This posting is here to collect cyber security news in May 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in May 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
408 Comments
Tomi Engdahl says:
Russian hackers compromise embassy emails to target governments https://www.bleepingcomputer.com/news/security/russian-hackers-compromise-embassy-emails-to-target-governments/
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities.
Tomi Engdahl says:
Onko dokumenttiin piiloutunut haittaohjelma? Googlen turvaominaisuus laajenee
https://www.tivi.fi/uutiset/tv/1678fb5c-1aac-4bf6-9f92-4e65942d9441
Googlen online-toimistopalveluiden käyttäjät ovat yhtiön mukaan tulevaisuudessa paremmassa turvassa haittaohjelmilta, sillä yhtiön oma turvaskanneri käy läpi avattavan dokumentin, Neowin kirjoittaa.
Tomi Engdahl says:
Open source Package Analysis’ tool finds malicious npm, PyPI packages https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries.
Tomi Engdahl says:
WhatsAppissa leviää uusi huijaus esiintyy tukitilinä https://www.kauppalehti.fi/uutiset/whatsappissa-leviaa-uusi-huijaus-esiintyy-tukitilina/81e40aff-c93f-4e71-8ccc-55b22354ceaa
WhatsApp-käyttäjiä vaanii uusi huijaus, jossa rikolliset esiintyvät sovelluksen tukipalveluna. Asiasta kertoi ensimmäisenä WABetaInfo-blogi, joka seuraa nimenomaan WhatsAppin kuulumisia.
Tomi Engdahl says:
Totuus helposta unelmatyöstä
https://www.is.fi/digitoday/tietoturva/art-2000008777733.html
Suomalaisia vaanii jälleen uusi verkkohuijauksen muoto. Sosiaalisen median “kumppanuusohjelma” välittää ostettuja tykkäyksiä, mutta yrittää saada myös käyttäjiensä rahat.
Tomi Engdahl says:
‘Right to be Forgotten’: Israel Firm Promises to Purge Digital Footprint
https://www.securityweek.com/right-be-forgotten-israel-firm-promises-purge-digital-footprint
Three young Israelis formerly serving in military cyber units have figured out how to locate your digital footprint — and give you the tools to delete it.
The company Mine, co-founded by Gal Ringel, Gal Golan and Kobi Nissan, says it uses artificial intelligence to show users where their information is being stored — like whether an online shoe store kept your data after a sneaker purchase three years ago.
Ringel said Mine’s technology has already been used by one million people worldwide, with over 10 million “right to be forgotten” requests sent to companies using the firm’s platform.
Mine launched after the European Union’s General Data Protection Regulation (GDPR) — now an international reference point — set out key rights for users, including the deletion of personal data that was shared with a site for a limited purpose.
The company’s AI technology scans the subject lines of users’ emails and flags where data is being stored.
Individuals can then decide which information they want deleted and use Mine’s email template to execute their right to be forgotten.
It means they can delete their digital footprint “with a click of a button”, Ringel said.
“We’re not telling people to not use Facebook or Google. We say: go ahead, enjoy, use whatever you want,” he said.
“But as you enjoy using the internet, we’ll show you who knows what about you, what they know about you… what is the risk” and how to remove it, he added.
Google Adds Ways to Keep Personal Info Private in Searches
https://www.securityweek.com/google-adds-ways-keep-personal-info-private-searches
Google has expanded options for keeping personal information private from online searches.
The company said Friday it will let people request that more types of content such as personal contact information like phone numbers, email and physical addresses be removed from search results.
The new policy also allows the removal of other information that may pose a risk for identity theft, such as confidential log-in credentials.
The company said in a statement that open access to information is vital, “but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private.”
“Privacy and online safety go hand in hand. And when you’re using the internet, it’s important to have control over how your sensitive, personally identifiable information can be found,” it said.
Tomi Engdahl says:
Sam Jones / The Guardian:
Spain says its PM’s and defense minister’s phones were infected by NSO’s Pegasus spyware in 2021, which will be investigated by Spain’s highest criminal court — Minister for presidency says ‘illicit’ targeting will be investigated by Spain’s highest criminal court
Spanish prime minister’s phone ‘targeted with Pegasus spyware’
https://www.theguardian.com/world/2022/may/02/spain-prime-minister-pedro-sanchez-phone-pegasus-spyware
Minister for presidency says ‘illicit’ targeting will be investigated by Spain’s highest criminal court
The Spanish government has said the mobile phones of the prime minister, Pedro Sánchez, and the defence minister, Margarita Robles, were both infected last year with the Pegasus spyware that its manufacturers claim is available only to state agencies.
