SAN MATEO, CA, September 30, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
Mozilla tracks Firefox user data without consent
A complaint filed by Vienna-based privacy advocacy group None Of Your Business (noyb) alleges that Firefox developer Mozilla has enabled a new feature called Privacy Preserving Attribution (PPA) without seeking user consent to do so. The feature, which is enabled by default, allows Firefox to “acts as a middleman that stores information about the different categories that users can be slotted into based on their internet browsing patterns.” Mozilla then sends those findings to advertisers in the form of “aggregate information that answers basic questions about the effectiveness of their advertising.” Noyb takes issue with this, as it is a violation of the European Union’s data protection regulations to have such a feature enabled by default without asking for explicit permission. In a statement that does no favors to Mozilla, a Mastodon post by a developer at the company defends the company’s sidestepping of user consent by insinuating that users wouldn’t be able to make an “informed decision” regarding their personal data and that “explaining a system like PPA would be a difficult task.” In response, Felix Mikolasch, data protection lawyer at noyb, said “it’s a shame that an organization like Mozilla believes that users are too dumb to say yes or no.” Read more.
Kansas water treatment facility hit with cyberattack
Arkansas City in Kansas has had its water treatment plant hit with a cyberattack that resulted in a switch to manual operations. City officials report that they have alerted the proper authorities of the attack and that Homeland Security and the FBI have begun an investigation into the incident. City officials also assure residents that drinking water and other services were not impacted by the attack and remain safe, although water pressure may be low as problems with the plant’s pumps are being addressed. Water treatment facilities across the U.S. are seen as having a high degree of vulnerability to cyberattacks. Many of their processes are automated and budgets don’t allow for modernization in many towns and cities around the country. The White House and the U.S. Environmental Protection Agency (EPA) have issued warnings throughout 2024 to call attention to this issue, with the EPA posting guidance to assist the operators of such systems in evaluating and strengthening their cybersecurity just one day before the attack. Read more.
Generative AI is malign influence but not revolutionary
U.S. intelligence officials have reported that the use of generative AI in Chinese, Russian, and Iranian influence campaigns has not yet been effective at evading detection leading them to describe machine learning models as a “malign influence tool” as opposed to a revolutionary one. “The risk to U.S. elections from foreign AI-generated content depends on the ability of foreign actors to overcome restrictions built into many AI tools and remain undetected, develop their own sophisticated models or strategically target and disseminate such content,” said a senior Office of the Director of National Intelligence official. “Foreign actors are behind in each of these three areas.” While officials continue to monitor advances and improvements in this technology, bad actors have yet to adequately adapt their methods or systems to keep up with advances in detection techniques and many are still turning to media manipulation methods that don’t rely on AI at all. For example, a high profile piece of manipulated content spread by Russian influencers in which Kamala Harris is shown to be involved in a hit-and-run car accident was created using paid actors as opposed to algorithms. Read more.
Telegram to cooperate with authorities
In a dramatic turnaround, Telegram has updated its Terms of Service and Privacy policy to state that if the platform “receives a valid order from the relevant judicial authorities that confirms you’re a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities.” Telegram has historically refused to moderate its users and content which has caused it to become a hotbed of cybercrime and illegal activity to the point that the company’s CEO Pavel Durov was arrested in France for allegedly allowing crime to thrive on the platform. Durov has been released on bail but is unable to leave France as the country’s investigation into Telegram continues. It would appear that his brush with the law has resulted in a change of philosophy for Durov. “Accompanying the changes is an update to [Telegram’s] search feature to remove problematic content from search results and a new mechanism for users to report illegal search terms and material.” Read more.
OpenAI’s press account on X hacked
OpenAI’s press account on X has been hacked with the threat actors responsible using it to advertise a fake cryptocurrency called $OPENAI. The post says that “All OpenAI users are eligible to claim a piece of $OPENAI’s initial supply. Holding $OPENAI will grant access to all of our future beta programs” and contains a link that leads to a phishing site that looks like OpenAI’s official page but with a “CLAIM $OPENAI” button added as a lure. This marks the third time this year that accounts affiliated with OpenAI have been hijacked to peddle fake tokens and steal crypto from the wallets of unsuspecting victims. In 2023 alone, Americans lost $5.6 billion to crypto scammers and more than 50,000 scams have been reported in the first half of 2024. Read more.
