Russia muscling Big Tech
Earlier this year, Russia followed India’s lead with a law requiring foreign information technology companies operating in the country to open local offices. In light of the recent Russian elections, this on the ground presence was used to intimidate companies into complying with state censorship. This included sending armed men to Google’s Moscow offices and summoning representatives from Google and Apple to a session on a Smart Voting app. The government reportedly named specific Google employees it would prosecute if the app wasn’t removed. This was followed by removal of opposition content on YouTube and blocking access to all election services on Telegram.
(Wired)
Data on billions of Clubhouse and Facebook users up for sale
A collection of 3.8 billion phone numbers leaked from the audio chat room app Clubhouse was posted on a hacker forum. This dataset doesn’t have a ton of value to an attacker on its own. However this has now been enhanced by combining it with 533 million Facebook profiles leaked last April, with the combined dataset now for sale on the dark web. Security experts warn this provides enough data to spur basic account takeover and credential-stuffing attacks. While the seller of the dataset probably won’t make a ton of money on its sale, it still provides a trove of social engineering fodder for threat actors to work with.
Malware targets gamer accounts
Security researchers at Kaspersky discovered a new trojan that specifically targets gaming platforms like Steam, Epic Games, EA Origin, and GOG Galaxy to steal sensitive information, including cookies, passwords, and bank cards. Dubbed BloodyStealer, this malware is currently being sold on hacking forums for roughly $40 for a perpetual license or through a recurring subscription. Since being discovered, Kaspersky has monitored the malware being used in Europe, Latin America, and the Asia-Pacific region. The report on the malware doesn’t detail its distribution vector, but generally gaming specific malware is distributed through cheating software and modding tools.
Cloudflare prepping email security suite
The company announced two new free email safety and security features. Cloudflare Email Routing is designed to let users run a custom email domain from a single consumer account, like Gmail or Outlook. This will let users manage numerous email addresses for a custom domain from a single web mail sign in. Security DNS Wizard, gives users access to the anti-spoofing email tools Sender Policy Framework and DomainKeys Identified Mail. While these security standards have been around for a while, they can be difficult to implement for SMBs. Neither of these will interfere with standard web mail spam filtering. The company eventually plans to roll both of these into an Advanced Email Security Suite.
(Wired)
Thanks to our episode sponsor, VMware
TikTok popular with the youth and malware groups
TikTok recently reported it surpassed 1 billion monthly active users, showing a remarkable growth since launching in August 2018. Given its popularity, it’s not surprising to see it gaining traction as a vector for malware groups. A recent mid-year security report from Trend Micro found that TikTok was the most popular app to impersonate, accounting for 53.6% of all malicious apps running COVID-19 scams in the six-month period. While the most popular single category in the app, malware operators also operate apps impersonating education services, as well as vaccine and testing registration apps. One encouraging note, the report found far less COVID-19-related malware schemes in the first six months of 2021 compared to the same period in 2020.
China reminds Chinese that crypto is still illegal
The People’s Bank of China issued a joint statement with nine other government agencies reminding all Chinese nationals, even those working overseas that it already banned crypto trading in 2019, adding that “Overseas virtual currency exchanges that use the internet to offer services to domestic residents is also considered illegal financial activity.” Workers at foreign crypto exchanges will also be investigated. This statement indicated the overseas exchange loophole is closed and that the state will prosecute those still trading crypto.
(CNBC)
Australia gets private digital ID exchange
The company Eftpos became the first accredited non-government operator of a digital identity exchange under Australia’s Trusted Digital Identity Framework, meaning it can now facilitate online transactions requiring a digital identity from Australians, usable with merchants or government agencies that require identity verification, such as proof of age, address details, or bank account information. Australia has its own digital identity solution called myGovID, but Eftpos claims its connectID offers a “smoother, faster, and more secure onboarding experience.”
(ZDNet)
QNAP patches surveillance bugs
The popular NAS makers offers a QVR video management system as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with appropriate cameras. However the company recently had to patch a series of critical bugs in QVR that opened the door for remote code execution. The most severe were command injection vulnerabilities that could allow for complete device takeover. Two of the vulnerabilities impacted devices that had reached end-of-life, but the severity prompted QNAP to release patches. This is not the best year for QNAP security, having been hit with the Qlocker ransomware that targeted SMBs with relatively low ransom demands.
