Microsoft Security Team Helps Android Users. What about Microsoft Users? Meh?
July 13, 2022
Two items caught my attention this morning (July 4, 2022).
The first is “ALERT! Microsoft warns of dangerous Android malware on your phone that intercepts OTP, SMS too.” Locating this story might be tricky. I noted it on DailyHunt, an information service in India. The url displayed for me is in this link. Your mileage may vary. Yeah, the modern Internet. The article reports:
Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware.
What’s the fix? Here’s a helpful suggestion:
A rule of thumb is to avoid installing Android applications from untrusted sources (side loading) and always follow up with device updates.
The second was “Android Toll Fraud malware can subscribe users to premium services without consent.” Once again, the link to my source is this information highway signpost. Good luck because this may be similar to the now long gone Burma Shave signs. The article informed me that:
The toll fraud malware… purchases subscription on behalf of the user in a way that the overall process isn’t perceivable.
So what’s the fix?
One of the easiest ways to protect yourself from this malware is by download the latest version of available software update on your smartphone. Apart from that, avoid installing Android applications from untrusted sources. In addition to that, avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it.
Helpful indeed.
Here’s a quick question: What about Microsoft security for its products and services? Meh. What’s important is a little bit of negative PR for the fun loving Googlers.
Stephen E Arnold, July 13, 2022
TikTok: One US Government Agency Is Not Addicted
July 6, 2022
“U.S. FCC Commissioner Wants Apple and Google to Remove TikTok from Their App Stores” appears to have avoided the digital addiction which some attribute to TikTok. As I have pointed out in my lectures, some Silicon Valley “real news” types are just thrilled with TikTok. Others, like myself, view the app with considerable suspicion. It appears that the UD Federal Communications Commission has some doubts as well.
The write up states:
A leader of the U.S. Federal Communications Commission said he has asked Apple and Google to remove TikTok from their app stores over China-related data security concerns.
The article points out:
- A China connection
- Data hoovering
- A surveillance tool.
The real news folks did not mention TikTok’s usefulness as a psyops weapon.
Oh, well. Why would psyops be important? Possibly manipulation, blackmail, weaponized information. Yeah, no big deal.
Stephen E Arnold, June xx, 2022
The Evolving Ransomware Arena
June 29, 2022
A new report from cybersecurity firm KELA updates us on shifts within the ransomware ecosystem. ZDNet summarizes the findings in, “Ransomware Attacks Have Dropped. And Gangs Are Attacking Each Other’s Victims.” The good news—the number of victims dropped by about 40% from 2021’s last fiscal quarter to the first quarter of this year. The bad news—financial services organizations are now in the top four targeted sectors. Time for each of us to confirm we have unique passwords for our banking logins. And maybe create fresh ones while we are at it.
Writer Charlie Osborne also gives us a little dirt from behind the ransomware scenes:
“A notable shift is Conti’s place as one of the most prolific ransomware groups, alongside LockBit, Hive, Alphv/Blackcat, and Karakurt. … During the first few months of this year, Conti publicly pledged its support for Russia’s invasion of Ukraine. Following the Russian-speaking group’s declaration, in retaliation, an individual broke into its systems and leaked Conti’s malware code and internal chat logs – a treasure trove for researchers and defenders alike. While security teams were able to use the leaks to improve their understanding of the ransomware gang’s operations, it also impacted Conti’s place in the pecking order. According to KELA, Conti has been booted from the top spot in the months following the leak. While still active, it appears that Conti’s victim list decreased from January, with LockBit moving up the ranks. In Q1, LockBit hit 226 recorded victims, ranging from manufacturing and technology to the public sector. However, together with its suspected subsidiary KaraKurt, Conti is still the second-most active ransomware gang in 2022. Alphv is considered an emerging threat by KELA as a new player, having only really hit the spotlight in December 2021.”