Updated Octo Android malware available in the wild
The Octo Android banking trojan has a new version in the form of “Octo2” that “features better operational stability, more advanced anti-analysis and anti-detection mechanisms, and a domain generation algorithm (DGA) system for resilient command and control (C2) communications,” according to researchers at ThreatFabric. Octo was leaked earlier this year, leading researchers to believe that this new version has been released by the developer to generate interest and reinvigorate sales of the malware. Octo2 has mostly been launched through Europe thus far, hiding within fake NordVPN and Google Chrome apps. Octo2 has yet to be found on the Google Play store, with researchers believing it is being spread through third-party app marketplaces. Read more.
Biden administration proposes a ban on Chinese smart cars
Citing the national security risk posed by internet-connected vehicles, the White House has unveiled a proposal that would ban Chinese smart cars in the US. The proposed ban would also prohibit the use of any Chinese software and hardware that powers smart systems in American cars. The rule would give automakers a year to make sure that their connected vehicle software has no affiliation to China and four years to remove China-linked hardware from their cars and trucks. The concerns center around the amount of driver and passenger data that connected cars are able to collect and store as well as the plethora of cameras on them that could be used to record information about specific locations, people, and infrastructure throughout the country. The proposed ban follows similar motions against Huawei, ZTE, and TikTok. Read more.
UK pressures LinkedIn to stop training AI with user data
LinkedIn, after admitting that it had been training its AI model on users’ data without their knowledge or consent as part of an update to their privacy policy, has ceased doing so in the UK amidst privacy concerns voiced by the UK Information Commissioner’s Office (ICO). “At this time, we are not enabling training for generative AI on member data from the European Economic Area, Switzerland, and the United Kingdom, and will not provide the setting to members in those regions until further notice,” LinkedIn said. LinkedIn is not alone in this controversial maneuver, as Meta has also acknowledged that it “has scraped non-private user data for similar purposes going as far back as 2007” in order to train its own AI models. The FTC has published a report that “essentially said large social media and video streaming platforms have engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for kids and teens.” Read more.
Antivirus software deletes and replaces itself without warning
Kaspersky antivirus software has begun deleting itself from US users’ devices and replacing itself with UltraAV’s antivirus software without warning. This follows Kaspersky’s decision to exit the US market after being added to the US Entity List due to national security concerns. The transition to UltraAV, owned by Pango Group, occurred automatically, raising alarm among users who weren’t informed beforehand with some believing their device had been infected with malware. Users who attempted to uninstall the program say that it reinstalled itself after a reboot, prompting further concerns of malware infection. “If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device and you will be able to leverage all of the additional premium features,” UltraAV says on its official website. A Kaspersky employee also shared a statement on the company’s official forums, saying that it “partnered with antivirus provider UltraAV to ensure continued protection for US-based customers that will no longer have access to Kaspersky’s protections.” Read more.
Kryptina ransomware returns with a new name
Research from SentinelLabs has revealed that Kryptina, “a Ransomware-as-a-Service (RaaS) tool initially available for free on dark web forums,” has been adopted by the Mallox ransomware group. Kryptina failed to catch on in the cybercrime community but seems to have found a home in Mallox as the group has been using a modified version of it to power Linux-based ransomware attacks. Mallox v1.0, as it is called, “retains the core functionality of Kryptina while stripping its branding, signaling the commoditization of ransomware tools in the cybercrime market.” The repurposing of Kryptina sheds light on the trend of old, abandoned, or otherwise neglected tools can find a new life when employed by sophisticated threat actors. “Looking forward, we expect to see more outlier platforms like Kryptina being absorbed into the TTPs leveraged by more advanced threat actors,” says SentinelLabs. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
