Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts
The FBI issued a warning on Thursday that a hacker group has been sending “malware-laden USB drives to companies in the defense, transportation and insurance industries,” through the U.S. Postal Service. Some of these were apparently sent by a group called FIN7 and were made to look like they had been sent by the U.S. Department of Health and Human Services, with an explanation that the drives contained important information about COVID-19 guidelines. The FBI says it originally began receiving reports about such activity as far back as last August.
(Gizmodo)
Swiss army asks its personnel to use the Threema instant-messaging app
The Swiss army has banned the use of foreign instant messaging apps such as Signal, Telegram, and WhatsApp for its members, allowing only the Switzerland based Threema messaging app to be used. Threema was designed to generate as little user data as possible, is end-to-end encrypted, and is open source. Furthermore, it does not require users to provide a phone number or email address upon registration, which makes it impossible to link a user’s identity through this data. This apparently follows on from a revelation from the FBI that shows how data can be extracted from other encrypted messaging apps.
Norton 360 faces blowback for crypto feature
Antivirus software company Norton 360 installed a cryptocurrency mining program on its customers’ computers, which it says allows customers to profit from the scheme, while keeping 15 percent of any currencies mined for itself. This feature is described as being “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove. According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as their FAQ points out, there are coin mining fees as well as transaction costs to transfer Ethereum.
FBI issues warning about Google voice authentication service scamming users
The federal agency stated that Google Voice authentication scams target people who share their contact details, especially in online marketplaces or social media platforms. Scammers are now using Google Voice, a service that allows users to set up a virtual phone number, which they exploit to launch various scams and frauds. In expressing interest in buying your sofa, or finding your lost pet, they tell victims that they will send a Google authentication code in the form of a voice call or a text message, and then ask the victim to repeat the number back to them. In doing this they are able to set up a Google Voice account with the victim’s name and phone number, using the “authentication” code as the two-step verification code needed to complete the set-up process.
Thanks to our episode sponsor, BlackBerry
Detecting evasive malware on IoT devices using electromagnetic emanations
Cybersecurity researchers from from the Research Institute of Computer Science and Random Systems have revealed a novel techniquue that “harnesses electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis.” They presented their findings at the Annual Computer Security Applications Conference (ACSAC) held last month. They explained the goal was “to take advantage of the side channel information to detect anomalies in emanations when they deviate from previously observed patterns and raise an alert when suspicious behavior emulating the malware is recorded in comparison to the system’s normal state.”
Trojanized dnSpy app drops malware cocktail on researchers, devs
Hackers went after cybersecurity researchers and developers this week, launching a sophisticated malware campaign that delivered a malicious version of the dnSpy.NET application. This version was designed to install cryptocurrency stealers, remote access trojans, and miners. Normally, dnSpy is “a popular debugger and .NET assembly editor used to debug, modify, and decompile .NET programs. Cybersecurity researchers commonly use this program when analyzing .NET malware and software.” This past week, a threat actor “created a GitHub repository with a compiled version of dnSpy that installs a cocktail of malware, including clipboard hijackers to steal cryptocurrency, the Quasar remote access trojan, a miner, and a variety of unknown payloads.”
Chinese scientist pleads guilty to stealing US agricultural tech
According to the U.S. Department of Justice (DoJ) Xiang Haitao, who formerly lived in Chesterfield, Missouri, worked at Monsanto subsidiary The Climate Corporation, between 2008 and 2017, helping to develop an online platform for farmers to manage field and yield information in a bid to improve land productivity. As described in ZDNet, “one aspect of this technology was an algorithm called the Nutrient Optimizer, which US prosecutors say was considered a valuable trade secret and their intellectual property.” While boarding a flight back to China in 2017, investigators found copies of the Nutrient Optimizer stored on his electronic devices. He now faces up to 15 years behind bars, a maximum of three years supervised release, and a fine of up to $5 million.
(ZDNet)
How ‘feature bloat’ is driving the chip shortage
CES 2022, an industry event presented by the Consumer Technology Association (CTA) offered a vision of what a future car might hold. “Panasonic showed off an augmented reality head-up display with eye tracking, plus a 1,000 watt, 25 speaker sound system, and BMW unveiled a car that can change color and comes with a 31-inch Theater Screen with built-in Amazon Fire TV.” According to Mike Juran, CEO and co-founder of Altia, which provides GUI tools to automakers, “there is way too much unnecessary software out there.” Michael Hill, vice president of engineering at Altia adds, a 2011 model year Chevrolet Volt had more than million lines of code. “Today’s mid- to high-level vehicles have something like 100 million lines. And it is this, they say, rather than an actual chip shortage that is causing the chip shortage.”