In a hastily convened press conference on Monday morning, Félix Bolaños, the minister for the presidency, said Sánchez’s phone was targeted in May and June 2021, while Robles’s was targeted in June 2021. Data was extracted from both phones.
Bolaños said the “illicit” and “external” targeting would be investigated by Spain’s highest criminal court, the Audiencia Nacional, adding the targeting must have come from abroad as any such monitoring in Spain would have had required judicial authorisation.
“These facts have been confirmed and are irrefutable,” said Bolaños. “I don’t think now is the time to engage in supposition or conjecture about what the motivation may have been.”
The phones of other members of the government are being examined to determine whether they may also have been targeted.
The allegations come as the Spanish government faces questions over how Pegasus – which is sold by the Israeli company NSO Group – allegedly came to be used to monitor dozens of members of the Catalan independence movement, including the president of the north-eastern Spanish region, Pere Aragonès, and three of his predecessors.
“NSO is a software provider; the company does not operate the technology nor is privy to the collected data. The company does not and cannot know who the targets of its customers are, yet implements measures to ensure that these systems are used solely for the authorised uses.”
NSO Group claims Pegasus is sold only to governments to track criminals and terrorists. A joint investigation two years ago by the Guardian and El País established that the speaker of the Catalan regional parliament and at least two other pro-independence supporters were warned the spyware had been used to target them.
NSO group was placed on a US blacklist in November 2021, three months after a consortium of journalists working with the French non-profit group Forbidden Stories revealed multiple cases of journalists and activists who were hacked by foreign governments using the spyware, including American citizens.
The Guardian and other members of the consortium also revealed that the mobile numbers of Emmanuel Macron, the French president, and almost his entire cabinet appeared on a leaked list of individuals who were selected as possible targets of surveillance.
NSO has said its spyware is used by foreign government clients to target serious criminals. It has also denied that any of its clients ever targeted Macron or any French government officials.
Tomi Engdahl says:
Nicole Wetsman / The Verge:
Mozilla analysis of 32 mental health and prayer apps shows 29 have lax privacy and security practices and collect large amounts of data — Prayer apps were also worse than other categories — As a category, mental health apps have worse privacy protections for users than most other types of apps …
Mental health apps have terrible privacy protections, report finds
Prayer apps were also worse than other categories
https://www.theverge.com/2022/5/2/23045250/mozilla-mental-health-app-privacy-analysis?scrolla=5eb6d68b7fedc32c19ef33b4
Tomi Engdahl says:
Chinese “Override Panda” Hackers Resurface With New Espionage Attacks https://thehackernews.com/2022/05/chinese-override-panda-hackers.html
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information.
Tomi Engdahl says:
Cyberspies breach networks via IP cameras to steal Exchange emails https://www.bleepingcomputer.com/news/security/cyberspies-breach-networks-via-ip-cameras-to-steal-exchange-emails/
A newly discovered and uncommonly stealthy Advanced Persistent Threat
(APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
Tomi Engdahl says:
Spanish PM, defense minister latest Pegasus spyware victims https://www.theregister.com/2022/05/02/spain_pegasus_malware/
Spain’s prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities.
Tomi Engdahl says:
Hakkeri ujutti Oulun kaupungin verkkosivuille koodin, joka valjasti sivuilla vierailleiden tietokoneet louhimaan kryptovaluuttaa
https://yle.fi/uutiset/3-12424013
Sivustolle ujutettu komentosarja aktivoitui, kun käyttäjä avasi verkkosivun. Koneelle ei asennettu mitään, mutta ylimääräinen kuorma saattoi hidastuttaa konetta.
Tomi Engdahl says:
Car rental giant Sixt facing disruptions due to a cyberattack https://www.bleepingcomputer.com/news/security/car-rental-giant-sixt-facing-disruptions-due-to-a-cyberattack/
Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branches.
Tomi Engdahl says:
German library service struggling to recover from ransomware attack https://therecord.media/german-library-service-struggling-to-recover-from-ransomware-attack/
A popular German library service notified its users of a range of issues connected to a cyberattack targeting their service provider EKZ.
