Technology could make fighting COVID less restrictive but privacy will take a hit


Two of the nations held up as exemplars of how to fight COVID were Taiwan and New Zealand, but the approaches were very different: One has locked down parts of its population multiple times, and the other with more experience of respiratory viruses, has avoided such approaches.

A recent academic paper published in the Journal of the Royal Society of New Zealand examined the two nations and raised a number of questions that deserve to be considered in light of a year of lockdowns, contact tracing, outbreaks, and other restrictions on the movement of people.

The central push of the paper is that as New Zealand has kept individual privacy as a paramount concern, this has led directly to the use of city or nationwide lockdowns, which it has labelled as a blunt instrument.

Full article

Apple releases emergency update for iPhones, iPads, and Apple Watch


Apple has released an emergency update to patch a serious vulnerability ( found in iOS, iPadOS, and watchOS.

The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively. 

The vulnerability, discovered by Google’s Threat Analysis Group, affects Apple’s WebKit browser engine, and what makes this an urgent update is the fact that the Apple claims that the vulnerability is being actively exploited.

Details from Apple are limited, but such vulnerabilities could be used to carry out malicious actions such as directing users to phishing sites.

Full article

Brazil leads in phishing attacks


Brazil is a world leader in phishing attacks, with one in five Internet users in the country targeted at least once in 2020, according to research.

According to the report on phishing by cybersecurity firm Kaspersky, Brazil tops a list of five countries with the highest rate of users targeted for data theft throughout last year. The other nations cited are Portugal, France, Tunisia and French Guiana.

The number of phishing attacks against mobile devices increased by more than 120% between February and March 2020 alone, according to the study. Factors behind the increase in scams include the boost in internet usage and access to services online such as internet and mobile banking and online shopping as a result of social distancing measures, as well as large-scale adoption of remote work and the anxiety around information about the pandemic.

Full article

Facebook says Chinese hackers used its platform in targeted campaign to infect, surveil user devices


Facebook said it has disrupted a network of hackers tied to China who were attempting to distribute malware via malicious links shared under fake personas. The social network’s cyber espionage investigations team has taken action against the group, disabled their accounts and notified the roughly 500 users who were targeted.

The hackers — believed to be part of the Earth Empusa or Evil Eye groups — were targeting activists, journalists and dissidents, predominantly among Uyghurs from Xinjiang in China, living abroad in Turkey, Kazakhstan, the US, Syria, Australia, and Canada. 

Facebook said the highly focused campaign was aimed at collecting information about these targets by infecting their devices with malicious code for surveillance purposes. The links that were shared through Facebook included links to both legitimate and lookalike news websites, as well as to fake Android app stores. 

In the case of the news websites, Facebook’s head of cyber espionage investigations Mike Dvilyanski said the hackers were able to compromise legitimate websites frequently visited by their targets in a process known as a watering hole campaign intended to infect devices with malware.

Full article

Apple has a problem with ProtonVPN wanting to challenge governments


The founder of ProtonVPN, Andy Yen, has jumped onto a soapbox to lambaste Apple over a decision to block an update of the app over its description.

Whether it is challenging governments, educating the public, or training journalists, we have a long history of helping bring online freedom to more people around the world, stated the text an Apple app reviewer had an issue with.

The reviewer suggested the text be modified to not “encourage users to bypass geo-restrictions or content limitations”.

Yen used the rejection to claim Apple was stymieing rights in Myanmar, which is in the midst of a brutal crackdown following a coup last month. The founder said the company had used the description for months already.

Full article

Australian law enforcement used encryption laws 11 times last year


Australia’s contentious encryption laws were used 11 times between 1 July 2019 and June 30 2020, by three of the nation’s law enforcement bodies.

Revealed in the Department of Home Affairs’ latest Telecommunications (Interception And Access) Act 1979 — Annual Report 2019-20, New South Wales Police used the powers seven times, the Australian Federal Police (AFP) three times, and the Australian Criminal Intelligence Commission (ACIC) once.

All 11 instances were Technical Assistance Requests (TAR), which are voluntary requests for the designated communications providers to use their existing capabilities to access user communications.

The laws, passed in 2018, also create Technical Assistance Notices and Technical Capability Notices, which are compulsory notices to compel communications providers to use or create a new interception capability, respectively.

NSW Police used the notices in six cases of illicit drug offences and one of robbery.

Two of the AFP’s three TARS given in the period were not given for specific offences, but rather were given to be used against all serious offences as the need arose. These two TARs were then revoked prior to assistance being utilised, the report said. The Federal Police’s remaining TAR was used for cybercrime offenses.

Full article

The future of data privacy: confidential computing, quantum safe cryptography take center stage


Confidential computing, quantum safe cryptography, and fully homomorphic encryption are set to change the future of data privacy as they make their way from a hypothesis to viable commercial applications.

On Thursday, IBM Research hosted an online program exploring each of these technologies and how they could impact how we securely manage, encrypt, store, and transfer information — with each solving a different challenge posed by future data privacy concerns.

Full article

Egregor ransomware operators arrested in Ukraine


Members of the Egregor ransomware cartel have been arrested this week in Ukraine, French radio station France Inter reported on Friday, citing law enforcement sources.

The arrests, which have not been formally announced, are the result of a joint investigation between French and Ukrainian police.

Sources in the threat intel community have confirmed the existence of a law enforcement action but declined to comment for the time being.

The names of the suspects have not been released. France Inter said the arrested suspects provided hacking, logistical, and financial support for the Egregor gang.

Full article

Yandex said it caught an employee selling access to users’ inboxes


Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains.

The company, which did not disclose the employee’s name, said the person was “one of three system administrators with the necessary access rights to provide technical support” for its Yandex.Mail service.

The Russian company said it’s now in the process of notifying the owners of the 4,887 mailboxes that were compromised and to which the employee sold access to third-parties.

Yandex officials also said they re-secured the compromised accounts and blocked what appeared to be unauthorized logins. They are now asking impacted account owners to change their passwords.

Full article