Cyber Security Weekly News
1. Microsoft’s Recall feature
2. Google’s collaboration with Kenya’s Ministry of ICT in strengthening cyber security
3. How Apple and Starlink users' locations can be tracked through WiFi
4. Ransomware gangs strike again!!!
5. Apple’s iOS 17.5.1 bug explained
6.Log Rhythm and Exabeam merge, Palo Alto’s acquisition of IBM’s QRadar
7. Fake antivirus sites spreading malware
1. Microsoft’s recall feature.
Microsoft’s latest announcement on its “recall feature” has faced backlash due to its privacy concerns. The feature has been dubbed a “privacy nightmare”. Recall, takes snapshots of your screen every five seconds and the snapshots are encrypted and stored locally and cannot be accessed by Microsoft. The feature is also said to be optional and users will have control over the captured data.
Potentially, if anyone knew your password or if a hacker accessed your system, they could have access to your recall screenshots which contain sensitive information. This could mean no more looking up sensitive information or logging in to your bank accounts using your laptop.
What do you think about this? Is this Microsoft’s official “time machine” or official “spyware”
2. Google’s collaboration with Kenya’s Ministry of ICT in strengthening cyber security
Google has announced its partnership with Kenya which focuses on improving Kenya’s cyber security posture. The partnership has kicked off with the immigration department evaluating Google’s Cybershield solution and Mandiant to fortify the e-citizen platform.
3. How Apple and Starlink users' locations can be tracked through WiFi
Apple and Starlink could potentially be at risk based on how their services geo-locate devices.
Apple collects and shares information about the location of all wireless access points found by its devices and gives Apple devices a crowdsourced,low-power alternative to constantly requesting GPS coordinates
Their use of WiFi positioning system (WPS), could be abused by malicious actors, as demonstrated by research from the University of Maryland, as they could track billions of devices globally, including Starlink. The WPS collects hardware identifiers from all wireless access points that come within range of their mobile devices, recording the MAC address and BSSID. Locations are then forwarded by querying GPS by using cellular towers, along with any nearby BSSIDs. This could enable geo-locating of devices within a few meters of where they are and could also map the movement of individual devices like travel routers and Starlink terminals
The team managed to get accurate locations of over two billion BSSIDs worldwide
You can read the research herehttps://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf
4. Ransomware gangs strike again !!!
The battle between law enforcement and ransomware gangs continues. There have been an estimated 123 recorded cases of ransomware attacks this week.
The ransomware attacks are backed by a few DDOS attacks from similar actors on entities. Here are the actors that made the headlines this week: incrasom, cactus, 8base, ransomhouse, meow, akira, hunters, blackbasta, ransomhub, medusa, lockbit, play, ransomhouse, bianlian,clop, and blacksuit
5. Apple’s iOS 17.5.1 bug
Apple has made the news again with its iOS bug that resurfaced deleted photos. Apple has now broken its silence on the issue stating that it is due to a “database corruption”, affecting files that had not been backed up to iCloud. The issue is
Here is a detailed explanation https://www.synacktiv.com/en/publications/inside-the-ios-bug-that-made-deleted-photos-reappear
6.Log Rhythm and Exabeam merge, Palo Alto’s acquisition of IBM’s QRadar
SIEM company LogRhythm and Cyber Security company Exabeam have announced a merger. The merger aims at leveraging the strengths of both companies and having great levels in terms of security. LogRhythm focuses on SIEM solutions that serve customers worldwide, while Exabeam delivers AI-driven security solutions.
Palo Alto Networks joined forces with IBM, as they acquire IBM’s SIEM, Qradar. The acquisition will bring about high-level SOC operations with AI-driven powered solutions
7. Fake antivirus sites spreading malware
Malicious actors have been creative in finding ways to spread malware. One of the ways is using fake websites, masquerading them as legit websites, in this case, antivirus solutions.
The fake websites contain trojans, stealers, and keyloggers, which are capable of stealing sensitive information from Android and Windows devices
Speculated techniques used to spread the malware are malvertising and search engine optimization poisoning
Here are a few websites used:
avast-securedownload[.]com, which is used to deliver the SpyNote trojan in the form of an Android package file ("Avast.apk") that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency
bitdefender-app[.]com, which is used to deliver a ZIP archive file ("setup-win-x86-x64.exe.zip") that deploys the Lumma information stealer malware
malwarebytes[.]pro, which is used to deliver a RAR archive file ("MBSetup.rar") that deploys the StealC information stealer malware source:thehackernews