Tomi Engdahl says:
U.S. DoD tricked into paying $23.5 million to phishing actor https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD).
Tomi Engdahl says:
Google SMTP relay service abused for sending phishing emails https://www.bleepingcomputer.com/news/security/google-smtp-relay-service-abused-for-sending-phishing-emails/
Phishing actors abuse Google’s SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.
Tomi Engdahl says:
Deep Dive: Protecting Against Container Threats in the Cloud https://threatpost.com/container_threats_cloud_defend/179452/
A deep dive into securing containerized environments and understanding how they present unique security challenges.
Tomi Engdahl says:
https://www.securityweek.com/traceable-ai-snags-60m-api-security-tech
Tomi Engdahl says:
Identity-Based Infrastructure Access Firm Teleport Raises $110 Million
https://www.securityweek.com/identity-based-infrastructure-access-firm-teleport-raises-110-million
Valued at $1.1 billion, Teleport becomes latest cybersecurity Unicorn
Tomi Engdahl says:
Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library
https://www.securityweek.com/many-iot-devices-exposed-attacks-due-unpatched-flaw-uclibc-library
Nozomi Networks, a firm specialized in securing operational technology (OT) and IoT systems, has disclosed a potentially serious vulnerability affecting a C standard library used by several major companies.
The affected library is uClibc, which is designed for developing embedded Linux systems. According to the official uClibc website, the library is used by Linksys and Netgear for their wireless routers, and by Axis for its network cameras. uClibc-ng, a fork for the OpenWRT router operating system, is also impacted by the vulnerability.
The security hole, tracked as CVE-2022-05-02, can be exploited for DNS poisoning attacks against affected devices.
“In a DNS poisoning attack, an attacker is able to deceive a DNS client into accepting a forged response, thus inducing a certain program into performing network communications with an arbitrarily defined endpoint, and not the legitimate one,” Nozomi explained in a blog post detailing the vulnerability.
“A DNS poisoning attack enables a subsequent Man-in-the-Middle attacks because the attacker, by poisoning DNS records, is capable of rerouting network communications to a server under their control. The attacker could then steal and/or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them,” the company added.
There is no patch for the vulnerability, but its disclosure will hopefully lead to the development of a fix.
Tomi Engdahl says:
California Man Convicted for Stealing Millions From DoD via Phishing Scheme
https://www.securityweek.com/california-man-convicted-stealing-millions-dod-phishing-scheme
Tomi Engdahl says:
Russian Cyberspies Target Diplomats With New Malware
https://www.securityweek.com/russian-cyberspies-target-diplomats-new-malware
Russian cyberespionage group APT29 has been observed using new malware and techniques in phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia, Mandiant reports.
Also known as Cozy Bear, the Dukes, and Yttrium, APT29 is believed to be sponsored by the Russian Foreign Intelligence Service (SVR) and to have orchestrated the 2020 SolarWinds attack that led to hundreds of organizations getting breached.
Reports on APT29’s targeting of diplomatic entities – including the 2016 attacks against the Democratic National Committee (DNC) and a November 2018 attempt to infiltrate DNC – stretch for over half a decade, with some reports tracing the group’s activity as far back as 2013.
In attacks carried out in 2022, Mandiant’s security researchers, who have been tracking extensive APT29 phishing campaigns since early 2021, have observed the use of new malware families, along with a change in the group’s tooling to evade detection.
According to the researchers, who last week officially attributed the Solarwinds attacks to APT29, “the diplomatic-centric targeting of this recent activity is consistent with Russian strategic priorities as well as historic APT29 targeting.”
Tomi Engdahl says:
Google Rolls Out Developer Preview of Android Privacy Sandbox
https://www.securityweek.com/google-rolls-out-developer-preview-android-privacy-sandbox
Google has taken another step toward enabling new privacy-focused advertising solutions on Android, with the release of Privacy Sandbox in developer preview.
Initially introduced in February, the initiative is meant to provide users with increased privacy, while also ensuring that developers and businesses have at their disposal the tools they need to be successful on mobile.
“We’re releasing the first developer preview for the Privacy Sandbox on Android, which provides an early look at the SDK Runtime and Topics API. You’ll be able to do preliminary testing of these new technologies and evaluate how you might adopt them for your solutions,” Google announced last week.
