasonable suspicion” that a traveler is breaking a law in order to copy data. Border authorities are not required by law to get a warrant in order to access the content of any electronic device. The Washington Post reports that in a briefing with Congress CBP said it’s officials access roughly 10,000 devices a year and add data from those devices to a central database. 2,700 CBP officers have access to that database.
(Engadget)
We finally see some of Facebook’s 2018 app audit
Remember the Cambridge Analytica scandal? Facebook sure hopes you don’t! After revelations about what that app could collect from friend’s of its users on Facebook, the company announced an “app audit” on all third-party apps. Facebook never publicly revealed the results of the audit. However recently unsealed court documents in a California lawsuit show the results of the app audit on Zynga and Yahoo. Using the ‘friends permissions’ data access route, Zynga’s top 500 apps on Facebook could access photos, videos, activities, events, interest, likes, and work history on the friends of 200 million users. The company also shared social network IDs and personal information to third-parties. Yahoo’s app impacted the friends of 123 million users. Due to being on a further vetted list of developers, Yahoo acquired information “deem[ed] sensitive due to the potential for providing insights into preferences and behavior.”
Google accidentally pays security researcher
Yuga Labs security engineer Sam Curry posted on Twitter that Google paid him $249,999.99 last month. But it’s not clear why. Curry said he collected bug bounties for companies, including Google. He said he didn’t submit any bugs that would call for this type of payment. Google later disclosed that it made an accidental payment, citing human error. It said it began “working to correct it.” Curry said he still had the money in his account over the weekend. Curry further wondered what kind of checks Google had in place to prevent such accidental bug bounty payments going forward.
(NPR)