August 1, 2023
- CYBERSECURITY HEADLINES TODAY -
Déjà vu-lnerability - What is Old can be a Zero-day Again
Android Messaging Spyware App Steals Signal and WhatsApp Data
France balks at Worldcoin
China Misinformation
This Day, August 1 in Tech History
In this Episode:
Marcel Brown: August 1st, 1981. MTV, presumably standing for “Music Television,” launches on cable TV. As most people know, after the introduction sequence, the first video played was “Video Killed the Radio Star” by The Buggles. However, a bit of trivia is that the second song played was “You Better Run” by Pat Benatar.
Edwin Kwan: Researchers from Google’s Threat Analysis Group released a review report of zero-day vulnerabilities that were exploited in the wild in 2022. A total of 41 zero-day vulnerabilities were detected and disclosed that year. This is a 40% decrease from the previous year, which had 69 detected zero-day vulnerabilities.
Ian Garrett: SafeChat is anything but safe. The spyware app is being used by hackers to steal sensitive user data. Researchers at CYFIRMA have discovered that this malicious app is suspected to be a variant of the infamous ” Coverlm” spyware, known for targeting popular communication apps like Signal, WhatsApp, and Telegram.
Katy Craig: Imagine walking into a sign-up location and encountering a shiny, futuristic sphere scanning your face like something out of Star Trek. That’s exactly what’s happening at various Worldcoin locations across the globe. It seems to be working, as they’ve already attracted 2.1 million users.
But not everything is smooth sailing for Worldcoin.
Hillary Coover: A Chinese marketing firm with connections to Chinese government actors has been involved in an influence campaign aimed at improving Beijing’s image abroad. Who cares? Doesn’t every government do this?
From Sourced Network Productions in Washington, DC, it’s 5:05. I’m Hillary Coover. Today is Tuesday, August 1st, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.
Edwin Kwan: Déjà vu-lnerability – What is Old can be a Zero-day Again
This is Edwin Kwan from Sydney Australia.
Researchers from Google’s Threat Analysis Group released a review report of zero-day vulnerabilities that were exploited in the wild in 2022. A total of 41 zero-day vulnerabilities were detected and disclosed that year. This is a 40% decrease from the previous year, which had 69 detected zero-day vulnerabilities.
While the downward trend may be comforting, the report said that 40% of those zero-days in 2022 were variants of vulnerabilities that had already been reported. The researcher said the lack of complete patching is sometimes the cost of the variant zero-day vulnerabilities. This can happen when vendors address only the attack path shown in the proof of concept or exploit sample, rather than fixing the vulnerability as a whole. Similarly, security researchers often report bugs without following up on how the patch works and exploring related attacks.
Recommendations for how to improve are for the industry to get fixes and mitigations to users quickly, perform detailed analysis to ensure the root cause is addressed, and share as much technical details as possible.
Resources
– The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
– Google: More than 40% of zero-days in 2022 were variants of previous vulnerabilities
Ian Garrett: Android Messaging Spyware App Steals Signal and WhatsApp Data
SafeChat is anything but safe. The spyware app is being used by hackers to steal sensitive user data. Researchers at CYFIRMA have discovered that this malicious app is suspected to be a variant of the infamous ” Coverlm” spyware, known for targeting popular communication apps like Signal, WhatsApp, and Telegram.
Hey folks, this is Ian Garrett in Arlington, Virginia.
The group behind this campaign has been identified as the Indian APT hacking group, Bahamut, and their latest mode of attack involves spear-phishing messages sent via WhatsApp, delivering the harmful payloads directly to their victims. Interestingly, this group has been previously linked to another Indian state-sponsored threat group, known as DoNot APT, which has infested Google Play with fake chat apps designed as spyware.
The SafeChat app operates deceptively. With a convincing user interface that mimics a legitimate chat app, victims are lured into installing the app, often under the pretext of enhancing security. Once installed, the spyware gains permissions to access accessibility services, exploiting them to automatically acquire additional permissions. This allows a spyware to gain access to the victim’s contacts, call logs, SMS, GPS location, and more. To evade detection, the stolen data is encrypted using schemes like RSA, while a “letsencrypt” certificate is used by the attackers to avoid interception of network data.
This latest campaign by the Bahamut group targets individuals in South Asia, posing a significant threat to use of privacy and data security. To protect yourself, be cautious when installing unfamiliar apps and always verify the legitimacy of apps and the permissions they request.
Resources
–Hackers steal Signal, WhatsApp user data with fake Android chat app
Katy Craig: France balks at Worldcoin
Last Friday, I reported on the launch of Worldcoin, with its unique operating model that requires users to exchange iris scans for a digital ID and, in some cases, free cryptocurrency. Privacy watchdogs worldwide are squinting at this new approach.
This is Katy Craig in San Diego, California.
Imagine walking into a sign-up location and encountering a shiny, futuristic sphere scanning your face like something out of Star Trek. That’s exactly what’s happening at various Worldcoin locations across the globe. It seems to be working, as they’ve already attracted 2.1 million users.
But not everything is smooth sailing for Worldcoin. France’s privacy watchdog, CNIL, is waving the yellow flag, and the legality of this data collection method is under scrutiny. They find the data collection and storage conditions questionable. Britain’s data regulator is also taking an interest in the project and making inquiries. The CNIL is collaborating with the Bavarian State Authority in Germany to investigate even further.
In defense of Worldcoin, the foundation claims to prioritize individual privacy. They assert having built a robust privacy program and being compliant with all laws and regulations. The entity, based in the Cayman Islands, and known as the “Steward of the Worldcoin Protocol,” is determined to cooperate with governing bodies.
So in a world where data is the new gold, remember to be cautious about where you share yours. Even in the cyber world, all that glitters is not crypto.
This is Katy Craig. Stay safe out there.
Resources
– France’s watchdog questions legality of Worldcoin biometric data collection | Reuters
– Worldcoin
– Worldcoin’s official launch triggers swift privacy scrutiny in Europe | TechCrunch
Hillary Coover: China Misinformation
A Chinese marketing firm with connections to Chinese government actors has been involved in an influence campaign aimed at improving Beijing’s image abroad. Who cares? Doesn’t every government do this?
Hi, this is Hillary Coover reporting from Washington, DC.
In this case, Haixun Press spread misinformation. The firm utilized a newswire distribution called CloudQuote.io to place these articles on various financial news subdomains. Though the articles have not gained significant viewership compared to China’s state media presence on social media, they contribute to the Chinese government’s efforts to reshape its international image and undermine its critics.
Haixun Press has previously been associated with a network of inauthentic news sites, but this is the first time their content has appeared on legitimate US news websites. The firm claims to have worked with over 150 clients, including the Chinese government departments, police, and state media, providing public opinion management services to government agencies.
When approached with questions about the Haixun content, some news outlets like the Arizona Republic and Pittsburgh Post Gazette redirected visitors away from those pages. The Haixun-linked articles cover a wide range of topics, but they consistently highlight China’s achievements while criticizing American culture, politics, and policies.
In recent years, Chinese misinformation efforts have increasingly focused on countering negative narratives about Beijing abroad. The Chinese government allocates budgets to promote their image internationally, including positive mentions in foreign media and inauthentic social media activity, often enlisting the help of bots, to maximize effectiveness.
Stay vigilant when consuming news out there.
Resources
– https://www.wsj.com/articles/california-privacy-agency-opens-probe-into-private-data-collected-by-cars-d17ec917?page=1
– Pro-China influence campaign infiltrates U.S. news websites – The Washington Post
Marcel Brown: This Day, August 1 in Tech History
This is Marcel Brown serving you up some technology history for August 1st.
August 1st, 1981. MTV, presumably standing for “Music Television,” launches on cable TV. As most people know, after the introduction sequence, the first video played was “Video Killed the Radio Star” by The Buggles. However, a bit of trivia is that the second song played was “You Better Run” by Pat Benatar. MTV had an immediate impact on the music industry and was an iconic symbol of the technology-driven 1980’s.
August 1st, 1986. Apple discontinues production of the Macintosh XL, effectively ending the life of the Apple Lisa computer platform.
In January of 1985, the Macintosh line of computers was gaining momentum but the Lisa was not selling well. In order to salvage what they could from the Lisa and offer a more powerful Macintosh computer, Apple created the Macintosh XL model by modifying a Lisa 2/10 computer to run the Macintosh operating system.
Apple discontinued the Lisa in April of 1985, but continued production of the hybrid Lisa and Mac Macintosh XL until this date.
That’s your technology history for today. For more, tune in tomorrow and visit my website thisdayintechhistory.com.
Resources
– http://thisdayintechhistory.com/078/01
Hillary Coover
That’s our update for today, August 1st, 2023. I’m Hillary Coover. We’ll be back tomorrow, at 5:05.