And the race for dominance continues. The competition appears to be cutthroat, with gangs apparently attacking each other and/or targeting the same victims: In some cases, the stolen data published by several gangs was identical. Then again, that could be the result of cooperation. Researchers also found evidence of ransomware gangs collaborating with each other. How nice.
Cynthia Murrell, June 29, 2022
Cyber Security: PowerPoints Are Easy. Cyber Security? Not So Much
June 21, 2022
I received a couple of cyber security, cyber threat, and cyber risk reports every week. What’s interesting is that each of the cyber security vendors mentioned in the news releases, articles, and blog posts discover something no other cyber outfit talks about. Curious.
I read “Most Security Product Buyers Aren’t Getting Promised Results: RSA Panel.” The article explains that other people poking around in security have noticed some oddities, if not unexplained cyber threats too.
The article reports:
Hubback [an expert from ISTARI] said that “90% of the people that I spoke to said that the security technologies they were buying from the market are just not delivering the effect that the vendors claim they can deliver. … Quite a shocking proportion of people are suffering from technology that doesn’t deliver.”
I found this factoid in the write up interesting:
…vendors know their product and its strengths and weaknesses, but buyers don’t have the time or information to understand all their options. “This information asymmetry is the classic market for lemons, as described by George Akerlof in 1970,” said Hubback. “A vendor knows a lot more about the quality of the product than the buyer so the vendor is not incentivized to bring high-quality products to market because buyers can’t properly evaluate what they’re buying.”
Exploitation of a customer’s ignorance and trust?
Net net: Is this encouraging bad actors?
Stephen E Arnold, June 21, 2022
NSO Group: Is This a Baller Play to Regain Its PR Initiative or a Fumble?
June 15, 2022
Secrecy and confidentiality are often positive characteristics in certain specialized software endeavors. One might assume that firms engaged in providing technology, engineering support, and consulting services would operate with a low profile. I like to think of my first meeting with Admiral Craig Hosmer. We each arrived at the DC Army Navy Club at 2 30 pm Eastern time. The Admiral told me where to sit. He joined me about 15 minutes later. The Club was virtually empty; the room was small but comfortable; and the one staff member was behind the bar doing what bartenders do: Polishing glasses.
Looking back on that meeting in 1974, I am quite certain no one knew I was meeting the Admiral. I have no idea where the Admiral entered the building nor did I see who drove him to the 17th Street NW location. My thought is that this type of set up for a meeting was what I would call “low profile.”
“US Defence Contractor in Talks to Take Over NSO Group’s Hacking Technology” illustrates what happens when the type of every day precautions Admiral Hosmer took are ignored. A British newspaper reports:
The US defence contractor L3Harris is in talks to take over NSO Group’s surveillance technology, in a possible deal that would give an American company control over one of the world’s most sophisticated and controversial hacking tools. Multiple sources confirmed that discussions were centered on a sale of the Israeli company’s core technology – or code – as well as a possible transfer of NSO personnel to L3Harris.
Okay, so much for low profiling this type of deal.
I am not sure what “multiple sources” mean. If someone were writing about my meeting the Admiral, the only sources of information would have been me, the Admiral’s technical aide (a nuclear scientist from Argonne National Laboratory), and probably the bartender who did not approach the area in which the former chair of the Joint Committee on Atomic Energy were sitting.
But what have we got?
- A major newspaper’s story about a company which has made specialized services as familiar as TikTok
- Multiple sources of information. What? Who is talking? Why?
- A White House “official” making a comment. Who? Why? To whom?
- A reference to a specialized news service called “Intelligence Online”. What was the source of this outfit’s information? Is that source high value? Why is a news service plunging into frog killing hot water?
- Ramblings about the need to involve government officials in at least two countries. Who are the “officials”? Why are these people identified without specifics?
- References to human rights advocates. Which advocates? Why?
Gentle reader, I am a dinobaby who was once a consultant to the company which made this term popular. Perhaps a return to the good old days of low-profiling certain activities is appropriate?
