North Korean hackers targeting security researchers
Google’s Threat Analysis Group warned that North Korean government-sponsored hackers are again targeting security researchers on social media, something previously seen in January. The attackers used fake Twitter and LinkedIn social media accounts, setting up a website for the fake company SecuriElite claiming to offer offensive security services. The site hadn’t yet been setup to deliver malicious content, but the site has been added to Google Safebrowsing as a precaution, with known fake profiles reported by Google and now removed. The similar effort in January attempted to install backdoors into security researchers’ machines using zero-day vulnerabilities, and Google says it’s likely the group has new zero-days to exploit if they are trying the approach again.
Report details data sent from mobile operating systems
Professor Douglas J. Leith from Trinity College at the University of Dublin published a report looking at telemetry data sent by iOS and Android devices on the OS level, finding both OS’s sent data even when opting out and not logged in. IMEI, hardware serial numbers, cookies, and IP addresses were among the information sent, with iOS sending some location data, although Android sent out more data overall, roughly 1MB every 12 hours compared to 52KB on iOS. Both platforms transmitted data roughly every 4.5 minutes. In response to the findings, Apple said the report “misunderstands how personal location data is protected.” Google disputed the paper’s methodology and said it will release public documentation on the telemetry data collected.
Does CISA have the resources to succeed?
Congress created the Cybersecurity and Infrastructure Security Agency inside of the Department of Homeland Security two years ago in the wake of Russian interference in the 2016 election, dedicated to focusing on defensive cyber security. However recent interviews with current and former staff by Politico found the roughly 2,000 person agency may be too stretched recovering from recent high profile breaches to prepare for future ones. The agency already had its hands full helping state and local election officials protect their systems ahead of the 2020 election, before the SolarWinds supply chain attack and recent Microsoft Exchange server exploits came to light. Current staffers reported being “somewhat exhausted” with not enough personnel to fill out threat-hunting and incident-response teams. Staffers say CISA is able to largely meet the security needs of other federal agencies, but is struggling to provide support to private-sector infrastructure companies. Still, staff reports morale remains generally high, with confidence CISA can fulfill its mission, and energized by recent political appointees to DHS.
(Politico)
Trust in tech declines worldwide
This comes from a recent survey of 31,000 people across 27 countries as part of the Edelman Trust Barometer. The survey found that favorable views of the tech sector fell six points globally, to 70 out of 100, hitting all-time lows in 17 of the surveyed countries including the U.S., U.K., France, China, Japan, Thailand, Brazil and Mexico.In the US, tech was the most trusted business sector in the US last year, falling to 9th in this survey. Social media companies scored the lowest trust score of all business categories, with 46 out of 100.
(Axios)
Thanks to our episode sponsor, Remediant
To learn more, visit remediant.com
Advertising group publishes details on third-party cookie alternative
A group of advertising executives and adtech companies including PubMatic, OpenX and Zeta Global announced an anonymous identifier to replace third-party cookies called SWAN, which it poses as an alternative to Google’s FLoC system and opening up a 60-day public-comment period. When visiting a site using SWAN, users will be asked to consent for all publishers using SWAN to show them ads, with an option for personalized ads, with preferences able to be changed any time and synced across the network.
Arm releases Armv9 architecture
Arm announced its first major new chip architecture in ten years, called Armv9. The architecture is immediately 15% faster and backwards-compatible with Armv8. It also adds Arm’s confidential compute architecture and the concept of Realms.This lets developers write applications where the data is shielded from the operating system and other apps on the device. According to Arm’s chief architect Richard Grisenthwaite, “[o]nly the Realm manager is the thing that’s actually capable of seeing your data while it’s in action.” Armv9 also adds Scalable Vector Extension 2 for improved AI workload performance.
Arizona third-party payment bill won’t get a hearing
We reported last week that Arizona House Bill 2005, which requires mobile platforms to offer third-party payment systems, was scheduled for a vote but for an unknown reason never received one. The bill’s sponsor, Representative Regina Cobb now says the bill will not receive a vote before the end of Arizona’s congressional session next month. She said extensive tech lobbying contributed to a lack of support for the bill, and Commerce Committee Chair J.D. Mesnard said the bill was pulled due to wavering legislative support.
Scam iOS app steals Bitcoin
iPhone user Phillipe Christodoulou claims that a scam iOS app imitating the Trezor wallet stole 17.1 Bitcoins from his wallet, the equivalent of roughly $600,000. The app featured the Trezor logo with numerous five-star reviews. Apple says it got through the App Store review process using “a bait-and-switch” technique, initially categorized as a “cryptography” app for storing passwords and not involved in cryptocurrency, although when submitted it did use the Trezor name and logo. Once submitted, it changed itself into a cryptocurrency wallet. Trezor, a hardware cryptocurrency wallet company, itself does not have a smartphone app, saying its been warning Apple and Google about fake apps “for years.” Apple said it removed the fake app and banned its developer.