The Privacy Sandbox can be used alongside Android 13, which is now available in developer beta, to access additional components, such as an SDK and emulator, system images and developer documentation.
Interested developers receive access to Android SDK and 64-bit Android Emulator system images that contain Privacy Sandbox APIs, device system images for the last three generations of Pixel phones, developer guides, sample code, and a Privacy Sandbox API reference.
https://android-developers.googleblog.com/2022/04/first-preview-privacy-sandbox-android.html
Tomi Engdahl says:
GitHub Says Recent Attack Was Highly Targeted
https://www.securityweek.com/github-says-recent-attack-was-highly-targeted
Microsoft-owned code hosting platform GitHub says the recent cyberattack that resulted in the cloning of private repositories was highly targeted in nature.
Disclosed in mid-April, the incident involved stolen OAuth tokens issued to third-party integrators Heroku and Travis CI, which were used to download the private repositories of dozens of organizations.
The two continuous integration (CI) systems help organizations automate the scanning of newly introduced code changes, to help identify vulnerabilities and malicious snippets before they enter production.
Tomi Engdahl says:
New Black Basta Ransomware Possibly Linked to Conti Group
https://www.securityweek.com/new-black-basta-ransomware-possibly-linked-conti-group
A new ransomware operation named Black Basta has targeted at least a dozen companies and some researchers believe there may be a connection to the notorious Conti group.
The existence of Black Basta came to light in mid-April, but MalwareHunterTeam researchers spotted a sample apparently compiled in February.
The cybercriminals behind Black Basta use malware to encrypt files on compromised systems, appending the .basta extension to encrypted files. In addition, like many other ransomware groups, they steal large amounts of information from victims in an effort to increase their chances of getting paid.
Tomi Engdahl says:
Google Offering Up to $1.5 Million for Android 13 Beta Exploits
https://www.securityweek.com/google-offering-15-million-android-13-beta-exploits
In an effort to improve the security of its mobile operating system, Google has temporarily increased the bug bounty payouts for vulnerabilities identified in Android 13 beta.
Researchers who identify security holes in the beta version of Android 13 and report them to Google before May 26 can receive a 50% bonus, as part of the company’s Vulnerability Reward Program (VRP).
Typically, the maximum available bug bounty reward is of $1 million, which Google is willing to pay for remote code execution issues identified in the Pixel Titan M secure chip.
“Security vulnerabilities discovered in the Android 13 Beta between 04/26/22 and 05/26/22 are eligible for a 50% bonus reward payout (up to a maximum of $1.5M for a full remote code execution exploit chain on the Titan M),” Google announced via Twitter.
Tomi Engdahl says:
China-linked Moshen Dragon abuses security software to sideload malware https://securityaffairs.co/wordpress/130851/apt/moshen-dragon-targets-telcos.html
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia.
Tomi Engdahl says:
Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers https://www.zdnet.com/article/heres-how-hackers-used-the-log4j-flaw-to-gain-access-before-moving-across-a-companys-network/
State-backed hacking groups are some of the most advanced cyberattack operations in the world – but criminals don’t need to rely on them if they can exploit unpatched cybersecurity flaws.
Tomi Engdahl says:
Aruba and Avaya network switches are vulnerable to RCE attacks https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.
Tomi Engdahl says:
Security is a pain for American Dental Association: Ransomware infection feared https://www.theregister.com/2022/05/02/in_brief_security/
IN BRIEF The Black Basta crime gang has claimed it infected the American Dental Association with ransomware.
Tomi Engdahl says:
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.
Tomi Engdahl says:
Hakkerit iskivät arkaan paikkaan kohteena Venäjän viinanmyynti https://www.is.fi/digitoday/tietoturva/art-2000008790052.html
Ukrainan johtama vapaaehtoisten hakkerien joukko häiritsee Venäjän alkoholin myynnin ja valmistuksen raportointijärjestelmää
Tomi Engdahl says:
Industrial cybersecurity researchers, looking for help, go public with unpatched IoT bug https://therecord.media/iot-vulnerability-ics-nozomi-networks-uclibc-ng/
Cybersecurity analysts published information Monday about a potentially serious unpatched bug in code for internet of things (IoT) devices because they want the public’s help in fixing the problem, which could affect technology used in critical infrastructure. Also https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
Tomi Engdahl says:
Researchers find over 400 vulnerabilities in defense industrial base bug bounty effort https://therecord.media/researchers-find-over-400-vulnerabilities-in-defense-industrial-base-bug-bounty-effort/
A year-long bug bounty program that scrutinized a fraction of the massive U.S. defense industrial base turned up more than 400 valid vulnerabilities, the effort’s organizers announced Monday.
