Pete Recommends – Weekly highlights on cyber security issues, May 18, 2024

Subject: Librarians Are Waging a Quiet War Against International “Data Cartels”
Source: The Markup

Digital collections put library patrons’ privacy at riskLibraries have long been bastions of privacy. In fact, the American Library Association first put a right to privacy into its Bill of Rights in 1939. Librarians have since stood up time and again, refusing to keep records of what people borrow and thwarting occasional government interest in obtaining that sort of information.Yet while privacy is at the heart of many librarians’ work, it is becoming increasingly difficult to guarantee.

At a university today, someone doing research through a library is just as likely to access materials in digital as in physical form. And, Markup readers, you know that means new avenues for tracking.

At Cornell, international students have asked Bettinger how they can keep their home governments from finding out what they’re reading on campus. Lucky for them, and any other students worried that their interests could be exposed, circulation records aren’t saved or shared at Cornell. This means students can check out physical books and keep their browsing habits private. They can also browse the web and many library databases from library computers without needing to sign in. The university has even taken steps to preserve their privacy when they log in remotely to access digital library resources like academic journals and databases—a harder task, on the technical side.

Like the Licensing Privacy Project, the open-access advocacy group SPARC has also focused on contracts as a source of leverage. A paper SPARC commissioned analyzing contracts with Elsevier noted that “user tracking that would be unthinkable in a physical library setting now happens routinely through publisher platforms.”

Subject: The FCC Goes After Robo Callers Including Those Pretending to Be Streaming Services
Source: Cord Cutters News

Have you received a robocall from someone claiming to be from a streaming company, car insurance, or other place? The FCC has upgraded these repeat offenders to its C-CIST level of misconduct. This new C-CIST level for robo callers will give the FCC more power to readily detect and block them from future messages.

“As our investigative targets use more and more sophisticated and clandestine means such as generative AI voice-cloning technology and ‘spoofing’ to obtain sensitive data and defraud consumers, the C-CIST classification tool will allow us to better coordinate with our state, federal, and global regulatory and law enforcement partners to take on these bad actors,” …

Over the last few years, the FCC has gone after robo callers but this new system will let them more quickly block and prevent them from continuing to operate. This is one more move the FCC is making to stop spammers. …

Subject: US Official Warns a Cell Network Flaw Is Being Exploited for Spying
Source: 404 Media via WIRED

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

The system known as SS7—which connects cellular networks run by different providers—and its more recent upgrade called Diameter have long been considered a serious security and privacy problem. Researchers have warned that hackers who can gain access to a mobile provider’s system or even create their own have the ability to reroute cellular data, allowing them to track individuals or eavesdrop on their communications. Now one US official is raising the alarm that this technique has been used numerous times against real victims in the US.As first reported by 404 Media, CISA’s senior adviser for telecommunications, Kevin Briggs, responded to questions from the Federal Communications Commission in a public filing, confirming that he has seen multiple cases of Americans tracked via SS7 or Diameter, including one person whose location was tracked with the technique in March 2022 and three more the next month. He also warned that there were signs that many more people had been targeted, but that spies had used techniques to mask their exploitation of the system….

Subject: New mailing list aims to share hacking attempts on open-source projects
Source: Nextgov/FCW

The Siren email list allows members to share active exploitations of open-source projects, fueled by recent attempts to sabotage free-to-use software tooling. The Open Source Security Foundation unveiled a mailing list on Monday to help contributors and end users alert each other about open-source project vulnerabilities being exploited by hackers.

OpenSSF’s Siren would serve as a real-time alert system to email list members by flagging down malicious attempts to sabotage code in free and open-access software. It was motivated by recent attacks on open-source tools earlier this year, including an attempted hijacking of a widely-used Linux file transfer protocol.

The list aims to get security alerts about open-source builds — which underpin some 90% of modern applications — to end users of the tools. Open source security mailing lists have traditionally been used to exchange communications between developers, and the foundation wants to improve “communicating information about exploits efficiently with the broader downstream audience.”

Later that month, OpenSSF and partner foundation OpenJS said they received a series of suspicious emails from users masquerading as code contributors on three open-source Java projects that had attempted a related takeover.

But there aren’t standardized, verifiable ways to determine the authenticity or intentions of a purported user. Jia Tan, for instance, carefully uploaded code updates during their tenure as a fake contributor, some seeming to occur during Chinese business hours and other times indicating European.


Subject: Why car location tracking needs an overhaul
Source: Malwarebytes

[sponsored content … ]

Modern cars are the latest consumer “device” to undergo an internet-crazed overhaul, as manufacturers increasingly stuff their automobiles with the types of features you’d expect from a smartphone, not a mode of transportation.

There are cars with WiFi, cars with wireless charging, cars with cameras that not only help while you reverse out of a driveway, but which can detect whether you’re drowsy while on a long haul. Many cars now also come with connected apps that allow you to, through your smartphone, remotely start your vehicle, schedule maintenance, and check your tire pressure.

