news200424

FFT news digest Apr 24 2020

Scumwatch

Coronavirus scammers have been plumbing new depths as they take advantage of the coronavirus pandemic. Among this week's standout examples is an attempt to steal Zoom credentials by tricking email recipients into thinking they are about to be laid off; a malicious link supposedly opens a Zoom meeting hosted by human resources. More positively, the UK's National Cyber Security Centre has created an email address (report@phishing.gov.uk) that can be used to report scams. More than 80 malicious web campaigns were taken down in its first day of use, the NCSC said. Other examples this week include;
• More than 700 malicious Netflix and Disney+ clones being used to steal victims’ personal data. Mimecast
• Fake emails pretending to be from UK tax authorities with information about the Coronavirus Job Retention Scheme. TechRadar
• Coronavirus-themed voicemail notifications targeting Office 365 users. PhishLabs
The NCSC has tips to stay safe from scams like these.

Tracking, tracing and technology

Apple and Google's contact tracing solution will be released to developers on April 28, according to French business newspaper, Les Echos. The system aims to allow Google and Apple devices to be interoperable and detect when they're near to each other. Theoretically, that would allow governments to alert users if/when they come into contact with someone infected with coronavirus. An exit strategy from the strict controls in force in many countries is likely to depend on some form of contact tracing technology, but there are several practical hurdles. Bluetooth's inventor says it's "not very accurate" at determining distance, many smartphones lack the type of Bluetooth technology the solution relies on, and a significant number of people don't even own a smartphone. Doubts have also been expressed about suggestions for an immunity certificate. "There is currently insufficient understanding of immunity, no robust scientific means of testing for immunity and therefore no credible basis for establishing a comprehensive regime of immunity certification at this time," the Ada Lovelace Institute said.

Disinformation

China, Iran and Russia are using the coronavirus crisis to launch a propaganda and disinformation onslaught against the United States, according to the US State Department. The unpublished report, obtained by Politico, cites several matching messages, including; that the coronavirus is a US bioweapon; that the US is using the crisis to score political points; that the virus didn’t come from China; and that the US economy can't cope. Meanwhile, the New York Times quotes US officials as saying Chinese agents helped to spread messages aimed at sowing panic about plans to lock down the country. "American officials said the operatives had adopted some of the techniques mastered by Russia-backed trolls, such as creating fake social media accounts to push messages to sympathetic Americans, who in turn unwittingly help spread them," the paper reports.

iOS Mail flaw

Apple is preparing to roll out a fix for the Mail app that's built into its iPhones and iPads after a security company discovered long-standing vulnerabilities that may already have been exploited. ZecOps said it found the issues while investigating a sophisticated cyber attack that took place in late 2019. The attack works by sending a specially crafted blank email which forces the Mail app to crash and enables the malicious software to make unauthorised use of the device's memory. ZecOps says it has "high confidence" that the vulnerabilities have been widely exploited by one or more advanced threat operators. Among the suspected targets are a journalist in Europe and individuals from a Fortune 500 organization in North America. This is worrying news that underlines wider concerns about the security of the iOS platform. Apple has acknowledged the issue, but says there's no evidence the issue has been exploited. It's expected to release a fix next week. The Mail app's performance is lousy anyway, so now might be a good time to use something else like Outlook, Gmail or Edison.

Video

As Zoom announced another remarkable rise in user numbers, it unveiled new features aimed at improving security and preventing abuse of the platform. CEO, Eric Yuan, said more than 300 million people joined Zoom meetings on April 21, up 50% from the beginning of the month. A new version of the Zoom software is due to be released shortly and will support stronger encryption and enable users to report 'Zoom bombers' who intrude on meetings. Elsewhere, Microsoft and Google have also announced improvements to their video conferencing products. And Verizon is buying the (excellent) Zoom competitor, BlueJeans. Meanwhile, a couple of epic video conferencing fails provided light relief and salutary warnings for the rest of us. An expletive-riddled rant from Wales’ health minister was broadcast after he forgot to turn off his microphone. And a US TV reporter sent a report from her bedroom without realising her husband could be seen in the mirror. In the shower. Naked.

Remote working

There are signs that many computers were infected with malicious software before their owners started working from home, according to new research. The first indications came from Finland, where the number of potentially compromised organisations quadrupled in a week. Arctic Security found similar increases in other countries, including the UK and the US. “Our analysis indicates that the employees’ computers were already hacked before COVID-19 made the news, but were lying dormant behind firewalls, blocking their ability to go to work on behalf of the threat actors,” Arctic Security said. “Cybersecurity teams still approach security as though their enterprise ends at the firewall. This has not been the case for a long time, and this massive work-from-home movement has exposed the weakness of that approach.” the company warned.

In brief

iPhone users may want to disable notifications for messaging apps because of a bug that will crash the device if it receives a message with a specific string of characters in the Sindhi language. Predictably, the 'text bomb' has gone viral. 9to5Mac

MacBook Pro misbehaving? Try plugging your charging lead into the right hand side of the machine. Users suggest issues with temperature control affect the ports on the left. Yes. Really. StackExchange

Google is rolling out a remote access tool that until now has only been available for its internal use. BeyondCorp enables remote workers to access key internal applications without the need for a traditional Virtual Private Network. Google

The UK government is proposing to extend sweeping surveillance powers to more agencies, including the Environment Agency, the Insolvency Service and the Pensions Regulator. A memorandum says the agencies “are increasingly unable to rely on local police forces to investigate crimes on their behalf,” and so should be given direct access to the data. The Guardian

In another vibrant illustration that all things remain unequal, developers have been creating automated mechanisms for grabbing grocery delivery slots. The 'checkout bots' will be well known to anyone who's had the joy of trying to buy tickets for popular events online. Motherboard

Students in Australia are protesting against plans by a university to force them to install remote monitoring software on their home computers. ABC

A network of compromised devices is exploiting an unpatched vulnerability in the ZyXEL Cloud CNM SecuManager. The Hoaxcalls botnet can be used for large-scale distributed denial-of-service (DDoS) campaigns aimed at overwhelming servers with requests. Radware

Australia has moved to make Facebook, Google and others pay news outlets when they use their content. Talks on a voluntary agreement were halted because of the impact of the COVID-19 pandemic on advertising revenues. ABC

Updates

Windows 10: Update to address multiple bugs in Windows 10, version 1909 and Windows 10, version 1903, (including issue causing Windows Update to stop responding and lock screen to stop appearing).

MS Office: Urgent security update to fix remote code execution vulnerabilities in Autodesk FBX library integrated into Microsoft Office and Paint 3D applications.

Pulse Secure VPN: New warning for organisations which did not reset all Active Directory passwords following recent update. US Cybersecurity and Infrastructure Security Agency has released a tool to scan log files and determine if gateways compromised.

Foxit: Security updates available in Foxit Reader 9.7.2 and Foxit PhantomPDF 9.7.2

Zimbra: Patch 9 for 8.8.15 “James Prescott Joule” GA release and Patch 1 for 9.0.0 “Kepler” GA release.

Home hubs: Users are being urged to update the firmware for a range of home hubs which are vulnerable to attack. The issues with Fibaro Home Center Lite, Homematic Central Control Unit (CCU2) and Elko’s eLAN-RF-003 could allow information disclosure, man-in-the-middle (MiTM) attacks and unauthenticated remote code execution (RCE).