Finnish intelligence warns Russia ‘highly likely’ to turn to cyber in winter
Finnish Security Intelligence Service officials say that it is “highly likely that Russia will turn to the cyber environment over the winter” for espionage due to challenges impacting its human intelligence work.” Published in the National Security Overview 2022 on Thursday, the security intelligence group stated said that “Russia’s traditional intelligence gathering approach using spies with diplomatic cover has become substantially more difficult since Russia launched its war of aggression in Ukraine, as many Russian diplomats have been expelled from the West.” SUPO assessed that Russian citizens who occupied critical positions in Finland were particularly at risk of coercion from the Russian authorities.
Researchers uncover covert attack campaign targeting military contractors
This new covert campaign aims at military and weapons contractor companies, using with spear-phishing emails to trigger a multi-stage infection process that deploys an unknown payload onto compromised machines. These are highly-targeted intrusions, and security firm Securonix has named the campaign STEEP#MAVERICK. Throughout summer 2022 the infection chains used a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about “Company & Benefits.” This is then used to retrieve a stager — an initial binary that’s used to download the desired malware from a remote server.
IRS warns of “industrial scale” smishing surge
In a news alert yesterday, the IRS said it had identified “thousands of fake domains so far in 2022, used to facilitate the so-called “smishing” scams, and designed to steal victims’ personal and financial information.” These domains and messages have been spoofed to appear as if sent from the IRS. Topics of the emails include fake COVID relief, tax credits or help setting up an IRS online account, it said. They might request personal information or simply download malware to the user’s device by tricking them into clicking on a malicious link. “This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS commissioner Chuck Rettig.
New malware backdoors VMware ESXi servers to hijack virtual machines
This is a new method designed to establish persistence on VMware ESXi hypervisors in order to control vCenter servers and virtual machines for Windows and Linux while avoiding detection. “With the help of malicious vSphere Installation Bundles, an attacker is now able to install two backdoors on the bare-metal hypervisor that researchers have named VirtualPita and VirtualPie. Researchers also uncovered a unique malware sample that they called VirtualGate, which includes a dropper and a payload.” This attack needs the threat actor to have admin-level privileges to the hypervisor.
Thanks to today’s episode sponsor, Votiro
UN elects first female tech agency secretary-general
According to the BBC, “Doreen Bogdan-Martin has become the first woman to be elected as secretary-general of the International Telecommunication Union (ITU), the main technology agency within the UN.” The ITU has an important role in facilitating the use of radio, satellite and the internet, including assigning satellite orbits globally, co-ordinating technical standards, and improving infrastructure in the developing world.
(BBC News)
Brave browser to start blocking annoying cookie consent banners
Most people find consent messages annoying but they have become necessary to comply with data protection regulations like GDPR. In some cases, these banners can serve as trackers themselves, “as they engage in a privacy-breaching data exchange before the user even has a chance to opt out.” The Brave browser will now detect and block the cookie consent banners, removing a potential privacy risk for users. The roll-out will begin in Brave Nightly 1.45, scheduled for release in October, and will gradually pass to the stable version on Windows and Android. iOS will follow soon afterward.
Privacy advocates want the FTC to take on invasive daycare apps
The Electronic Frontier Foundation is requesting that the Federal Trade Commission review privacy and security concerns with daycare and early education apps, this according to a letter sent to the agency Wednesday. According to Cyberscoop, “the letter builds on the EFF director of engineering Alexis Hancock’s research, which uncovered a variety of security concerns including the insecure cloud storage of photos of children.” Security researchers have found that more than half of the 42 apps they looked at did not disclose the use of third-party trackers. The FTC is tasked with enforcing the Children’s Online Privacy Protection Act, which controls what data companies can collect from children under 13. However, because daycare apps are collecting children’s data directly from parents and daycare providers, those protections have limited application.
Pentagon bug bounty program yields results
Following up on a story we brought you in July, the department’s July bug bounty program, “Hack US,” uncovered 349 were “actionable” reports. Melissa Vice, director of the DoD’s vulnerability disclosure program, said an initial evaluation of the program’s results found that the most commonly identified vulnerability was categorized as “information disclosure.” Other top flaws discovered through the effort included improper access and generic SQL injection.