IT Security Newsletter - 11/8/2024
Canada Closes TikTok Offices, Citing National Security
ByteDance is being exiled from Canada, though the TikTok app is not. Following the US's example, Canada has spent recent years rubbing up against the world's most popular Chinese app. In February 2023, TikTok was banned from all government devices, citing security concerns. Later that year, the government called for a broader national security review under the 1985 Investment Canada Act, which empowers the government to scrutinize foreign investments. READ MORE...
Nokia says hackers leaked third-party app source code
Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor's server. The hacker tried to sell the data, but they decided to leak it after Nokia denied the breach. READ MORE...
Scattered Spider, BlackCat claw their way back from criminal underground
Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year, after which there were arrests and website seizures. Over the last couple months, however, both have reemerged - with new reported intrusions and a possible rebrand. In October, security firm ReliaQuest responded to a digital break-in at a manufacturing firm that it attributed with "high confidence" to Scattered Spider. READ MORE...
China-Backed MirrorFace Trains Sights on EU Diplomatic Corps
Infamous Chinese advanced persistent threat (APT) group "MirrorFace" has made notable moves into diplomatic espionage in the European Union using SoftEther VPN, the emerging tool of choice among these threat groups. MirrorFace gained wide notoriety with its 2022 efforts to interfere in Japanese elections, and it has maintained operations in the country ever since. But researchers at ESET noticed the group recently popped up in the EU with espionage attacks. READ MORE...
Air fryers are the latest surveillance threat you didn't consider
Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We've learned to expect that "smart" appliances come with privacy risks-toothbrushes aside-but I really hadn't given my air fryer any thought. Now things are about to change. You don't need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet. READ MORE...
Winos4.0 abuses gaming apps to infect, control Windows machines
Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines. The malware, which appears to be rebuilt from Gh0strat, has several components, each handling distinct functions, according to Fortinet. The security shop spotted "multiple" samples hidden in the game installation tools, speed boosters, and optimization utilities. READ MORE...
Law enforcement operation takes down 22,000 malicious IP addresses worldwide
An international coalition of police agencies has taken a major whack at criminals accused of running a host of online scams, including phishing, the stealing of account credentials and other sensitive data, and the spreading of ransomware, Interpol said recently. The operation, which ran from the beginning of April through the end of August, resulted in the arrest of 41 people and the takedown of 1,037 servers and other infrastructure running on 22,000 IP addresses. READ MORE...
Google's mysterious 'search.app' links leave Android users concerned
Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious "search.app" domain. As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to as Google Discover, it has sparked concern among those who noticed the new links. READ MORE...
Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI
Vulnerabilities in the infotainment system of multiple Mazda car models could allow attackers to execute arbitrary code with root privileges, Trend Micro's Zero Day Initiative (ZDI) warns. The issues, ZDI explains, exist because the Mazda Connect Connectivity Master Unit (CMU) system does not properly sanitize user-supplied input, which could allow a physically present attacker to send commands to the system by connecting a specially crafted USB device. READ MORE...
Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns
A Palo Alto Networks Expedition vulnerability patched a few months ago is being exploited in attacks, according to the cybersecurity agency CISA. The vulnerability is tracked as CVE-2024-5910 and it was patched by Palo Alto Networks in July. The security hole has been described as a critical missing authentication issue that can allow an attacker with network access to Expedition to take over an admin account. READ MORE...
- ...in 1836, American businessman and game publisher Milton Bradley is born in Vienna, ME.
- ...in 1847, Anglo-Irish novelist Bram Stoker, author of "Dracula", is born in Dublin.
- ...in 1960, John F. Kennedy defeats Richard M. Nixon to become the 35th president of the United States.
- ...in 1972, HBO transmits its first evening of programming (the 1971 film "Sometimes A Great Notion") to 325 subscribers in Wilkes-Barre, PA.