Cyber Bakery Chronicles

Keeping Up with Cybersecurity News with CyberBakery.net....Your Weekly Update

Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (18 October 2024)

·    North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

·       Internet Archive Hack Exposes Data of 31 Million Users

·       Australian Government Introduces Sweeping Cybersecurity Bill

·       Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads

·       iPhone Mirroring at Work Exposes Private App Data to Employers


North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/

Job seekers in the tech industry beware! North Korean hackers are launching a sophisticated cyberattack campaign disguised as legitimate job interviews.

This ongoing campaign, dubbed "Contagious Interview" by Palo Alto Networks Unit 42, targets software developers through job search platforms. Attackers pose as prospective employers, inviting victims to participate in online interviews. During the interview, they attempt to trick the developer into downloading and installing malware.

The malware, a combination of BeaverTail and InvisibleFerret, targets both Windows and macOS machines. BeaverTail acts as an initial downloader and information stealer, while InvisibleFerret establishes a persistent backdoor for remote control.

Security researchers have observed malicious applications disguised as video conferencing software, like MiroTalk and FreeConference.com, used to deliver the malware. These applications are even built using a cross-platform framework, allowing them to infect both Windows and macOS devices.

The malware's capabilities are particularly concerning. BeaverTail can steal browser passwords, harvest data from various cryptocurrency wallets, and download additional tools for remote access. InvisibleFerret further extends the attacker's reach by enabling keylogging, data exfiltration, and even installation of remote desktop software like AnyDesk.

Experts believe this campaign is likely financially motivated. North Korea is known to conduct cyberattacks to generate funds for the regime. The malware's ability to steal cryptocurrency wallet information aligns with this theory.

Job seekers are advised to remain vigilant when applying for positions online. Here are some tips to avoid falling victim to this scam:

·       Be wary of unsolicited interview requests, especially those offering unrealistic benefits.

·       Research the company before the interview. Verify their legitimacy and contact information.

·       Never download or install software at the request of a potential employer during an interview.

·       Use strong, unique passwords for all online accounts, including job search platforms.

By following these precautions, tech professionals can protect themselves from falling victim to this cunning cyberattack.


Internet Archive Hack Exposes Data of 31 Million Users

https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/

The Internet Archive, a non-profit organization known for its massive digital library "The Wayback Machine," has suffered a major data breach impacting over 31 million users.

The breach was first discovered after visitors to the archive.org website encountered a Javascript alert from the hacker claiming a successful attack. Stolen user data, including email addresses, usernames, password change timestamps, and bcrypt-hashed passwords, was confirmed by security researcher Troy Hunt, who runs the Have I Been Pwned (HIBP) data breach notification service.

The size of the stolen data file is estimated to be 6.4GB and was named "ia_users.sql." The most recent record timestamp suggests the breach occurred on September 28th, 2024.

Troy Hunt verified the legitimacy of the data by contacting users listed in the database, including cybersecurity expert Scott Helme. Scott confirmed a match between his password stored in a password manager and the bcrypt-hashed password found in the leaked data. Additionally, the timestamp in the leaked data aligned with the date Helme last changed his password.

Troy Hunt attempted to contact the Internet Archive regarding the breach but has not received a response. The organization was previously targeted by a DDoS attack earlier this week, claimed by the BlackMeta hacktivist group. Whether the DDoS attack and the data breach are connected is currently unknown.

The severity of the breach lies in the potential compromise of user passwords. While bcrypt hashing makes it difficult to crack passwords directly, hackers could attempt techniques like "rainbow table" attacks or brute force methods to gain access to user accounts.

Here's what Internet Archive users can do:

·       Change your password immediately:Create a strong, unique password for your Internet Archive account and any other account where you might have used the same password.

·       Enable two-factor authentication (2FA): If available, activate 2FA on your Internet Archive account to add an extra layer of security.

·       Monitor your email for breach notifications: Keep an eye on your inbox for messages from HIBP or the Internet Archive regarding the breach. You can also visit the HIBP website and enter your email address to check if your data was compromised.

The Internet Archive has yet to publicly acknowledge the breach. This incident highlights the importance of strong password management and the need for organizations to prioritize data security.


Australian Government Introduces Sweeping Cybersecurity Bill

https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r7250

The Australian government has unveiled a comprehensive cybersecurity bill aimed at bolstering national defenses against cyberattacks and ransomware threats.

The Cyber Security Bill 2024, introduced by Cyber Security Minister Tony Burke, outlines a series of legislative reforms, including:

·       Mandatory Ransomware Reporting:Businesses that pay ransomware attackers will be legally obligated to report the incident to the government. This data will be crucial in understanding the scope of the ransomware threat and developing targeted solutions.

·       Limits on Information Sharing: To encourage businesses to report ransomware incidents, the bill restricts how the National Cyber Security Coordinator and the Australian Signals Directorate (ASD) can use or share this information. This aims to address concerns about intelligence agencies hindering incident response efforts.

·       Security Standards for Smart Devices:The bill will establish mandatory cybersecurity standards for smart devices, aiming to address the current lack of basic security protections in these increasingly popular products.

