FFT news digest Oct 22 2021

Rebranding Facebook

So, is Facebook going to change its name? Well, the name of the Facebook social networking platform will most likely stay, but the umbrella holding company will probably be rebranded. After all, Facebook is a collection of brands and solutions, including most notably WhatsApp and Instagram, rather than a single platform. And of course the exercise might divert a little attention from Facebook's recent travails ($).

Of course, what Facebook calls itself doesn't matter a jot, except that it may be linked to some potentially world-changing ambitions in the hypothetical 'metaverse'. Last weekend, Facebook announced plans to hire 10,000 people in the EU to build the "next computing platform" which it defined as "a new phase of interconnected virtual experiences using technologies like virtual and augmented reality." (Translated, that basically means interacting in an online virtual world.) Facebook assures us that, If such a thing becomes reality, no single company will dominate it - but Zuckerberg and Co are deadly serious about being a dominant part of it. Bloomberg reports that it has been buying up versions of the 'meta' domain name in recent months. And its decision to focus much of its efforts in Europe feels like an effort to get on the right side of EU regulators.

Any doubts about the importance of what Facebook does should be dispelled by the latest statistics on social networking use. The number of active social media users rose by more than 400 million over the past year to 4.5 billion, according to DataReportal. Ian Bremmer explores the implications of these statistics in an essay in Foreign Affairs. "States have been the primary actors in global affairs for nearly 400 years. That is starting to change, as a handful of large technology companies rival them for geopolitical influence," he writes. So what Facebook chooses to call itself - and what that tells us about its ambitions - does matter.

Threats

Gmail: There's been a recent rise in the number of phishing emails that bypass Google's spam filter. They use a PNG image file and contain a mailing list signup as part of a sophisticated package delivery scam. ghacks

YouTube: Russian-speaking hackers have been using fake collaboration offers to hijack the accounts of influencers. Google says it has blocked 1.6 million related phishing messages.

Twitter: Collaboration is also at the heart of a North Korean campaign that uses Twitter to target security researchers. After connecting with targets, the attackers offer to share a booby-trapped Visual Studio Project. Twitter has closed two accounts used in the campaign. ThreatPost

Macros: Excel files containing lightweight, embedded macros are being employed to target the financial sector. By default, macros are disabled in Excel - and so attackers use social engineering to try to persuade victims to enable them. Morphisec

Dune: Another blockbuster movie. Another reason to avoid links offering pirated copies. TorrentFreak

Banking: Dutch Police have arrested nine people who are accused of impersonating bank employees to steal money from elderly victims. Bleeping Computer

Testing: The FIN7 hacking group has been creating fake cybersecurity companies so that it can carry out attacks under the guise of penetration testing. Gemini Security

IoT: Smart lightbulbs, heart rate monitors, gym equipment, coffee machines, and smart pet feeders were found on corporate networks this year, according to Palo Alto Networks. Given the security issues surrounding these devices, connecting them at work is a terrible idea. The Register

Voices

Last year, a bank manager in Dubai took a call authorising the transfer of $35 million dollars in preparation for a company acquisition. He recognised the voice as a director he had talked to before. Just one problem. It was fake. Fraudsters used an artificial intelligence tool to create a copy of the director's voice, and sent emails to support the requested transfers. Court documents found by Forbes describe a complex scheme involving at least 17 people and bank accounts around the world. It's not the first such incident; in 2019, a similar scam was halted only because the criminals used their cloned voice to call the victim while he was talking to his real CEO. As with all other types of this fraud, effective security checks are essential before authorising financial transactions or changes.

TV attack

A notorious Russian group was behind a ransomware attack that crippled one of the biggest TV groups in the US, according to Bloomberg. Sinclair had confirmed ransomware was responsible for the disruption and admitted data had been stolen in the attack, but Bloomberg quotes sources as saying the 'EvilCorp' group was responsible. The Record says that In July, Sinclair reset passwords for IT resources shared by local stations after what it described as a potentially serious network security issue. Based on calls with insiders, the Record says the design of Sinclair's IT network helped the attackers because key sections were interconnected through the same Active Directory domain, allowing them to reach broadcasting systems for local TV stations.

Spyware

The US has announced new rules restricting the export of hacking software and equipment to authoritarian regimes, albeit with a long list of significant exceptions. The US Commerce Department mandate forbids the export, reexport and transfer of "cybersecurity items" to countries of "national security or weapons of mass destruction concern" (such as China and Russia) unless the sale is licensed. Among the exceptions are responses to cybersecurity incidents and sales to "favorable treatment cybersecurity end users." We're not suggesting a connection, but the announcement came as leading exploit broker, Zerodium, announced it was looking for ways to break into three popular Virtual Private Network solutions. in a tweet, Zerodium (based in Washington DC) said it wanted ways to reveal user details as well as vulnerabilities that could be used to allow programs to be executed remotely. 

