A Microgoof or a Google PR Opportunity?
July 19, 2021
It is difficult to determine if Google is on the money with its alleged discovery of Russian cyber criminals targeting big wheels via LinkedIn. True or not, it may be another security misstep for the Redmond giant. “Russian Hackers Disguised as LinkedIn Networkers Spreading Malware” asserts:
A new investigation by Google shows that some of the common LinkedIn spam can be quite dangerous. Hackers with possible connections to the Russian government sent fraudulent LinkedIn messages to various officials from European countries with links aimed to exploit vulnerabilities in Windows and iOS. It is not yet known how many LinkedIn users were targeted in this hacking campaign and how many of them were ultimately hacked. Google believes that the cybercriminal gang responsible for the hacking campaign is most likely backed by the Russian government.
If this article is on the money, the odds are getting longer that Sergey Brin will be able to ride a Russian rocket into space. The article includes the statement “backed by the Russian government.” That might toss those orbital dreams into the Caspian Sea, the lowest point in the country. Also, the tecnopolies may be squaring off for a public relations dust up. I mean how could the Chrome love birds spat over a minor security issue. LinkedIn is a Microsoft property, and I assume it is protected by all manner of Microsoft security software as well as systems purchased or licensed.
LinkedIn vulnerable. Some believe LinkedIn lost control of user data earlier this year. Forbes reported that data about 700 million LinkedIn uses was for sale on a hacking forum.
However, if one compares the LinkedIn assertion from the GOOG with the mostly verified PrintNightmare glitch, the Microgoof results from repeated efforts to patch the print spooler. By the way, this gem is in most Windows versions. Here’s a flow chart to guide your remediation efforts:
LinkedIn versus what seems to be an engineered in persistent invitation to bad actors to have a series of great days. No zero days needed it seems.
Pick your Microgoof. Personally I find the print spooler thing more enjoyable than people looking for work.
Stephen E Arnold, July 19, 2021
China: Prudence or Protectionism?
July 15, 2021
With many countries struggling with cyber breaches, China seems to be implementing procedures. Are these prudent steps or actions designed to enforce protectionist policies. “China Tightens Rules on Foreign IPOs in New Blow to Tech Firms” reports:
China proposed new rules that would require nearly all companies seeking to list in foreign countries to undergo a cybersecurity review, a move that would significantly tighten oversight over its internet giants.
The write up somewhat optimistically suggests that companies seeking to list on a non-US / non-Euro-centric stock exchange will elect to embrace Hong Kong.
Maybe not.
Is the decision to link listing with cyber security a wild and crazy idea, or is China taking a leadership position in cyber prophylaxis?
Worth monitoring this possible move.
Stephen E Arnold, July 15, 2021
News Flash! Security Measures Only Work if Actually Implemented
July 14, 2021
Best practices are there for a reason but it seems many companies are not following them. According to TechRadar, “Ransomware Is Not Out of Control’ Security Teams Are.” Reporter Mayank Sharma interviewed Optiv Security VP and former FBI Information and Technology official James Turgal, who puts the blame for recent ransomware attacks squarely on organizations themselves. In answer to a question on the most common missteps that pave the way for ransomware attacks, Turgal answered:
“Every business is different. Some older and more established organizations have networks and infrastructure that have evolved through the years without security being a priority, and IT shops have traditionally just bolted on new technology without properly configuring it and/or decommissioning the old tech. Even startups who begin their lives in the cloud still have some local technology servers or infrastructure that need constant care and feeding. Some of the themes I see, and the most common mistakes made by companies, are:
1. No patch strategy or a strategy that is driven more by concerns over network unavailability and less on actual information assurance and security posture.
2. Not understanding what normal traffic looks like on their networks and/or relying on software tools. Usually too many of them overlap and are misconfigured. The network architecture is the company’s pathway to security or vulnerability with misconfigured tools.
3. Relying too much on backups, and believing that a backup is enough to protect you. Backups that were not segmented from the network, were only designed to provide a method of restoring a point in time, and were never designed to be protected from an attacker. Backups need to be tested regularly to ensure the data is complete and not corrupted.”
Another mistake is focusing so narrowly on new projects, like a move to cloud storage, that vulnerabilities in older equipment are neglected. See the article for more of Turgal’s observations and advice. Surely he would like readers to consider his company’s services, and for some businesses outsourcing cybersecurity to experienced professionals (there or elsewhere) might be a wise choice. Whatever the approach, organizations must keep on top of implementing the most up-to-date security best practices in order to stem the tide of attacks. Better to spend the money now than pay out in Bitcoin later.
Cynthia Murrell, July 14, 2021
Microsoft Percept: Perception in the Azure Cloud
July 13, 2021
Does your printer work? The printer is fine and our Apple Minis and laptops have zero problem generating hard copy. What about people joining a Teams meeting when those individuals are not 365 paying customers? Have you plugged in a second or third monitor and wondered where the icons went when using Windows 10? How is Windows Defender working for you since you received the Revil ransomware popup?
Ah, no solid answers. We don’t have any either. Windows 11 may address these trivial issues but the big repair job will arrive with Microsoft Percept. “Microsoft Aims to Expedite New Edge Computing Use Cases with Azure Percept” defines the bold new Star Trek-like innovation this way:
Azure Percept … is an end-to-end system for edge AI development and deployment that now works over 5G and LPWA as well.
Sound great to you? Beyond Search is not 100 percent convinced. We would be okay with better security within Microsoft software and a printer method which allows printers to print.
Microsoft seems to be more comfortable marketing than delivering software and systems which work as users expect. Microsoft software is in wide use. Cyber criminals rely on Microsoft’s door-wide-open methods. I suppose more bad actors would print out their zero days, exploits, and code snippets if their printers worked.
Stephen E Arnold, July 13, 2021
Tor Compromised?
July 9, 2021
I read “Tor Encryption Can Allegedly Be Accessed by the NSA, Says Security Expert.” I was stunned. I thought that the layers of encryption, the triple hop through relays, and the hope that everything worked as planned was bulletproof. And who funded Tor in the first place? What’s the status of the not-for-profit foundation today? Why were some European entities excited about cross correlating date and time stamps, IP addresses, and other bits of metadata? I don’t have answers to these questions, nor does the write up.
The article presents this information:
A security expert by the name of Robert Graham, however, has outlined his reasons for actually believing that the NSA might not even need tricks and paltry exploits in order for them to gain access to Tor, according to a blog post on Erratasec. Why? The security expert notes that this is because they might already have the keys to the kingdom. If they don’t, then they might be able to, according to arsTechnica.
Let me see if I can follow the source of this interesting assertion. TechTimes (the outfit publishing the “Tor Encryption Can” story cited above) quotes a security expert. There was a source called Erratasec. Then there was a story on ars Technica.
Now I think that Tor software and the onion method have security upsides and downsides. I also know that what humans create, other humans can figure out. I think the point of the write up is that anyone who uses Tor should embrace the current version.
Can NSA or any other intelligence entity figure out who is doing what, when, and why? My view is that deobfuscation methods are advancing. The fact that bad actors are shifting from old-school Dark Web sites to other channels speaks volumes. Bad actors have been shifting to messaging services which feature end-to-end encryption (E2EE) and do not require a particularly hard-to-complete registration process. But this shift from the “old” Dark Web to the “new” Dark Web began several years ago. Bad actors have been aware that other secure communications options were Job One for years. My thought is that this story in interesting, just not focused on what is actually further consumerizing criminal behavior. The action has shifted, and the US may not be the leader in making sense of the new types of communications traffic.
Stephen E Arnold, July 9, 2021
Microgoof of the Day: The Print Thing
July 9, 2021
I read “Microsoft’s Emergency PrintNightmare Pat Doesn’t actually Fix the Issue.” If this article is correct, it warrants a honk from the Beyond Search goose. The story was the inspiration for an irregular series of posts to be called “Microgoof of the Day.” The write up says without any stand up comedy joke writer:
…there are reports of new proof-of-exploit code that circumvents the fix altogether.
Well, well, well.
The write up nods to another publication with this passage:
Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch. “They did not test it for real,” Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”
Weird from Microsoft? Hmmm.
Regardless of who’s right or wrong, PrintNightmare is a hoot in some circles. In others, maybe not so much. That’s the microgoof for you.
Stephen E Arnold, July 9, 2021
Want to Cash In on the TikTok AI?
July 8, 2021
If you want to license the artificial intelligence which chainsaws away IQ points, you can. The vendor is a company called BytePlus, and, yes, it is an official source of the TikTok goodness. Just bring cash and leave your concerns about having data from your use of the system and method winging its way to the land that won over Marco Polo.
“ByteDance Starts Selling TikTok’s AI to Other Companies” states (if you pay up to read the original write up in the weird orange newspaper):BytePlus offers businesses the chance to tap some of TikTok’s secret ingredient: the algorithm that keeps users scrolling by recommending them videos that it thinks they will like. They can use this technology to personalize their apps and services for their customers. Other software on offer includes automated translation of text and speech, real-time video effects and a suite of data analysis and management tools.
Just think you can hook your prospects on short videos about such compelling subjects as enterprise search, the MBA life, personnel management at Google, and cooking on a burning Tesla Plaid.
Stephen E Arnold, July 8, 2021
Microsoft and LinkedIn: How about That Security?
July 2, 2021
I spotted an interesting and probably made up post titled “New LinkedIn Data Leak Leaves 700 Million Users Exposed.” Isn’t this old news? I must be thinking about the 500 million names scraped earlier this year. (See “Reported LinkedIn Data Breach: What You Need to Know,” please.)
The write up states:
Since LinkedIn has 756 million users, according to its website, this would mean that almost 93% of all LinkedIn users can be found through these records.
I am eagerly awaiting Microsoft’s explanation. Will it be 1,000 programmers? Russia? China? A flawed update?
Excuses: Microsoft has offered a few. Is ineptitude in the quiver of rhetorical arrows? Perhaps it was an illusion?
Stephen E Arnold, July 2, 2021
DarkCyber for June 29, 2021, Now Available: Operation Trojan Shield Provides an Important Lesson
June 29, 2021
DarkCyber 13 discusses the Operation Trojan Shield sting. You can view the video at this link. The focus is on three facets of the interesting international takedowns not receiving much attention. The wrap up of the program is a lesson which should be applied to other interesting mobile device applications. If you are wondering how useful access to app data and its metadata are, you may find this 11 minute video thought provoking. DarkCyber is a production of Stephen E Arnold, a semi-retired consultant who dodges thumbtypers, marketers, and jargon lovers. Remember: No ads and no sponsors. (No, we don’t understand either but he pays our modest team like clockwork.)
Kenny Toth, June 29, 2021
Another Friday, More Microsoft Security Misstep Disclosures
June 28, 2021
I think Microsoft believes no one works on Friday. I learned in “Microsoft Warns of Continued Attacks by the Nobelium Hacking Group” that SolarWinds is the gift that keeps on giving. Microsoft appears to have mentioned that another group allegedly working for Mr. Putin has been exploiting Microsoft software and systems. Will a “new” Windows 11 and registering via a Microsoft email cure this slight issue? Sure it will, but I am anticipating Microsoft marketing jabber.
The write up states:
The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyber attack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks. Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.
The applause sign is illuminated.
I spotted this remarkable statement in the write up as well:
It’s possible that successful attacks went unnoticed, but for now it seems Nobelium’s efforts have been ineffective.
Wait, please. There is more. Navigate to “Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco.” This smoothly executed maneuver from the Windows 11 crowd prompted the write up to state:
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.
This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.
The write up concludes:
This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates.
Amazing. The reason cyber crime is in gold rush mode is due to Microsoft in my opinion. The high tech wizards in Redmond can do rounded corners. Security? Good question.
Stephen E Arnold, June 28, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