But one feature in particular, which has legitimate uses in responding to stolen and lost vehicles, is being abused: Location tracking.

It’s time car companies do something about it.

In December, The New York Times revealed the story of a married woman whose husband was abusing the location tracking capabilities of her Mercedes-Benz sedan to harass her. The woman tried every avenue she could to distance herself from her husband. After her husband became physically violent in an argument, she filed a domestic abuse report. Once she fled their home, she got a restraining order. She ignored his calls and texts.


Subject: Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
Source: The Hacker News

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads.”The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads,” Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.

“By embedding malicious scripts within seemingly innocuous cloud platforms, the malware not only ensures sustained access to targeted environments but also utilizes these platforms as conduits for data exfiltration and command execution.”

Subject: Five ways criminals are using AI
Source: MIT Tech News

“Artificial intelligence has brought a big boost in productivity—to the criminal underworld.  Generative AI provides a new, powerful tool kit that allows malicious actors to work far more efficiently and internationally than ever before, says Vincenzo Ciancaglini, a senior threat researcher at the security company Trend Micro.  Most criminals are “not living in some dark lair and plotting things,” says Ciancaglini. “Most of them are regular folks that carry on regular activities that require productivity as well.” Last year saw the rise and fall of WormGPT, an AI language model built on top of an open-source model and trained on malware-related data …Here are five ways criminals are using AI now….”

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: MasterCard Plans to Use AI to Curb Credit Card Fraud

MasterCard will soon use AI to track down stolen credit card numbers before a purchase is made.

“Until now fraudsters may have thought they were operating in obscurity, seeking to launder the card details of millions of unsuspecting victims. Thanks to our world-leading cyber technology we can now piece together the jigsaw – enhancing trust to banks, their customers, and the digital ecosystem as a whole.” – Johan Gerber at Mastercard.

According to MasterCard, the technology detects these stolen credit card numbers “by scanning transaction data across billions of cards and millions of merchants at faster rates than previously imagined.”

Does AI Actually Help Detect Credit Card Fraud? -It’s all about analyzing patterns. When hackers steal credit cards, they’ll usually post a few of the numbers to entice third-parties to purchase them. This technology can now reportedly deduce the number in question before it’s been revealed, allowing MasterCard to shut it down before a fraudulent purchase has even been made.

Subject: How to find out if an AirTag is tracking you
Source: ZDNET

“An Apple AirTag is a useful device that helps you keep track of your most important items like keys, wallets, remotes, and even bicycles. However, reports of AirTags being used to track people without their consent cast a shadow on their use and application. This is why Apple made significant changes to what and how AirTags can be used….

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: New bill would require U.S. Intelligence agencies to develop cyber safeguards for ports
Source: Homeland Preparedness News

With the introduction of the Secure Smartports Act, U.S. Sens. Bob Casey (D-PA) and Mark Kelly (D-AZ) seek to convince their fellow lawmakers of the danger to U.S. ports posed by Chinese cyberattacks and intrusion.

The United States has an integrated network of ports, terminals, vessels, waterways, and land-side connections, which comprise the Marine Transportation System (MTS). That system, like most things nowadays, relies on digital systems for everything from operations to cargo movements, engineering, and security monitoring. While those systems have helped advance the maritime shipping industry and build up supply chains, they could also prove an Achilles heel, according to the two senators.

Accordingly, the bill would require the Office of the Director of National Intelligence’s National Counterintelligence and Security Center (NCSC) to take action. It would need to develop and pursue a plan to assist companies and port systems in protecting against risks posed by Chinese technology. That technology, they noted, could be used to spy on or even seize control of critical infrastructure and supply chains. …

Subject: Fake Antivirus Websites Deliver Malware to Android and Windows Devices
Source: The Hacker News

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks,” Trellix security researcher Gurumoorthi Ramanathan said.

The list of websites is below:

  • avast-securedownload[.]com, which is used to deliver the SpyNote trojan in the form of an Android package file (“Avast.apk”) that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency
  • bitdefender-app[.]com, which is used to deliver a ZIP archive file (“”) that deploys the Lumma information stealer malware</li
  • malwarebytes[.]pro, which is used to deliver a RAR archive file (“MBSetup.rar”) that deploys the StealC information stealer malware

Stealer malware have increasingly become a common threat, with cybercriminals advertising numerous custom variants with varying levels of complexity. This includes new stealers like Acrid, SamsStealer, ScarletStealer, and Waltuhium Grabber, as well as updates to existing ones such as SYS01stealer (aka Album Stealer or S1deload Stealer).

The development comes as researchers have discovered a new Android banking Trojan called Antidot that disguises itself as a Google Play update to facilitate information theft by abusing Android’s accessibility and MediaProjection APIs.

Posted in: Communications, Cybercrime, Cybersecurity, KM, Law Librarians, Privacy, Travel