FFT news digest Jan 4 2019

Predictions, predictions...

Amid the torrent of forecasts for 2019, here are some key issues we think are worth your attention.
   > 2018 saw two-factor authentication (2FA) being targeted successfully and a rise in such attacks is likely. 2FA should be used wherever possible, but precautions against phishing remain essential.        
   > We expect renewed public attention on GDPR as the first big fines are announced under the EU's data protection regulation. This is likely to increase the number of Subject Access Requests being submitted.
  > Finding insecure Internet-connected devices is easy (see 'Routers' below). Even if their firmware can be updated, usually it isn't. That equation makes them an irresistible and growing target.
  > More data will be leaked because of insecure cloud storage. A good way to begin the new year would be to audit all locations where data is stored. The maker of the Blur password manager probably wish they'd done this (see below).
  > Supply chain risks will rise in importance as organisations appreciate the role of third parties in data breaches.
  > Fileless malware was an increasing threat in 2018 and the trend will continue. These attacks defeat traditional signature-based security tools so behavioural-based solutions will rise in popularity.

Facebook tracking

More evidence of the extent of Facebook tracking has emerged, with research showing that popular Android apps, including Skyscanner and TripAdvisor, send it data without user consent. Privacy International examined 34 apps and found 23 of them transmit data as soon as they're opened, before a user can provide permission. The information includes a unique Google ID that can be used to track a user's internet activity. The data transmission takes place regardless of whether or not the user has a Facebook account and, in the case of the Kayak travel app, it included details of every flight search. Privacy International questions whether such behaviour is permitted under EU data protection rules. Facebook responded by saying it was working on "a suite of changes", including its Clear History tool. 

Lock up your router

Two hackers have highlighted the risk of incorrectly-configured routers by hijacking thousands of Internet-connected TVs. The hackers - who now appear to have ceased their antics - exploited routers which were configured to open specific ports to the internet. Smart TVs and other Internet-connected devices use these ports so they can be managed by other devices on the same network. But, unless care is taken, they can also expose the device to the Internet and they can then be identified using a simple search tool. Routers have become a popular target for attackers because, once installed, they are seldom touched unless they go wrong. To mitigate this risk, it's essential to make sure their firmware is kept up to date and to change any default passwords. You can use this tool to check whether 'uPnP' is set up correctly on your router. If it isn't, you should check your manufacturer's website for advice on what to do.

Lawful hacking

The importance of firmware security has been illustrated by research into how a malicious software tool infects Windows PCs. Speaking at the Computer Chaos Club conference, ESET researcher, Frederik Vachon, explained how the tool hijacks a vulnerable driver which is loaded when the machine starts up. ESET has linked the software, dubbed LoJax, to the Fancy Bear hacking group which UK security officials have connected to the Russian government. LoJax was first revealed last September after ESET found it on a customer's machine. The tool is usually delivered as part of a targeted (spearphishing) email and, once installed, is extremely difficult to remove. ESET has urged users to make sure Windows devices are configured to use Secure Boot. This is easy to enable and most PC manufacturers provide instructions on their website.

Internet control

Bangladesh and the Democratic Republic of Congo (DRC) restricted Internet connectivity in connection with elections in the countries, in a growing trend towards shutting down communications at sensitive times. In Bangladesh, the Telecommunication Regulatory Commission said high speed mobile coverage was halted "to prevent rumours and propaganda surrounding the vote." There was no official announcement in the DRC where mobile and broadband Internet was affected, but a presidential adviser told Reuters that Internet and text messaging services would remain offline until the publication of full election results on January 6. Figures from digital rights group, Access Now, show the number of Internet shutdowns rose from 108 in 2017 to 188 last year. In Africa and Asia especially, it's clear that it is not possible to rely on connectivity that is supplied and controlled locally.

In brief

An ongoing phishing campaign pretends to be a security alert from American Express. Bleeping Computer says it tries to lure victims into filling in an attached form that sends the contents to the fraudsters.

ISIS supporters have been hijacking dormant Twitter accounts to spread propaganda. TechCrunch reports they're exploiting a legacy issue which meant that Twitter didn't verify email addresses when an account was created.

Users of the Blur password manager have been advised to change their passwords after customer information was exposed due to misconfigured Amazon storage.

Cisco Talos has identified vulnerabilities in MacPaw’s CleanMyMac X software which is used to free up space on MacOS machines. Users are advised to update to the latest version.

Adobe has issued security updates for Adobe Acrobat and Reader. They address critical vulnerabilities in the Windows and MacOS versions.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved