Browse > Home / Archive by category 'cybersecurity'

App Tracking? Sure, Why Not?

May 4, 2022

Big tech companies, including Google, Facebook, and Apple, are supposed to cut back on the amount of data they collect from users via apps. Despite the lip service to users, apps are still collecting data and it appears these companies will not stop anytime soon. Daiji World explains how much data apps are still gathering in: “Apps Still tracking Users’ Data On Apple App Store.”

A University of Oxford research term investigated 1759 Apple IOS apps in the United Kingdom App Store. The team monitored these apps before and after Apple implemented new tracking policies that supposedly make it harder to track users. Unfortunately, these apps are still tracking users as well as collecting user fingerprinting. The team found hard evidence of user tracking:

“The researchers found real-world evidence of apps computing a mutual fingerprinting-derived identifier through the use of “server-side code” — a violation of Apple’s new policies and highlighting the limits of Apple’s enforcement power as a privately-owned data protection regulator. ‘Indeed, Apple itself engages in some forms of user tracking and exempts invasive data practices like first-party tracking and credit scoring from its new privacy rules,’ claimed Konrad Kollnig, Department of Computer Science, University of Oxford.”

Apple’s Privacy Nutrition Labels are also inaccurate and are in direct conflict with Apple’s marketing claims. It is a disappointment that Apple is purposely misleading its users. Enforcing user privacy laws is sporadic, and tech companies barely follow what they set for themselves. Apple has its own OS, so they have a closed technology domain that they control:

“ ‘Apple’s privacy efforts are hampered by its closed-source philosophy on iOS and the opacity around its enforcement of its App Store review policies. These decisions by Apple remain an important driver behind limited transparency around iOS privacy,” [the research team] emphasised.”

Does this come as a surprise for anyone? Nope.

Apple can d whatever it wants because it is a prime technology company and it develops everything in-house. The only way to enforce privacy laws is transparency, but Apple will not become crystal clear because it will mean the company will lose profits.

Whitney Grace, May 4, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Mobile, News | Comments Off on App Tracking? Sure, Why Not? 

Apple and Stalking? The Privacy Outfit?

May 3, 2022

Here is a tale of unintended, though not unanticipated, consequences. Engadget tells us “Police Reports Suggest a Larger Pattern of AirTag Stalking.” A few isolated cases of bad actors using Apple AirTags to facilitate stalking or car theft have come to light since the device was released in April 2021. To learn how widespread the problem is, Motherboard requested any records mentioning the technology from dozens of police departments around the country. Writer K. Holt summarizes:

“Motherboard received 150 reports from eight police departments and found that, in 50 cases, women called the cops because they received notifications suggesting that someone was tracking them with an AirTag or they heard the device chiming. (An AirTag will chime after it has been separated from its owner for between eight and 24 hours.) Half of those women suspected the tags were planted in their car by a man they knew, such as a current or former romantic partner or their boss. The vast majority of the reports were filed by women. There was just one case in which a man made a report after suspecting that an ex was using an AirTag (which costs just $29) to stalk him. Around half of the reports mentioned AirTags in the contexts of thefts or robberies. Just one instance of AirTag-related stalking would be bad enough. Fifty reports in eight jurisdictions in eight months is a not insignificant number and there are likely other cases elsewhere that haven’t been disclosed.”

Apple was aware the product had the potential to be abused, which is why the alerts cited by victims were built into it from the start. The company has since made some tweaks to make it more obvious if its product has been slipped into one’s belongings, like chiming sooner or making those notification messages clearer. At first the notifications only worked on iOS devices, leaving Android users in the dark. An Android app has since been released, but those users must be aware of the problem, and remember to manually scan for potential AirTag-alongs, for it to be of any use. Google is reportedly working on OS-level detection, which would be some consolation.

And the bad actors? Probably beavering away.

Cynthia Murrell, May 3, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News | Comments Off on Apple and Stalking? The Privacy Outfit? 

UAE Earns a Spot on Global Gray List

April 26, 2022

Forget Darkmatter. This is a gray matter.

Where is the best place to stash ill-gotten gains? The Cayman Islands and Switzerland come to mind, and we have to admit the US is also in the running. But there is another big contender—the United Arab Emirates. The StarTribune reports, “Anti-Money-Laundering Body Puts UAE on Global ‘Gray’ List.” Writer Jon Gambrell tells us:

“A global body focused on fighting money laundering has placed the United Arab Emirates on its so-called ‘gray list’ over concerns that the global trade hub isn’t doing enough to stop criminals and militants from hiding wealth there. The decision late Friday night by the Paris-based Financial Action Task Force [FATF] puts the UAE, home to Dubai and oil-rich Abu Dhabi, on a list of 23 countries including fellow Mideast nations Jordan, Syria and Yemen.”

Will the official censure grievously wound business in the country? Not by a long shot, though it might slightly tarnish its image and even affect interest rates. The FATF admits the UAE has made significant progress in fighting the problem but insists more must be done. Admittedly, the task was monumental from the start. We learn:

“The UAE long has been known as a place where bags of cash, diamonds, gold and other valuables can be moved into and through. In recent years, the State Department had described ‘bulk cash smuggling’ as ‘a significant problem’ in the Emirates. A 2018 report by the Washington-based Center for Advanced Defense Studies, relying on leaked Dubai property data, found that war profiteers, terror financiers and drug traffickers sanctioned by the U.S. had used the city-state’s boom-and-bust real estate market as a safe haven for their money.”

Is the government motivated to change its country’s ways? Yes, according to a statement from the Emirates’ Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism. That ponderously named body promises to continue its efforts to thwart and punish the bad actors. The country’s senior diplomat also chimed in on Twitter, pledging ever stronger cooperation with global partners to address the issue.

Cynthia Murrell, April 26, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Governance, Government, News | Comments Off on UAE Earns a Spot on Global Gray List 

The Patching Play

April 25, 2022

I read “Patching Is Security Industry’s ‘Thoughts and Prayers’: Ex-NSA Man Aitel.” The former leader of ImmunitySec asserts that patching delivers a false sense of security. Other industry experts believe that patching has some value. Both are correct. In my opinion, both are missing an important aspects of patching software and systems to keep bad actors at bay.

What’s my view?

Patching — real or pretend — is a launch pad for marketing. A breach occurs and vendors have an opportunity to explain what steps have been taken to protect the software and services, partners, customers, and in some cases the vendors themselves. Wasn’t it Solar something?

Microsoft explained that bad actors marshaled a team of 1,000 programmers. That’s marketing because the bad actors were in that case countries, not disgruntled 40 years olds in a coffee shop.

The name of the game is cat and mouse. The bad actors find a flaw, exploit it, or sell it. The good actors respond the the issue and issue an alleged patch. The PR machines, which is like Jack Benny’s Maxwell with a transplanted Tesla electric motor fires up.

Will the wheels fall off? Haven’t they?

Stephen E Arnold, April 25, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Marketing, News | Comments Off on The Patching Play 

Microsoft: A Consistently Juicy Target

April 25, 2022

I am perched in Washington, DC, checking news flows. What did I spy this morning (April 24, 2022)? This article caught my eye: “Microsoft Exchange Servers Are Being Infected with Ransomware.” Is this a remembrance from times past? The story asserts as actual factual (but who knows anymore?):

In the attack the team studied, Hive commenced its assault via the exploitation of ProxyShell, a collection of Microsoft Exchange Server vulnerabilities (and critical ones at that) that provide a way for attackers to remotely execute code. Microsoft reportedly patched this problem in 2021.

The key phrase in this allegedly accurate write up is “Microsoft reported patched this problem in 2021.”

Several observations:

  • Yo Windows Defender and the other Microsoft security systems, “What’s shaken’?”
  • What’s with the “reportedly”? If the write up is accurate, the problem was fixed.
  • How many thousands of bad actors are involved in this problem? Probably quite a few because this is CaaS, crime as a service.

Net net: Microsoft may be faced with security problems for which there is no reliable remediation. PR, however, is quite easy to deploy.

Stephen E Arnold, April 25, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Microsoft, News | Comments Off on Microsoft: A Consistently Juicy Target 

MBAs and Security Professionals: A New Opportunity?

April 18, 2022

I am not sure how quickly this information will diffuse into MBA programs and venture firms enjoying their stakes in cyber security firms. But the info will arrive, and it will add brio to PowerPoint sales decks.

A Centralized Surveillance System That Keeps Up with Your Business Growth” states:

A robust surveillance system is undoubtedly an essential component to safeguarding businesses’ securities and assets.

These data come from a research firm of which I have never heard. Never mind that. The key point is that there will be 50 percent growth going forward.

What new planning, equipment, and software are needed? Check out this shopping list:

  1. Cameras
  2. Storage
  3. Maintenance

One may want to add additional legal fees unless one is running a business in an environment in which total surveillance is already a requirement.

Exciting stuff for consultants too, if the research is accurate. And the sponsor? Synology. Interesting marketing angle for storage. Just capture everything?

Stephen E Arnold, April 18, 2022

Written by Stephen E. Arnold · Filed Under Business strategy, cybersecurity, News | Comments Off on MBAs and Security Professionals: A New Opportunity? 

Being Googley: Is the Chrome Browser at Risk in Some SolarWinds?

April 15, 2022

I read “Google Issues Third Emergency Fix for Chrome This Year.” The main idea is that Google is pumping out software which appears to invite bad actors to a no-rules party. The article states:

The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi. It is the third such emergency update Google has had to issue for Chrome this year.

Yeah, the browser thing.

Several observations:

  1. If a wildly popular Google output cannot be made secure, what about the services and software which are less engineer “rich”?
  2. Does Google deserve the scrutiny that Microsoft and other alleged monopolies attracts? Google has been “off the radar” compared with other companies in the last couple of years it seems.
  3. What will bad actors do with the signal that three security updates have been issued, and we have not made it to the summer solstice? My thought is that computer science students in some Eastern European countries will be getting some new homework assignments.

Like other large companies, making any security issue public poses risks: There are stakeholders, there are legal eagles, and there are those fresh faced, motivated students in countries which crank out capable programmers and engineers. Some of these individuals may find that exploit creation provides a way to spin up some extra cash.

How many of these individuals are available on gig work sites? What information is flowing through private Telegram groups? The limping Dark Web still has some interesting for a too.

Net net: What Googley vulnerabilities exist which have not been disclosed? How many weak spots exist in the Google just waiting for a bright person to exploit? We know what the article reports, and that information begs more difficult questions.

Stephen E Arnold, April 15, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Google, News | Comments Off on Being Googley: Is the Chrome Browser at Risk in Some SolarWinds? 

Google Hits Microsoft in the Nose: Alleges Security Issues

April 15, 2022

The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!

The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:

Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.

There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.

That’s a Googley point of view from Google’s cloud services unit.

And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:

Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.

I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:

  • How are the anti ad fraud mechanisms working?
  • What’s the issue with YouTube creators’ allegations of algorithmic oddity?
  • What’s the issue with malware in approved Google Play apps?
  • Are the incidents reported by Firewall Times resolved?

Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?

From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.

Stephen E Arnold, April 15, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Financial, Google, Government, Microsoft, News | Comments Off on Google Hits Microsoft in the Nose: Alleges Security Issues 

Windows System Flaw Exploited In Ransomware

April 15, 2022

Will your Windows 11 set up result in losing your data? That’s a rumor. We learned that there may be other risks in the Microsoft ecosystem as well.

Microsoft Windows is the most deployed operating system in the world. It is also the easiest operating system to learn and, unfortunately, exploit. Tech Radar explains how bad actors hack Windows systems in the article, “Windows And LinkedIn Flaws Used In Conti Ransomware Attacks, Google Warns.”

The Conti ransomware group Exotic Lily work as initial access brokers to hack organizations, steal their digital data, and ransom it back to the rightful owners or sell access to the highest bidder. What is interesting is ransomware groups usually outsource their initial access efforts before taking over the attack, then deploying the malware. Google’s Threat Analysis Group research Exotic Lily and was surprised by the amount of advanced tactics and the large amount of grunt work it does. The Threat Analysis Group discovered that Exotic Lily works in the following way:

“The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaign’s credibility. After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs, and increase the chances of delivery to the target endpoint. The malware, usually a weaponized document, exploits a zero-day in Microsoft’s MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader.”

The Threat Analysis Group believes Exotic Lily is an independent operator and works for the highest bidder. It has used ransomware attacks based on Conti, Wizard Spider, and Dial. Exotic Lily targets healthcare, cyber security, and IT organizations, however, it has been expanding its victim base.

But is Google overstating, do some marketing, or trying to help out valued users?

Whitney Grace, April 11, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Microsoft, News | Comments Off on Windows System Flaw Exploited In Ransomware 

PR or Reality? Only the Cyber Firms Know the Answer

April 6, 2022

Cyber crimes are on the rise. Businesses and individuals are the targets of malware bad actors. IT Online details how cyber security firms handle attacks: “What Happens Inside A Cybercrime War-Room?” As a major business player in Africa, South Africa fends off many types of cyber attacks: coin miner modules, viruses downloaded with bad software, self-spreading crypto mining malware, and ransomware.

The good news about catching cyber criminals is that white hat experts know how their counterparts work and can use technology like automation and machine learning against them. Carlo Bolzonello is the country manager for South Africa’s Trellis’s branch. He said that cyber crime organizations are run like regular businesses, except their job is to locate and target IT vulnerable environments. Once the bad business has the victim in its crosshairs, the bad actors exploit it for money or other assets for exploration or resale.

Bolzonello continued to explain that while it is important to understand how the enemy works, it is key that organizations have a security operations center armed with various tools that can pull information about possible threats into one dashboard:

“That single dashboard can show where a threat has emerged, and where it has spread to, so that action can be taken, immediately. It can reveal whether ransomware has gained access via a “recruitment” email sent to executives, whether a “living off the land” binary has taken hold via a download of an illicit copy of a movie, or whether a coin miner module has inserted itself via pirated software. Having this information to hand helps the SOC design and implement a quick and effective response, to stop the attack spreading further, and to prevent it costing money for people and businesses.”

Having a centralized dashboards allows organizations respond quicker and keep their enemies in check. Black hat cyber organizations actually might have a reverse of a security operations center that allow them to locate vulnerabilities. PR or reality? A bit of both perhaps?

Whitney Grace, April 6, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Marketing, News | Comments Off on PR or Reality? Only the Cyber Firms Know the Answer 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta