Project Zero warns of “patch gap”
The researchers at Google’s security team warned of this “patch gap” problem across the Android ecosystem. It claims that while Android security fixes often arrive in a timely fashion, downstream vendors lag in delivering fixes to devices. A recent post points to actively exploited vulnerabilities in the ARM Mali GPU driver. These were patched in August 2022, but not pushed out to impacted devices. Project Zero noted Samsung, Xiaomi, Oppo, and even Google’s Pixel team lagged in patches for this exploit. Researchers then looked at five recent ARM vulnerabilities, which were discovered between June and July 2022, and patched within a month. But it did not see the CVE for the vulnerabilities mentioned in any downstream security bulletins since. The Pixel security team said the ARM fixes were scheduled to be delivered “in the coming weeks.”
Twitter hit with spam campaign
TechCrunch reports that according to China-focused analysts, Twitter saw a “significant uptick” in spam tweets over the last three days when searching for any major Chinese city. These searches show porn, escort services, and gambling content, making it difficult to find any legitimate search results. This comes as demonstrators in China continue protesting the country’s zero-tolerance COVID-19 measures. Given that China blocks access to Twitter, it’s unclear how many Chinese users access the site through VPNs. The Washington Post reported Twitter “was aware” of the spam issue and “was working to resolve it.” This comes after the company reportedly laid off 80% of its contractors, many of which were used for content moderation, and the resignation of Trust and Safety head Yoel Roth.
Canadian food company refuses ransom demands
The Canadian packaged meat company Maple Leaf Foods was hit by a ransomware attack in early November, causing a system outage. A spokesperson told The Record that threat actors obtained access to “some of our data” but that it refuses to pay their ransom demands to keep them from leaking it. Since disclosing the attack, Maple Leaf said its working with customers and suppliers to “minimize disruptions” and offering impacted employees two years of credit monitoring. The Black Basta ransomware group took credit for the attack, showing on its leak site it obtained contracts and invoices.
Joint operation takes down spoofing services
Law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada coordinated to take down a spoofing website that stole a suspected $120 million from victims. This included the arrest of 142 suspects in the case, including the main administrator of the site. The site offered buyers the ability to send spoofed calls, recorded messaging, and intercept SMS-based two-factor codes. UK investigators led the takedown, working with European counterparts since October 2021 on the case.
Thanks to today’s episode sponsor, Automox
Meta hit with another privacy fine in Europe
Ireland’s Data Protection Commission fined Meta 265 million euros for failure to take steps to prevent a data leak of personal phone numbers and other profile information impacting over 500 million users. Meta disclosed in 2021 that a malicious actor published the information, which was scraped from Facebook using its “Contact Importer” tool in 2019. Meta says it resolved this issue in 2019. A Meta spokesperson said it hasn’t decided if it will appeal. This marks the third fine against Meta from Ireland’s DPC over the last 15 months, bringing total fines up to $900 million.
(WSJ)
The scale of UAE’s phishing problem
Security researchers at CloudSEK published new details about the scope of a phishing campaign impacting the Ministry of Human Resources in the United Arab Emirates. Back in July, the researchers found malicious actors targeting contractors in the UAE with phishing domains, luring them to click through domains for vendor registration and contract bidding. Now CloudSEK discovered additional clusters of domains used for these campaigns, strategically registered to target industries like travel, oil and gas, real estate, and investment. The researchers noted the threat actors recently turned to fake job offers to further lure victims. The operators use pre-stored static web pages with similar templates to make it easy to shift domains in the event of a takedown.
Crypto winter comes for BlockFi
Another crypto stalwart domino falls. The cryptocurrency lending platform BlockFi filed for Chapter 11 bankruptcy in the US Court for the District of New Jersey. It paused all activity, including withdrawals, since November 10th. The company claims to have $256.9 million in cash. The bankruptcy filing will focus on “recovering all obligations owed” to the lender. This involves significant recovery from FTX, also currently in bankruptcy proceedings. The company will reportedly lay off a large portion of its staff.
(Decrypt)
AWS launches encrypted messaging for enterprises
At its re:Invent conference, Amazon Web Services released the first preview of AWS Wickr, an encrypted messaging service. The timing comes right after Amazon announced it would close the consumer-focused Wickr Me messaging service. AWS designed the service to let enterprise users securely use text, video, and media messaging while meeting auditing and regulatory discovery requirements. This includes setting data retention policies for either the cloud or on-prem. The messaging service will integrate with AWS Management Console, letting admins set IAM access policies and group permissions.