·       Independent Cyber Incident Review Board: Inspired by the US Cyber Safety Review Board, a new independent board will review significant cyber incidents like the recent Optus, Medibank, and MediSecure breaches. The board's findings will be used to improve organizational practices and prepare for future attacks.

·       Strengthening Critical Infrastructure Security: The Security of Critical Infrastructure Act (SOCl) will be updated to empower regulators to compel critical infrastructure entities to address serious security deficiencies. The act's coverage will also broaden to include secondary assets and data systems associated with critical infrastructure, along with an "assistance framework" to handle non-cyber incidents impacting these systems.

Minister Burke emphasized the urgency of these reforms, highlighting the financial burden of ransomware on Australian businesses and the national security risks posed by cyberattacks.

The bill also streamlines the regulatory environment by transferring obligations for telecommunications asset owners from the Telecommunications Act to the SOCl Act.

The proposed legislation reflects the Australian government's commitment to becoming a global leader in cybersecurity by 2030. The bill is expected to face further discussion and potential amendments before becoming law.


Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads

https://democraticmedia.org/publishings/streaming-television-industry-conducting-vast-surveillance-of-viewers-targeting-them-with-manipulative-ai-driven-ad-tactics-says-new-report

https://democraticmedia.org/assets/cdd-ctv-report-oct24-1.1.pdf

A new report by the Center for Digital Democracy (CDD) paints a bleak picture for consumer privacy in the era of smart TVs. Entitled "How TV Watches Us: Commercial Surveillance in the Streaming Era," the report exposes the extensive "commercial surveillance system" embedded within Smart TVs (CTVs) and video streaming services.

Key Findings:

·       CTV Tracking Mirrors Online Abuses: The report highlights how CTV platforms have adopted the same data-driven targeting methods used by social media and online advertising, raising concerns about compromised privacy and potential manipulation.

·       Personalized Ad Blitz: CTV viewers are bombarded with ads personalized through methods like cookieless IDs, identity graphs that combine data across devices, Automatic Content Recognition (ACR) that analyzes on-screen content, and AI-powered ad targeting based on emotional analysis.

·       Free Isn't Free: Free Ad-Supported TV (FAST) channels like Tubi were called out for using "enhanced product placement" tactics, essentially weaving advertising directly into programming to target individual viewers.

The report criticizes the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) for failing to adequately address these concerns despite past knowledge. The CDD cites the FTC's 2016 Smart TV Workshop and a 2017 settlement with Vizio for collecting detailed viewing data as evidence. Additionally, academic research presented at the FTC's 2021 PrivacyCon further documented the pervasiveness of tracking on Smart TVs.

The report acknowledges that consumers often struggle to understand or control privacy settings on their smart TVs. Furthermore, the influence of data brokers who spend heavily on lobbying efforts is seen as an obstacle to enacting stricter privacy regulations.

The CDD has submitted the report to the FTC, FCC, California privacy regulators, and California Attorney General Rob Bonta, urging them to tackle the issue of CTV privacy violations. While acknowledging past inaction, the CDD expresses some hope that the growing scale of CTV practices and adtech's invasive methods might prompt a response from regulators.

The lack of a federal data privacy law in the US creates an environment where consumers' privacy rights remain vulnerable. Whether the CDD's report and the recent FTC report on social media data collection will spur lawmakers and regulators to act remains to be seen.


iPhone Mirroring at Work Exposes Private App Data to Employers

https://www.sevcosecurity.com/iphone-mirroring-expose-employee-personal-information/

iPhone users working from home are warned about a potential privacy risk associated with iPhone Mirroring. This feature, designed for wirelessly projecting iPhone content onto a Mac, could inadvertently expose sensitive app data to employers.

iPhone Mirroring, available with macOS 15 Sequoia, iOS 18, and Apple Silicon devices, allows a connected iPhone to display content, run apps, and receive notifications on a Mac. Security researchers at Sevco Security discovered a flaw that allows employers using a work-issued Mac to access a list of personal apps installed on an employee's iPhone through a simple terminal command.

This exposed list could include apps related to:

·       Dating (revealing sexual orientation or location-based preferences)

·       Health (unintentionally disclosing medical conditions)

·       VPN usage (potentially raising concerns in internet-restricted regions)

·       Other sensitive applications users might prefer to keep private

This unintentional data leak could have personal and professional ramifications, impacting privacy and potentially creating legal issues depending on the app usage and local regulations. In addition, for employers, unknowingly collecting such data could violate privacy laws and lead to lawsuits or regulatory action.

Recommendations:

·       Employees should avoid using iPhone Mirroring on work computers until the security issue is resolved.

·       Companies should:

o   Warn employees about the risk and advise against using iPhone Mirroring at work.

o   Contact any third-party vendors collecting software inventory on Macs to ensure employee privacy is protected.

iPhone Mirroring offers a convenient way to extend iPhone functionality onto a Mac. However, until the current privacy concerns are addressed, users, particularly those working remotely, should exercise caution when using this feature on work computers.