FFT news digest Aug 20 2021

Afghanistan

The Taliban's first news conference was extraordinary in many ways, not least for accusing Facebook of censorship for banning the group from its platforms. Facebook responded by saying "the Taliban is sanctioned as a terrorist organization under US law and [is] banned...under our Dangerous Organization policies." A reporter at the news conference pointed out that the Taliban spokesman was sitting in the same seat occupied a week earlier by the Afghan government spokesman, Dawa Khan Meenapal. He was assassinated by Taliban gunmen last Friday.

The Taliban have seized US military biometric devices that could be used to identify Afghans who assisted coalition forces, according to military officials quoted by The Intercept website. "The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive," the report says. The machines are thought to contain data including iris scans, fingerprints, and biographical information. A BBC reporter says Afghan men and boys have been “frantically going through phones to delete messages they have sent, music they’ve listened to & pictures they’ve taken.” Facebook has released a one-click tool that enables people to quickly lock their accounts, which prevents people who aren’t already friends from downloading their profile picture or seeing their posts.

Threats

Facebook: Scumbags are using fake Facebook Pages for banks and other financial institutions. They now come complete with a friendly chatbot. Cyren

Students: As students prepare to return to college or to start courses, fraudsters are lurking in wait. It's worth being extra cautious about links to registration etc. Abnormal Security

Macs: AdLoad is a longstanding threat to Mac users, and a new variant can evade Apple's built-in security. Another reason to be careful about apps you install - and to use an antivirus program. SentinelLabs

Google Meet: Take care with Google Meet links. There's been a sharp rise in use of them by criminals to evade email filters. GreatHorn

Copyright: The latest variation on a tried and tested scam uses live phone operators to scare targets by telling them they've uploaded an image that infringes copyright. Sophos

Captcha: This is sneaky. Scammers are using a fake captcha to bypass browser warnings about the risks of installing malicious files. Bleeping Computer

Groceries: Criminals are targeting online accounts at grocery stores, restaurants, and food delivery services to steal funds and personal data through fraudulent orders. The campaign exploits weak and reused passwords. The Record

Delivery: The UK National Cyber Security Centre (NCSC) is warning about fake missed delivery messages. They're designed to lure users into installing a malicious app that steals banking details. Bottom line; don't click on links to check a delivery - instead, go direct to the website. 'Smishing' is a growing problem - Security Intelligence explains what it is and how it works.

Websites

A couple of examples from the past week illustrate the importance of taking care when browsing the web. First, The Record has details of a widespread campaign believed to have been developed by a Chinese government hacking group which exploited vulnerabilities in 58 popular websites to collect data on suspected dissidents. Second, Volexity says North Korean-themed news sites were breached so that visitors would be infected with malicious software. We advise users facing an elevated threat to be extremely careful when web browsing and, ideally, to use a remote browsing solution such as Cloudflare's Browser Isolation service.

Spies

We've long worried that it's impossible for technology giants to be sure they don't have spies among their employees. It turns out the FBI shares the concern. It says foreign governments are persuading or coercing employees to steal information or provide login credentials. "This is a massive fundamental activity that bolsters and is one of the mainstays of many autocratic countries and their governments," special agent Nick Shenkin told Protocol. In one case, he says Chinese government agents threatened to deny dialysis to an employee's mother in China if he didn't steal proprietary information from a large hardware/software company.

Passwords

Nearly two-thirds of employees are using personal passwords to protect their organisation's data, and vice-versa, according to My1Login. Its survey of 1,000 business leaders and 1,000 employees found 97% of employees know what a strong password is, but 53% admit they don't use one all the time. And 87% said they re-use passwords for different business applications. My1Login enables organisations to stop using passwords, so the findings of its survey are hardly surprising. But passwordless authentication is becoming increasingly simple to implement, and we're firm believers that the sooner it's adopted, the safer everyone will be.

Ransomware

Ransomware is out of control. It's just too easy to set yourself up as a criminal by renting the tools developed by organised crime gangs or, depressingly, by using ransomware created to show how simple it is to...become a criminal. Abnormal Security has the story of an amateur who took publicly available demonstration software and tried to persuade employees to install it on their organisations' networks. In return they would be paid a share of any ransom payment. As Abnormal Security's report illustrates, 'amateur' may be too kind an adjective for the would-be criminal's efforts, but the ransomware threat shouldn't be underestimated. And don't rely solely on backups to protect you; they're the first thing sophisticated operators will look for. The US Cybersecurity and Infrastructure Security Agency released updated advice this week.

In brief

Apple: Well that didn't take long. The code for Apple's planned photo scanning tool has been found, reverse-engineered and tested. The results are not encouraging. Apple says it's not the final version. More than 90 policy and rights groups have signed an open letter urging Apple to drop its plans. Motherboard

Double agent: Apple hates internal leaks, so we probably shouldn't be surprised that an active member of a community trading in illicitly obtained Apple documents and devices was actually an informant for the company. Motherboard

Incognito: Google is improving the wording that greets users when they open an Incognito tab. People are often confused about what the mode does. (It does avoid keeping a record of any websites visited. It doesn't make your browsing invisible.) Techdows

Location: Google has banned SafeGraph, a company that gathered and sold data about the location of Android users. For an idea of the detail SafeGraph provides, take a look at a New York Times report ($) from last year. Motherboard

Primed: Why are so many people so unpleasant on social media? Because we learn that such behaviour is rewarded with an increased number of 'likes' and 'shares'. Of course that's not the whole story, but Yale University's study has interesting insights.

Tinder: ID verification is due to be made available to all users. Use of it will be voluntary initially, except where it's mandated by law. At present, the feature is available only in Japan. Tinder

Breaches: A bad week for breaches. T-Mobile in the US says information about more than 47 million customers has been stolen. The FBI exposed a supposedly 'secret' terrorist watchlist with two million records. And publishing giant, Pearson, has agreed to pay a $1 million fine to settle charges of misleading investors about a 2018 data breach.

SAS hackers: A job advertisement has revealed the existence of a UK special forces hacker unit. The (now deleted) ad has all sorts of detail that shouldn't be public. It also reveals the ideal candidate will be "extraordinary talented" (sic), for which he or she will be paid...£33,000 per year. Secret Bases via The Register 

Updates

Apple: After taking the latest iOS 14.7.1 update, iPhone owners are complaining that cellular data isn't working. The issues, spotted by 9to5Mac, appear to be affecting all iPhone models. Toggling Airplane mode on and off may fix the problem. Apple has yet to comment.

Chrome: version 92.0.4515.159 for Windows, Mac, and Linux addresses vulnerabilities that could be used to take control of an affected system.

Firefox: Versions 91.0.1 and 91.0.1 ESR fix security and stability issues that affected previous versions of the browser.

Adobe: Security updates for multiple products, including Photoshop, Media Encoder and Bridge.

Emails: The NCSC has made it simpler to report phishing emails with a new tool which can be added to an organisation's Microsoft 365 accounts.

Messenger: Facebook has extended end-to-end encryption to voice and video calls.

Fortinet: A serious vulnerability has been found in FortiWeb's management interface (version 6.3.11 and earlier). A fix isn't expected before the end of the month. In the meantime, the only mitigation is to ensure the FortiWeb device's management interface cannot be reached from untrusted networks (i.e. the internet). Rapid7

Cisco: Users of Small Business RV110W, RV130, RV130W, and RV215W Routers should be aware the devices are no longer supported and a serious vulnerability won't be fixed. There are updates for a series of other products.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved