Cybersecurity Weekly News
1. NSA warns Android and iPhone users to reboot their mobile phones
2. Is BreachForums back?
3. Unidentified Cyber Assault Disables Over 600,000 Routers in America
4. Top InfoSec Tools Released This Week
5. Ransomware news
6. Operation end game: The international malware takedown
7. When Google AI gets it wrong
8. Google's Chrome to Implement Ad Blocker Limits
1. NSA warns Android and iPhone users to reboot their mobile phones
The NSA suggests weekly mobile phone reboots to protect them as a defence against zero-day exploits. This action could mitigate the risk of the malware and spyware attacks being successful.
However, this action will not completely keep you completely safe as more sophisticated malware and spyware are programmed to reload on each reboot.
So, how often should you restart your Android or iPhone? The best advice is to do weekly reboots.
Here are the best practices you could take to keep your mobile devices safe from malware and spyware threats:
- Regular reboots
- Disabling developer mode
- Disabling wireless features when not in use. (WiFi and Bluetooth). Remember airplane mode does not disable Bluetooth.
- Install mobile applications from official and trusted stores. Avoid pirated software
- Avoid connecting to public WiFi. Delete unused WiFi networks. Use a VPN when using public networks
- Use strong passwords/pins
- Do not open unknown links and attachments
- Avoid public USB charging stations.
- Always do device software updates
- Have antimalware applications
- Have a protective case that blocks the microphone and prevents room audio capture
- Avoid connecting to unfamiliar removable media
- The real question is if the NSA concerned about our mobile security or more interested in spyware installation and deployment
2. Is BreachForums back?
The infamous BreachForums appears to be back online after it was taken down by law enforcement.BreachForums is a market and forum for cybercriminals to buy and sell stolen data including bank account and credit card information, data leaks, hacking tools, and databases.
The site appears to be up and running with new administration by “ShinyHunters”, offering a 1.3 TB database of Ticketmaster customers for $500,000.
The main concern is whether this is a legit comeback or a honeypot by law enforcement, because of a twist that users are now being asked to sign up for an account.
3. Unidentified Cyber Assault Disables Over 600,000 Routers in America"
A mysterious attack on 600,000 routers on an ISP in the US took place through a malicious firmware update. The reports stated that the routers were completely bricked and unusable, needing a hardware replacement. This is due to the malicious update, deleting elements of the routers' operation code.
The event took place between October 25 and 27, 2023
Here is a detailed report by Lumen Technologies, Black Lotus team
https://blog.lumen.com/the-pumpkin-eclipse/
4. Top InfoSec solutions of This Week
1. Dashlane Nudges: The solution enhances credential security by reducing the risk of credential theft.
2. Adaptive shield: It helps with the issue of complex permissions and shared data through its SaaS security posture management unified platform. Adaptive shields will ease the complexity of auditing and facilitating security between and within apps.
https://www.adaptive-shield.com/
3. Detectify: It offers vulnerability assessments, remediation, and complete attack surface management
4. Truecaller AI call scanner
This is built into your true caller application and is trained to distinguish human from AI-synthesized voices, reducing scams and safeguarding people from fraud
This service is only available to the US but will be available for more countries
https://www.truecaller.com/blog/features/ai-call-scanner
5. Kaspersky virus removal tool
The tool named KVRT allows users to scan for viruses and remove malware for free. However, the tool is available for the Linux platform
5. Ransomware News
The battle continues, with the past week having approximately 128 cases of ransomware attacks.
Here are the actors that made the headlines this week: incrasom, cactus, 8base, ransomhouse, akira, hunters, blackbasta, ransomhub, medusa, lockbit, play, bianlian,clop, blacksuit,danon,mallox,handala,monti,qilin,rhysida,blackout dragonforce and quilong.
6. Operation end game: The international malware takedown
An international takedown with the codename “Operation Endgame” has taken action against some of the popular cybercriminal platforms that played a major role in ransomware deployment. The operation coordinated from Europol’s headquarters, was supported by experts from HaveIBeenPwned, BitDefender, Shadowserver, NFIR, Fox-IT, and Northwave among others. They targeted dropper and loader operations including IcedID, Pikabot, Trickbot, Bumblebee, and Smokeloader. and took down more the 100 servers worldwide.
Droppers are a type of malware designed to install more malware on a target system. They are used in initial access and they evade security measures and go on to deploy more dangerous malware. Most droppers are hidden in legitimate software.
This operation has also led to the arrest of four suspects and the seizing of more than 2000 domains supporting the dropper infrastructure. Additionally, Europol have identified 8 fugitives linked to the operations adding them to Europol’s most wanted list.
7. When Google AI gets it wrong
Google’s AI search has created some hilarious and dangerous responses from suggesting that we should eat rocks to adding glue to pizza for more tackiness. This has brought criticism raising concerns over the reliability of AI platforms.
Google has announced that it has been making technical improvements to the AI to prevent such responses. Improvements such as reinforcement learning from human feedback, limiting satire and humorous responses could improve the AI and get rid of the “hallucinations”.
What do you think? An AI epic fails or AI intentionally roasts us.
8. Google's Chrome to Implement Ad Blocker Limits
Google Chrome’s manifest V3 is finally here. Manifest v3 was announced in 2019 and Google is ready to put it to work. Google has announced that Manifest v3 will improve the security, privacy, performance, and trustworthiness of extensions. It was also announced that the new system will restrict extension capabilities, especially ad blockers and privacy extensions.
Groups like the Electronic Frontier Foundation have opposing views on Manifest v3 calling it “deceitful and threatening”.
Google says, "Over 85% of actively maintained extensions in the Chrome Web Store are running Manifest V3, and the top content filtering extensions all have Manifest V3 versions available." The company doesn't mention that the most popular ad blocker's Manifest V3 version is "uBlock Origin Lite," with the "Lite" indicating that it is inferior to the Manifest V2 version.
Users will have to switch to V3 or move to Firefox.