Tomi Engdahl says:
Mozilla: Lack of Security Protections in Mental-Health Apps Is Creepy’
https://threatpost.com/mozilla-security-health-apps-creepy/179463/
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Tomi Engdahl says:
Google Offers $1.5M Bug Bounty for Android 13 Beta https://www.darkreading.com/vulnerabilities-threats/google-issues-1-5m-android-13-beta-bug-bounty
Google has expanded its bug-bounty program to offer a whopping $1.5 million for a top-notch Android 13 Beta exploit specifically, for a hack of the Titan M security chip that ships with Pixel phones.
Tomi Engdahl says:
Joseph Cox / VICE:
Investigation: for $160+, SafeGraph sells a week’s worth of data on visitors of 600+ Planned Parenthood locations, including where they came from and went after — It costs just over $160 to get a week’s worth of data on where people who visited Planned Parenthood came from, and where they went afterwards.
Data Broker Is Selling Location Data of People Who Visit Abortion Clinics
https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood
It costs just over $160 to get a week’s worth of data on where people who visited Planned Parenthood came from, and where they went afterwards.
A location data firm is selling information related to visits to clinics that provide abortions including Planned Parenthood facilities, showing where groups of people visiting the locations came from, how long they stayed there, and where they then went afterwards, according to sets of the data purchased by Motherboard.
“It’s bonkers dangerous to have abortion clinics and then let someone buy the census tracks where people are coming from to visit that abortion clinic,” Zach Edwards, a cybersecurity researcher who closely tracks the data selling marketplace, told Motherboard in an online chat after reviewing the data. “This is how you dox someone traveling across state lines for abortions—how you dox clinics providing this service.”
The company selling the data is SafeGraph. SafeGraph ultimately obtains location data from ordinary apps installed on peoples’ phones. Often app developers install code, called software development kits (SDKs), into their apps that sends users’ location data to companies in exchange for the developer receiving payment. Sometimes app users don’t know that their phone—be that via a prayer app, or a weather app—is collecting and sending location data to third parties, let alone some of the more dangerous use cases that Motherboard has reported on, including transferring data to U.S. military contractors. Planned Parenthood is not the organization performing the data collection nor benefiting from it financially.
Tomi Engdahl says:
Joseph Cox / VICE:
Internal documents: the CDC bought the location data of millions of phones in the US to analyze compliance with COVID-19 rules, especially in the Navajo Nation
CDC Tracked Millions of Phones to See If Americans Followed COVID Lockdown Orders
https://www.vice.com/en/article/m7vymn/cdc-tracked-phones-location-data-curfews
Newly released documents showed the CDC planned to use phone location data to monitor schools and churches, and wanted to use the data for many non-COVID-19 purposes too.
The Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation, according to CDC documents obtained by Motherboard. The documents also show that although the CDC used COVID-19 as a reason to buy access to the data more quickly, it intended to use it for more general CDC purposes.
Tomi Engdahl says:
Tänään on salasanapäivä – Apple, Google ja Microsoft vahvistivat tukensa niistä eroon pyrkimiselle
https://mobiili.fi/2022/05/05/tanaan-on-salasanapaiva-apple-google-ja-microsoft-vahvistivat-tukensa-niista-eroon-pyrkimiselle/
Apple, Google ja Microsoft aikovat laajentaa salasanatonta kirjautumista alustoillaan. Salasanoista pyritään hiljalleen kokonaan eroon, FIDOn tiedotteessa kerrotaan.
FIDO-allianssi on salasanatonta tulevaisuutta valmisteleva liitto, joka yhdessä on yhdessä W3C-yhteenliittymän kanssa viimeiset vuodet kehitellyt niin kutsuttua FIDO-standardia perinteisten, usein turvattomiksi koettujen salasanojen tilalle.
Apple, Google ja Microsoft ovat jo aiemmin olleet mukana FIDO-standardissa, ja 5. toukokuuta vietettävän maailman salasanapäivän kunniaksi kolmikko on vahvistanut laajentavansa FIDO-standardin käyttöä.
