Welcome to the second fortnight edition of CF Bytes, Nov 2020.
This fortnight, US Senate passed an IoT cybersecurity bill that, pending President approval aims to improve security guidelines and protocols for the Internet of Things (IoT) devices purchased and owned by the Federal government. A joint INTERPOL, Group-IB, and Nigeria Police Force led a cybercrime investigation busted a criminal gang of Nigeria responsible for distributing malware and extensive Business Email Compromise scams. Owing to Pandemic and shortfall of HR resources, innovative companies have started to use video recordings to record potential candidates’ answers to a given set of questions. Microsoft also launched a productivity score tool called Insights which is helping employers to gather data about their employee’s productivity.
In attacks and breaches, attackers continue to abuse Minecraft sandbox success by developing Google Play apps which instead of delivering madpacks, deliver abusive ads. Due to phishing attacks, Godaddy incorrectly transferred control of the account and domain to a malicious actor for a Godaddy client, Liquid; leading to partial compromise of its infrastructure. Thankfully, the client was able to regain control of the domain. Researchers also demonstrated innovative attacks using lasers to kick start and pass inaudible commands to the voice assistant in smartphones. Ransomeware attacks on Baltimore County’s school system crippled its systems which forced a mandatory closure of the school.
Security News
US Senate passed an IoT cybersecurity bill pending President’s Approval. The bill aims to improve security guidelines and protocols for the Internet of Things (IoT) devices purchased and owned by the Federal government. Read more.
Freight trucks in the US are been equipped with machine learning algorithms to analyze drivers’ behavior to improve transport safety and saving money on insurance claims. Read more.
Microsoft 365 launches Productivity Score feature which enables the ability to find an employee by name and see the number of hours they’ve spent in meetings on Microsoft Teams over the last 28 days. Read more.
Job applicants are being asked to video record answers to set questions about their experience, skills, and personal qualities, rather than speaking with a recruiter by phone or video chat. Read more.
Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB, and Nigeria Police Force cybercrime investigation. The Nigerian crime group is responsible for distributing malware, and extensive Business Email Compromise scams. Read more.
Attacks / Breaches
Baltimore County’s school system was shut down by a ransomware attack that hit all its network systems and closed school. Until the problem is resolved, students will have no school. Read more.
Chip maker Advantech hit by a Conti ransomware attack. Read more.
Researchers were able to launch inaudible commands by shining lasers – from as far as 360 feet – at the microphones on voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. Read more.
Scammers are taking advantage of the Minecraft sandbox success by developing Google Play apps which appear to be Minecraft modpacks, but instead, deliver abusive ads. Read more.
GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing the personal information of users. Read more.