SCCCCyber: April 2022

Thursday, April 28, 2022

New Ability to request removal of Personally Identifiable Information from Google Search Results

We addressed doxxing in a cyber security presentation recently.

To help stem the tide, Google now provides a request page for users to submit for review and perhaps removal of any PII that contains too much PII.

"Google may remove personally identifiable information (PII) that has potential to create significant risks of identity theft, financial fraud, harmful direct contact, or other specific harms,"

"This includes doxxing, which is when your contact info is shared in a malicious way."

The link to the request page:

https://support.google.com/websearch/answer/9673730

Wednesday, April 27, 2022

MUST UPDATES for Java

We will cover this in more detail in the Cyber Security SIG presentation May 5, 2022.

A very recently discovered vulnerability in all recent Java versions allows attackers to create forged SSL certificates, signed JASON WEB Tokens, encrypted handshakes, WebAauth authentication messages, and more. A vulnerability akin to the Doctor Who blank IDentity card.

The vulnerability was fixed in the April 2022 Critical Patch Update.

Probably not something you need to address as a coder, BUT you should be aware that most of ecommerce needs to address and you need to be aware of.

Tuesday, April 26, 2022

Apple Beta

Apple released beta 3 for most devices today April 26, 2022

Microsoft Windows Cumulative Update Previews available today April 26

At times Microsoft will release Windows cumulative previews to the public as a preview for Microsoft Patch Tuesday due May 10.

Windows 10 has cumulative update

KB5011831

Windows 11 has cumulative update

KB5012643

Both update previews have more detail by viewing the Knowledge Base (KB) article on the Microsoft site.

NOTE: This cumulative update preview is reported to cause some problems/issues:

Safe Mode may cause screen flicker - Safe Mode without Networking.

Some also report very long boot times.

Microsoft has addressed this via known issue Rollback.

This should be addressed by the May 10 Microsoft Patch Tuesday.

UPDATE: Release today (May 2) Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11 x64

Monday, April 25, 2022

Android Remote Execution Flaw

No vulnerability is a good thing, but a remote execution flaw a really bad thing.

Remote execution means the attacker can cause the attacked device to run any code the attacker provides.

For android devices - phones, tablets, streaming devices, and others being able to capture and send files to the attackers, turn on camera and/or microphone without the owner's awareness, even take complete control of the device are possible. Once an attack is constructed it can and often is used by any/everyone.

Most android devices use MediaTek or Qualcomm chips to decode audio files. A recently discovered flaw allows a remote execution flaw to be exploited. Using an android device for financial applications could thus be dangerous.

Some android device manufacturers have recently updated their platforms to address this flaw.

Android version 12 is the recent version. Older devices may not be able to update to android version 12.

To check your android version perform these steps (or similar)

Open Settings

Choose System > System update

This flaw is making several news outlets so attacks are on the increase.

The most common attack used: tricking the user to play an audio file with the exploit.

Saturday, April 23, 2022

FDIC - The Final Rule

Until recently the FDIC had no requirement for a banking organization to report a cyber incident.

The new regulation titled The First Rule states any banking organization must notify their primary federal regulator of any significant cyber security incident as soon as possible, but no later than 36 hours after the banking organization has determined that a cyber incident has occurred.

So until now (the regulation went into effect April 1, 2022 with compliance by May 1, 2022) banks had no such requirement.

The cyber attributes for such notification:

An incident has materially affected, or is likely to materially affect, the viability of a banking organization’s operations
The banking organization cannot deliver its usual banking products and services to customers
The incident has the ability to affect the stability of the financial sector

If the incident is materially affected or likely to affect the organizations customer base for four or more hours then customers must also be notified.

Banks will need to address how to comply with The First Rule.

The First Rule does not address when a customer has a cyber incident due to their actions.

Wednesday, April 20, 2022

CISA Joint Advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure April 20, 2022

Tuesday, April 19, 2022

FAKE Microsoft Windows 11 Update web page loads Malware

If your machine can not load Microsoft Windows 11 or you have to pay a license fee - This add may tempt you to Download Now.

Please do not. The download steals information and cryptocurrency wallets.

You get the URL for the above download page as a result of poisoned search results.

A lot of effort went into making the web page look real. A lot of effort will be needed by you to recover your machine, information and crypto currency wealth.

The new malware called Inno Stealer.

The malware disables registry security, adds Defender exceptions, uninstalls security products, and deletes shadow volumes.

As it is with any update/upgrade process, it is best to always use the vendor's site for updates/upgrades.

Sunday, April 17, 2022

Shields Up A 60 minutes Episode April 17, 2022

I had a good career as a cyber engineer for some critical infrastructure enterprises. Decades ago we defended against cyber actors seeking the advantage for the fifth domain.

Now with a kinetic war increasing political and cultural conflict, the potential for cyber warfare increases as well.

A series of seminars in given on the Cyber Security SIG website under MEETING NOTES - SEMINARS.

On a CBS 60 minutes episode tonight the "Shields Up" warning was given yet again The Cyber Security SIG's mission to raise awareness, preparedness, and understanding can now add the urgency to prepare. Not panic, prepare.

A link to the Shields Up episode is given here.

Saturday, April 16, 2022

YET ANOTHER Critical Chrome Update

Seems like yesterday you updated your Chrome browser version on all your devices.

For your Internet safety you should do the update once again.

The update addresses vulnerabilities actively being exploited now.

Current Chrome version:

Version 100.0.4896.127 (Official Build) (64-bit)

Wednesday, April 13, 2022

Microsoft 0-day Tarrask Using scheduled tasks for stealth and persistence

Microsoft has announced recent detection of a state sponsored actor HAFNIUM using an unpatched vulnerability to exploit scheduled tasks to compromise Windows environments via scheduled tasks.

The scheduled tasks are "hidden" due to a registry setting. Subsequent actions hide the scheduled task artifacts and provide persistence across reboots.

For more information see this Microsoft article.

Monday, April 11, 2022

A newer Android Banking Trojan

April 11, 2020

A new Android banking trojan has capabilities that enables it to take over calls to a bank's customer support number - with the official logo and customer support number.

The trojan is called Fakecalls. No real magic, the app seeks permissions to contacts, microphone, camera, geolocation and call handling.

The bank's pre-recorded message sounds just like the bank's own because it is the bank's own.