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/
Mountain View, California, MAY 5, 2022 – In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.
These companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality. Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins:
Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account.
Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
“At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, http://www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
Tomi Engdahl says:
https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/
Tomi Engdahl says:
Critical vulnerabilities found in ‘millions of Aruba and Avaya switches’
Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
https://www.theregister.com/2022/05/03/aruba_avaya_critical_vulns/
Tomi Engdahl says:
GitHub will require all users who contribute code to enable two-factor authentication by the end of 2023
https://techcrunch.com/2022/05/04/github-will-require-all-users-who-contribute-code-to-enable-two-factor-authentication-by-the-end-of-2023/
Tomi Engdahl says:
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/unfixed-vulnerability-in-popular-library-puts-iot-products-at-risk/
Tomi Engdahl says:
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html
A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
“Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links,” Google Threat Analysis Group’s (TAG) Billy Leonard said in a report.
“Financially motivated and criminal actors are also using current events as a means for targeting users,” Leonard added.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russian-hackers-compromise-embassy-emails-to-target-governments/
Tomi Engdahl says:
Catalan: Spain Spy Chief Admits Legally Hacking Some Phones
https://www.securityweek.com/catalan-spain-spy-chief-admits-legally-hacking-some-phones
A leading Catalan separatist politician said Thursday that Spain’s top intelligence official acknowledged that her agency had hacked into the cellphones of “some” of the dozens of politicians reported to be targeted by spyware but she said it had proper judicial authorization.
Gabriel Rufián, member of a Catalan pro-independence party, spoke after he participated in a closed-door meeting with the director of Spain’s National Intelligence Center, CNI, along with a select group of Spanish lawmakers.
A recent report by the Canadian-based digital rights group Citizen Lab on the use of the controversial Pegasus spyware in Spain said dozens of pro-independence supporters in Spain’s northeastern Catalonia region were spied upon using the software.
When asked by The Associated Press, Spain’s Defense Ministry, which is in charge of the CNI, refused to comment on the meeting with CNI director Paz Esteban because its contents are considered classified. Leading Spanish media, however, also reported that the director had shown committee members court authorizations for hacking the cellphones of some Catalan separatists.
“They (the CNI) admit to the spying, but say that it was carried out against far fewer people than those cited by Citizen Lab,” Rufián said.
Tomi Engdahl says:
US Cyber Command Team Helps Lithuania Protect Its Networks
https://www.securityweek.com/us-cyber-command-team-helps-lithuania-protect-its-networks
The Pentagon’s cyber arm says a team spent months working with officials in Lithuania to help protect government networks there from cyberattacks.
The U.S. Cyber Command mission, known as a hunt forward operation, involved a specialized team that worked to identify vulnerabilities and counter malicious cyber activity affecting the networks of Lithuania’s foreign affairs ministry and defense systems. It ended this month.
Tomi Engdahl says:
Android’s May 2022 Security Updates Patch 36 Vulnerabilities
https://www.securityweek.com/androids-may-2022-security-updates-patch-36-vulnerabilities
Google this week announced the release of patches for 36 vulnerabilities as part of its May 2022 security updates for Android.
The most serious of these security holes, the internet giant notes in an advisory, is a high-severity issue in Android’s Framework component that could be exploited for privilege escalation.
The flaw was resolved along with four other vulnerabilities in Framework, including three high-severity elevation of privilege bugs and one moderate-severity information disclosure issue.
Patches for these vulnerabilities were included in the Android 2022-05-01 security patch level, which also resolves eight vulnerabilities in the System component – all eight are rated “high severity” (three bugs lead to elevation of privilege, three to information disclosure, and two to denial of service).
https://source.android.com/security/bulletin/2022-05-01
Tomi Engdahl says:
Conti, REvil, LockBit ransomware bugs exploited to block encryption https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today.
New ransomware strains linked to North Korean govt hackers https://www.bleepingcomputer.com/news/security/new-ransomware-strains-linked-to-north-korean-govt-hackers/
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide.
Tomi Engdahl says:
Heroku to begin user password reset almost a month after GitHub OAuth token theft https://www.zdnet.com/article/heroku-to-begin-user-password-reset-almost-a-month-after-github-oauth-token-theft/
Heroku users urged to change password now before company does so, and notes it will wipe out all API access tokens.