Ransomware warning

US security agencies have issued a warning about the BlackMatter ransomware gang, which operates a Ransomware-as-a-Service solution for attacking organisations. The joint advisory contains a set of invaluable guidelines for helping to reduce the risk of ransomware - and improve the ability to recover from one. Much of the advice focusses on the basics; use strong passwords and multi-factor authentication, keep systems updated, segment networks and ensure backup policies and procedures are implemented and enforced. The advisory also warns that there has been a rise in ransomware attacks outside normal business hours and suggests admin accounts should have strict controls on when and for how long they can be used. Ransomware-as-a-Service means (almost) anyone can launch an attack, even if they have little technical knowledge.

In brief

Hacking: China's most prestigious hacking competition once again demonstrated the frailty of much of the technology we use (and the extent of China's offensive cyber capabilities). Researchers took home $1.88 million in prize money after successfully compromising Windows 10, iOS 15, Safari, Chrome amongst many others. Most notable was a successful attack against an up-to-date iPhone 13 running the latest software. The attack required no user interaction... The Record

Twitter: A human rights activist is suing Twitter over its alleged failure to prevent his account being accessed by spies working for Saudi Arabia. The Verge

Authentication: The Biden administration is planning to mandate the use of more secure multi-factor authentication tools in a bid to combat phishing. SMS messages and app-based codes will be replaced by hardware keys as part of a move to "zero-trust" architectures in which identities are repeatedly verified before granting access to systems or data. Motherboard

Apple ads: Apple trumpets its commitment to the privacy of its users, and this year introduced changes to give them more control over how companies exploit their data. But the changes have been transformational for Apple's ad business which has more than tripled its market share since they came into force. FT ($)

Missouri: After the St Louis Dispatch revealed security flaws in a state agency website, Governor Mike Parson called for the prosecution of the reporter who found them. It's fair to say the call has not been great for the governor's reputation. CPJ

Ingenious: A 36-year old man from Michigan is accused of earning $1.5 by renting textbooks from Amazon and selling them instead of returning them. He is alleged to have used gift cards and prepaid credit cards with minimal balances to prevent Amazon recovering the cost of the books. USDoJ

Canon: A customer of Canon USA is suing the company after his Pixma MG6320 "all-in-one" machine refused to scan documents when it ran out of ink. Bleeping Computer

Upgrade costs: Manufacturers tell us the cost of their latest smartphone is like the price of a daily cup of coffee over the year. The New York Times has a different way of looking at it. "Buying a $1,000 iPhone can be equivalent to giving up $17,000 in retirement savings," it says.

Updates

Apple: New MacBook Pro models were announced this week, with promises of blistering performance and the "longest battery life ever". Time will tell, particularly in terms of battery life (as The Verge explains). There were also raised eyebrows at the inclusion of an iPhone style 'notch' at the top of the screen but the absence of FaceID authentication. Our eyebrows went even higher when we heard about Apple's $19 cleaning cloth. We were less surprised to see the return of the MagSafe charging port and the demise of the Touch Bar. The Verge 9to5Mac

FCP: New versions of Final Cut Pro (10.6) and Logic Pro (10.7) are designed to exploit Apple's new M1 Pro and M1 Max processors - and its latest Monterey operating system. Issues have already been found, including with the import of XMLs.

Chrome: Version 95 of Google's browser addresses 19 vulnerabilities, including 16 reported by external researchers.

Brave: The privacy-focussed browser has replaced Google with its own search engine. Our experience so far is that it's good, though alas not quite as good as Google.

Windows 10: Users and administrators have reported network printing issues after installing the KB5006670 cumulative update. Microsoft has yet to provide a fix and previous workarounds don't seem to be effective. Bleeping Computer

Windows 11: Problems were also reported with Microsoft's latest OS. An "unexpected decrease in performance" is caused by problems with File Explorer. A fix is on its way for this - and a host of other issues.

Powershell: Microsoft says it's vital to update PowerShell 7 to address two vulnerabilities that could allow an attacker to bypass Windows Defender Application Control (WDAC) enforcements and access plain text credentials.

Oracle: The latest quarterly Critical Patch Update includes 419 security patches for vulnerabilities across the company’s products. Just over half address issues that could be exploited remotely without authentication.

SecureDrop: Version 2.1.0 includes bug fixes and the restoration of automatic updates for Tails.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved