Demo-lition derby: iVerify and Google clash over pixel app pitfalls.
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users’ personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Scammers Use Google to Scam Google.
Today is Friday August 16th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Google and iVerify clash over the security implications of an Android app.
Google and iVerify are clashing over the security implications of an Android app, “Showcase.apk,” found on Pixel devices. iVerify claims the app, used for in-store demos, exposes millions of devices to potential cyberattacks by allowing hackers to exploit the app to inject spyware and conduct man-in-the-middle attacks. The app runs at the system level, making it difficult for users to remove and potentially allowing the operating system to be compromised. Google, however, refutes the claims, arguing that the vulnerability requires physical access to exploit and isn’t an Android platform issue. Google is taking precautionary steps by removing the app from all supported Pixel devices, though it asserts there’s no evidence of active exploitation. iVerify criticizes Google for pushing the app without giving users the ability to remove it, warning that this creates an “untrusted ecosystem” that could have serious implications for corporate environments where millions of Android phones are in use.
CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk.
CISA has issued a warning about a critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk, which is actively being exploited. This Java deserialization remote code execution flaw allows attackers to execute commands on affected systems. While SolarWinds has released a hotfix, the company noted that exploitation requires authentication, though CISA’s quick response suggests it might have been used as a zero-day. Affected versions range from 12.4 to 12.8, and all users are urged to apply the patch, especially federal agencies, which must comply by September 5.
Yesterday, CISA issued eleven advisories addressing vulnerabilities in various Industrial Control Systems (ICS). These advisories highlight security issues in Siemens, AVEVA, and PTC Kepware products, among others. The advisories cover a range of products, including Siemens SCALANCE, SINEC, and Teamcenter Visualization, as well as AVEVA Historian Web Server and PTC Kepware ThingWorx. CISA urges users and administrators to review the advisories for technical details and recommended mitigations to protect against potential exploits.
Ransomware attacks targeting industrial sectors surge.
In the second quarter of 2024, ransomware attacks surged, nearly doubling compared to the first quarter, as hacker groups adapted and rebranded. Dragos reported that these groups increasingly targeted industrial sectors, using sophisticated tactics like zero-day vulnerabilities. Despite significant law enforcement efforts, ransomware groups such as BlackSuit (formerly Royal) and RansomHub (formerly Knight) remained resilient, exploiting the interconnected nature of IT and OT systems. The manufacturing sector was hit hardest, followed by transportation, government, and oil and gas. Dragos warns that ransomware threats will likely continue evolving, with industrial sectors remaining prime targets.
Microsoft is rolling out mandatory MFA for Azure.
Microsoft announced that multi-factor authentication (MFA) will become mandatory for all Azure sign-ins starting in late 2024. Customers can choose from various MFA methods, including push notifications, biometrics, FIDO2 security keys, and certificate-based authentication. The rollout will begin in October 2024 for Azure portal and admin centers, expanding in 2025 to other tools like Azure CLI and PowerShell. This requirement is part of Microsoft’s broader Secure Future Initiative, aiming to enhance security amid rising cyber threats. Exceptions apply to users accessing apps hosted on Azure but not signing into the Azure portal.
Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors.
Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors, advertised on cybercrime forums for $3,000 per month. According to Elastic Security Labs, this malware can steal a wide range of data, including macOS passwords, hardware and software information, keychain passwords, and data from nine different browsers such as Chrome, Safari, and Firefox. It also targets cryptocurrency wallets like Exodus and Ledger. The malware checks for signs of being analyzed and avoids systems set to Russian. While Banshee Stealer lacks advanced obfuscation, making it easier for analysts to detect, its broad data collection capabilities pose a significant threat to macOS users. The malware is typically deployed through social engineering techniques, malvertising, or trojanized applications. Despite its basic design, its focus on macOS and the extensive data it can steal make it a serious concern for cybersecurity professionals.
A popular flight tracking website exposes users’ personal and professional information.
FlightAware, a popular flight tracking website, experienced a data breach exposing users’ personal and professional information, including physical addresses, aircraft ownership, pilot status, and flight activity. The breach, discovered on July 25, 2024, resulted from a configuration error that potentially exposed user IDs, passwords, email addresses, and more. FlightAware has required users to reset their passwords and has since fixed the issue. The exposed data also included billing and shipping addresses, IP addresses, phone numbers, and partial credit card information.
San Francisco goes after websites generating deepfake nudes.
The San Francisco City Attorney’s office has filed a lawsuit against 16 websites that use AI to create non-consensual nude deepfakes, targeting women and girls. These sites, collectively visited over 200 million times in the first half of 2024, allow users to upload images of fully clothed individuals, which are then digitally “undressed” using AI tools. The lawsuit, announced by City Attorney David Chiu, accuses the sites of violating state and federal laws, including those against revenge porn and child exploitation. The complaint seeks to shut down these websites, impose civil penalties, and prevent the creation of future deepfake pornography. Chiu emphasized the serious harm these sites cause, especially as advancements in generative AI have led to a rise in “sextortion” cases. The legal action reflects growing concerns over the exploitation of women and girls through AI-generated non-consensual images, highlighting the urgent need for societal and legal solutions to combat this issue.
Joining me next is Daniel Blackford, Director of Threat Research at Proofpoint, talking about emerging tactics used by threat actors and trends in e-crime tied to nation states. We’ll be right back.
Welcome back
Scammers Use Google to Scam Google.
And finally, Scammers are pulling off the ultimate irony by targeting Google’s own products through malicious ads on Google’s search platform. According to research from Malwarebytes, these ads trick users into downloading fake versions of popular Google services like Chrome, Gmail, and more. It’s maddening—Google, the tech giant with some of the world’s most sophisticated algorithms, is struggling to keep these scams off its own search results. Despite all its resources, Google seems to be fighting a never-ending battle against scammers who use its very own tools to deceive users. It’s a frustrating reminder of how pervasive and clever online scams have become, even managing to outmaneuver the systems designed by one of the most powerful tech companies in the world. As these scams grow more sophisticated, it’s clear that even Google needs to step up its game to protect its users—and itself—from this ironic twist of fate.
And that’s the CyberWire.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.