One thing is certain: Not even Google’s 10-thumb approach to information about its allegedly smart software can top this NSO Group PR milestone.
Stephen E Arnold, June 15, 2022
The Alleged Apple M1 Vulnerability: Just Like Microsoft?
June 15, 2022
I read “MIT Researchers Uncover Unpatchable Flaw in Apple M1 Chips.” I have no idea if the exploit is one that can be migrated to a Dark Web or Telegram Crime as a Service pitch. Let’s assume that there may be some truth to the clever MIT wizards’ discoveries.
First, note this statement from the cited article:
The researchers — which presented their findings to Apple — noted that the Pacman attack isn’t a “magic bypass” for all security on the M1 chip, and can only take an existing bug that pointer authentication protects against.
And this:
In May last year, a developer discovered an unfixable flaw in Apple’s M1 chip that creates a covert channel that two or more already-installed malicious apps could use to transmit information to each other. But the bug was ultimately deemed “harmless” as malware can’t use it to steal or interfere with data that’s on a Mac.
I may be somewhat jaded, but if these statements are accurate, the “unpatchable” adjective is a slide of today’s reality. Windows Defender may not defend. SolarWinds’ may burn with unexpected vigor. Cyber security software may be more compelling in a PowerPoint deck than installed on a licensee’s system wherever it resides.
The key point is that like many functions in modern life, there is no easy fix. Human error? Indifference? Clueless quality assurance and testing processes?
My hunch is that this is a culmination of the attitude of “good enough” and “close enough for horseshoes.”
One certainty: Bad actors are encouraged by assuming that whatever is produced by big outfits will have flaws, backdoors, loopholes, stupid mistakes, and other inducements to break laws.
Perhaps it is time for a rethink?
Stephen E Arnold, June 15, 2022
Microsoft: Helping Out Google Security. What about Microsoft Security?
June 14, 2022
While Microsoft is not among the big tech giants, the company still holds a prominent place within the technology industry. Microsoft studies rival services and products to gain insights as well as share anything to lower their standing such as a security threat, “Microsoft Researchers Discover Serious Security Vulnerabilities In Big-Name Android Apps.” The Microsoft 365 Defender Research Team found a slew of severe vulnerabilities in the mce Systems mobile framework used by large companies, including Rogers Communications, Bell Canada, and AT&T, for their apps.
Android phones have these apps preinstalled in the OS and they are downloaded by millions of users. These vulnerabilities could allow bad actors to remotely attack phones. The types of attacks range from command injection to privilege escalation.
The Microsoft 365 Defender Research Team shared the discovery:
“Revealing details of its findings, the security research team says: ‘Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attack vectors for attackers to access system configuration and sensitive information’.
In the course of its investigation, the team found the mce Systems’ framework had a “BROWSABLE” service activity that an attacker could remotely invoke to exploit several vulnerabilities that could allow adversaries to implant a persistent backdoor or take substantial control over the device.”
Vulnerabilities also affected apps on Apple phones. Preinstalled apps simplify device activation, troubleshooting, and optimize performance. Unfortunately, this gives apps control over the majority of the phone and the bad actors will exploit them to gain access. Microsoft is worked with mce Systems to fix the threats.
Interestingly, Microsoft found the security threats. Maybe Microsoft wants to reclaim its big tech title by protecting the world from Google’s spies?
Whitney Grace, June 14, 2022
DarkTrace: A Tech NATO Like a Digital “Sharknado”?
June 7, 2022
Don’t get me wrong. I think the idea of group of countries coordinating cyber actions is a good idea. Maybe that’s why there is a Europol and alliances like Five Eyes. “Darktrace CEO Calls for a Tech NATO Amid Growing Cyber Threats” reports that the UK company thinks the idea is a good one. I learned:
Gustafsson [the senior executive at DarkTrace] wants to see the creation of a dedicated international cyber task force, or a “tech NATO”, where global partners can collaborate, agree, and ratify norms for the cybersphere—including what kind of response would be warranted for breaches.
The write up loses me with this passage:
Greater cooperation is certainly needed to combat evolving cyber threats. However, Gustafsson’s call for a “Tech NATO” is surprising—not least because NATO itself already has one in the form of the CCDCOE (Cooperative Cyber Defence Centre of Excellence).
If NATO has such an entity, why not build on that confederation?
I think that DarkTrace has been innovative in its messaging, not confusing. Most of the cyber threat firms are struggling with marketing messages. Each vendor discovers threats apparently unknown to any other vendor. Military cyber intelligence folks seem to be wrestling with 24×7 automated attacks at the same time the effervescent Elon Musk thwarts attempts to kill off his satellite-centric Internet service. After 100 days of deadly skirmishes, Russia has managed to turn off Ukrainian mobile service in several disputed regions. Speedy indeed.
Has DarkTrace succumbed to cyber threat marketing fatigue and aiming for the fences with Tech NATO? The 2013 was pretty wild and crazy. Will Tech NATO follow a similar trajectory? But it’s summer and marketing is hard.
Stephen E Arnold, June 6, 2022
Follina, Follina, Making Microsofties Cry
June 6, 2022
I read “China-Backed Hackers Are Exploiting Unpatched Microsoft Zero-Day.” According to the estimable Yahoo News outfit:
China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems…. The flaw, which affects 41 Microsoft products including Windows 11 and Office 365, works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.
Ah, ha, Windows 11. The trusted protection thing? Yeah, well. The write up added some helpful time information:
The Follina zero-day was initially reported to Microsoft on April 12, after Word documents – which pretended to be from Russia’s Sputnik news agency offering recipients a radio interview – were found abusing the flaw in the wild. However, Shadow Chaser Group’s crazyman, the researcher who first reported the zero-day, said Microsoft initially tagged the flaw as not a “security-related issue”. The tech giant later informed the researcher that the “issue has been fixed,” but a patch does not appear to be available.
Bob Dylan’s song makes this latest security issue easy to remember:
Follina, Follina
Girl, you’re on my mind
I’m a-sittin down thinkin of you
I just can’t keep from crying
Big sobs, not sniffles.
Stephen E Arnold, June 6, 2022
Microsoft and Security: This Must Be an April Fool Joke in May, Right?
May 27, 2022
I read “Pwn2Own Hackers Just Broke Into Windows 11 and Teams in a Single Day.” Was this an Onion article? A write up from a former Punch writer? An output from Google’s almost human super capable smart software?
Nope. The source is a reliable online publication called Make Use Of or MUO to its friends.
I learned:
Day one of Pwn2Own is over, and taking a look at the bounty board shows that Microsoft’s software didn’t stand up well to the onslaught. The event saw three successful attacks on Microsoft Teams, and two against Windows 11. Each successful hack was rewarded accordingly, with the lowest bounty coming in at an impressive $40,000, and the biggest at an eye-watering $150,000.
Ah, Windows 11 and the feature-spawning Teams!
My view of Windows 11 is that it was pushed out to distract some Silicon Valley type news reporters from the massively bad SolarWinds’ misstep. Few agree with me.
Be that as it may, Windows 11 does not seem to be the paragon of security that I thought Microsoft explained. You know, the TPM thing and the idea that certain computers were not able to deal with the the Millie Vanillie approach to security. Catchy lyrics, but not exactly what paying customers expected.
The article cited concludes with this statement:
With hackers putting up big wins against Microsoft’s apps at Pwn2Win, it shows that the company’s software is perhaps not as secure as it should be. Hopefully, Microsoft can publish fixes for these exploits before they fall into the wrong hands.
Will Microsoft, like Netgear, find that it cannot “fix” certain issues with its software and systems.
Stephen E Arnold, May 27, 2022