Welcome to second fortnight edition of CF Bytes for Dec 2020 and the final newsletter for the year 2020.
This fortnight we look into the attempts made to hack into journalists’ phones by autocratic governments in an attempt to suppress free speech by using suspected “zero-click” iMessage exploit. Side effects of technology racial bias were seen when flawed facial recognition led to a black man’s wrongful arrest. In frantic efforts to find a cure for pandemic situation for COVID-19, pharmaceutical research labs findings are leaked by attackers deployed by nation-state backed attackers. In other troubling news, new research report has found that microphones on digital assistants such as Alexa are sensitive enough to steal PINs and other sensitive info; leading to un-intended leakage of PII data.
In Security attacks and breaches, Japanese aerospace firm Kawasaki has issued a warning of a possible data breach. Dell Wyse based thin clients have been found to suffer from critical vulnerabilities that can lead to device takeover. In view of taking advantage of the growing popularity of the new open-world game CyberPunk 2077 early release rumors, ransomware disguised as a beta version of the game baits users to download from the android play store. FBI has issued a warning in rising of targeted swatting attacks done on residents using cameras and voice-capable smart devices.
Security News
Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit. Read More.
Flawed Facial Recognition Led to Man’s Wrongful Arrest; falling victim to the technology’s racial bias. Read More.
Lazarus Group nation-state actors are actively trying to steal COVID-19 research to speed up their countries’ vaccine-development efforts. Read More.
Windows Zero-Day Still Circulating After Faulty Fix. Read More.
Research shows that microphones on digital assistants are sensitive enough to steal PINs and other sensitive info. Read More.
Attacks / Breaches
A new SolarWinds flaw likely had let hackers install SUPERNOVA malware. Read More.
Swatting attacks targeting residents with camera and voice-capable smart devices. Read More.
Japanese aerospace firm Kawasaki warns of data breach. Read More.
Dell Wyse thin client models are affected by critical vulnerabilities that can be used to take over the devices. Read More.
Ransomware targeting Android devices disguised as a legitimate download of open-world game Cyberpunk 2077. Read More.
In the last couple of days, two friends from two different companies from two different cities reached out to me with a similar issue. Emails sent from their corporate accounts are getting bounced (rejected), or delivered to the spam/junk folder. The reason – there were many emails sent from these corporate email domains in the past and are identified as spam. But they claim no such emails were sent from their systems.
It seems there were a lot of spoof emails sent impersonating as these domains due to which the sender reputation of the domains took a hit. When the sender reputation of the domain is low, email providers who receive the emails from these domains deliver them to the junk folder or worse they are bounced or rejected as it is happening in one of the cases here.
These domains have DMARC enabled, but the policy is set to None. Which means even though the email providers who received the spoof emails knew they are impersonating as these domains, they had to deliver the emails due to the DMARC policy. Because of the large volume of spoof emails being received from these domains and delivered, email service providers reduced the reputation of the domain. They even started delivering genuine email received from these domains in spam/junk folders.
These companies did not monitor the DMARC reports and were not aware of the spoof email attack.
If the DMARC policy of these domains were set as Reject, the spoof emails would have been rejected keeping the sender reputation intact.
So, if you are thinking implementing DMARC does not bring any value to add to your organization, then think again. Not implementing can cripple your email communication.
Implementing DMARC is not a simple task. It is a journey. First, you need to set the DMARC policy as None to start getting the reports and then analyze them. There was this company which implemented DMARC with reject policy straightaway. Some emails sent from their third-party service provider began to bounce as they failed DMARC because the IP addresses were not present in the SPF record and the emails were not DKIM signed.
There are many organisations such as Rediff.com provide the DMARC Analysis dashboard for a subscription. These analysers parse the DMARC reports and show the IP addresses from where emails are sent on your behalf and if they are passing or failing SPF or DKIM or DMARC.
Then proper modifications can be made to the SPF and DKIM settings as needed. When all the email sent by you and your third-party on your behalf are passing DMARC, the policy can be changed to Quarantine and then Reject – the ultimate goal of DMARC journey.
Security News
1. Hour One develops technologies for creating high-quality digital characters based on real people. The upshot of this is that what appears to be a real human could talk about any product or subject at all, to the point of infinite scale. Read More.
2. Microsoft announced the availability of an out-of-band update that addresses the vulnerability in Windows 8.1 and Windows Server 2012 R2. Read More
3. Most devices accessing the Internal Revenue Service’s internal network using wireless connections and virtual private networks weren’t authenticated, according to an audit. Read More
4. Facebook have discussed a “kill switch” to shut off political advertising after Election Day since the ads, which Facebook does not police for truthfulness, could be used to spread misinformation. Read More
5. Future Tesla cars may come with a built-in feature that can make sure no kids are inadvertently left behind in hot cars. The device uses millimeter-wave radar technology to detect movements within a vehicle and to classify its occupants. Read More
6. 67-year-old former CIA officer and FBI linguist was arrested Friday after allegedly selling U.S. government secrets to China for thousands of dollars spanning multiple years. Read More
7. YouTube banned a large number of Chinese accounts it said were engaging in “coordinated influence operations” on political issues. Read More
8. U.S. Department of State’s Rewards for Justice (RFJ) program will pay for info that can identify or locate someone working with or for a foreign government for the purpose of interfering with U.S. elections through certain illegal cyber activities. Read More
9. China AI chat robots can make 3,000 calls a day without getting tired or temperamental and even blocking their number won’t stop them. Read More
10. Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. Read More
Attacks / Breaches
1. Federal prosecutors have charged Uber’s former security chief, Joseph Sullivan, with obstruction of justice for attempting to hide the company’s 2016 data breach from the Federal Trade Commission (FTC). Read More
2. Experian has suffered a major breach of customers’ personal information, affecting an estimated 24 million South Africans and nearly 800,000 businesses. Read More
3. Credit card provider Capital One Financial Corp fined with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. Read More
4. Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. Read More
5. Ritz Hotel Data Breach Allowed Scammers to Make Expensive Purchases With Stolen Credit Card Information. Read More
6. A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. Read More
7. Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. Read More
8. The University of Utah was stung by cybercriminals for almost $500,000 in ransom following a July attack that gave the state’s flagship institution the choice of sacrificing private student and employee data, or paying up and hoping the information wasn’t compromised. Read More
9. Intel is investigating a security breach after earlier today 20 GB of internal documents, with some marked “confidential” or “restricted secret,” were uploaded online on file-sharing site MEGA. Read More
10. US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion, and it is believed the company paid a $4.5m ransom to get its data back. Read More
Registrations are Closed you can visit www.cyberFrat.com/vt for direct enrolment.
If you are a Student and good with logical reasoning and basics of computer, here is your chance to win sponsorship to 50hrs Linux and AWS Training worth Rs 3500.
The quiz will be held on Thursday, 18th June 2020, at 11 AM via Online Zoom Meeting.
How this Quiz works
Last Day to register Tuesday, 16th June 2020, at 11:59 PM.
CyberFrat ID is Mandatory to play the quiz, if you don’t have One, you can still register for the quiz below and apply for cyberFrat ID at www.cyberfrat.com/join (It’s Free)
Know More about Our Campus Envoy Program www.cyberfrat.com/Envoy
In the past few weeks, we have come across many alarming cyber incidents due to which the assets of many companies are at stake. Ransomware attacks are the headlines but other attacks like phishing scams and DDos cannot be outclassed. These attacks not only affect the business of the enterprises but their employees and customers also face an irreparable loss. Most of the cyberattacks are followed by the news of stolen data being sold on the dark web which violates all the policies implemented for data privacy. There is a hearsay that the biggest Cyberattack in history is expected to happen in the next six months. This is a high sign for all the firms to secure their hatches as soon as possible. This issue of CF bytes we acquaint you with the insights of the top 5 cyberattacks that have brought panic to the cyberworld and top 5 research articles that help us understand the statistics and the patterns involved in these cyberattacks.
(more…)CyberFrat is an Enterprise Risk management community with a motive to create awareness about emerging cyber frauds and their mitigation by
use of the latest efficient technology. We have 10000+ members globally comprising of professionals from 100+ organizations and students with 200+ colleges covering 21 states.
We at CyberFrat believe that it is our responsibility to make today’s students aware of the Emerging Technologies (Blockchain, ML, AI, IoT, Robotics, Cloud, Big Data, etc) and the Risk associated with the same.
Our aim is to make students aware of industry demands, available opportunities and business requirements as well as provide them a platform to hone their skills and network with the professionals. We are looking for young, hardworking, and passionate students who can motivate young minds towards better learning opportunities.
Incentives for Envoys:
(Please note that the incentives are subject to change and shall be discussed in detail with the selected candidates)
If you wish to be an integral part of the CyberFrat student chapter and be the face of their state or district, you must register below.
Subscribe now and receive weekly newsletter with educational materials, , interesting
posts,
upcoming free events, popular books and much more!
CyberFrat is an enterprise risk management services company with a special focus on Cyber Security, Risk Management, and Emerging Technologies