At a glance.
- Apple reforms its app exclusion list.
- Steganography and evasion.
- WhatsApp privacy policies receive international regulatory scrutiny.
- Remcos RAT is the hook in a COVID-19 phishing campaign.
- Fertility services provider sustains a ransomware attack.
Apple eliminates app exclusion list security blindspot.
Apple has removed the macOS 11 ContentFilterExclusionList after researchers discovered it was allowing over fifty of Apple’s applications to bypass user firewalls, VPNs, and other security tools, reports ZDNet. Apps on the list, which included heavily-used platforms like App Store and iCloud, created a privacy and security loophole that could allow malware to slip into users’ systems undetected and could potentially expose users’ VPNs or geographic location. As Apple told ZDNet, the list was a temporary fix for bugs that were not resolved before the launch of macOS 11.
Computer Vision: x-ray powers for security filters.
Cybercriminals regularly use embedded images in phishing emails as a way to evade spam filters that rely on textual analysis. Identical images are easy for security tools to detect, so cybercriminals will alter the images in almost imperceptible ways to avoid being flagged. Remote images, instead of being embedded in the email itself, are hosted on the web so the image must be fetched before it can be analyzed, and cybercriminals will use multiple redirects, cloaking, and trusted domains to confuse security filters. Vade Secure explains how the emerging field of Computer Vision, based on Deep Learning models, is combating these tactics by giving computers more sophisticated visual content understanding. Employing Optical Character Recognition and Natural Language Processing, researchers can teach systems to recognize malicious images that might otherwise slip into a victim’s inbox undetected.
WhatsApp’s new privacy policies face international backlash.
Messaging platform WhatsApp’s recent decision to share user data with Facebook’s family of companies is receiving a less than warm response. Reuters reports that a petition has been filed in Indian court stating that the new policies border on user surveillance and are a threat to national security as the user data are being transmitted and stored in another country. With more than 400 million users, India is WhatsApp’s largest market. Turkey’s Competition Board is also challenging the changes. Meanwhile, Reuters says Italy’s data protection authority is alleging WhatsApp did not clearly communicate the new policies to users. WhatsApp is currently the country’s leading messaging platform, but perhaps not for long, as users threaten to switch to competitors Signal or Telegram. WhatsApp has launched an advertising campaign in an attempt to reassure users that the new policy does not impact messages exchanged between friends and family.
Remcos RAT used in COVID-19 phishing campaign.
Bitdefender breaks down a Remcos malware phishing campaign that used the COVID-19 pandemic as bait for targets in Colombia. Remcos, a remote access trojan (RAT) has been a favorite of commercial and advanced threat actors since it first appeared in 2017. The campaign was unique in that it concealed additional payloads in images posted on a viral picture website to avoid being blacklisted, and it was able to dodge antimalware labs by using anti-reverse-engineering tactics.
US Fertility target of ransomware attack.
US Fertility, a management services company that provides IT support for fertility programs across the globe, announced that it suffered a data breach as a result of a ransomware attack. It appears the threat actors had access to the networks during August and September of 2020 and personally identifiable information of US Fertility clients was potentially compromised.