Cybersecurity News: Neuberger’s Insurance Suggestion, Kaspersky PlayStore Takedown, Detroit Suffers From a Cyberattack

In today’s cybersecurity news…

Insurers should stop financing ransomware payments, Neuberger says

An op-ed written by U.S. Deputy National Security Advisor for Cyber ​​and Emerging Technologies Anne Neuberger and published in the Financial times called for an end to this practice, stating that “some insurance company policies, for example covering the reimbursement of ransomware payments, encourage ransom payments that fuel cybercrime ecosystems.” She added that the insurance industry could “play a constructive role by “requiring and verifying the implementation of effective cyber security measures as a condition of underwriting its policies, similar to the way fire alarm systems are required for home insurance.” Her message followed the fourth annual International Counter Ransomware Initiative (CRI) summit held in Washington DC last week.

(The record)

Google removes Kaspersky antivirus software from the Play Store

Kaspersky’s Android security apps are no longer available in the Google Play Store and its developer accounts have been disabled, both apparently by Google. This means that Kaspersky Endpoint Security and Kaspersky VPN & Antivirus are currently unavailable on Google Play in the US, and the removal will also affect other regions of the world. Google has confirmed that this action is related to Kaspersky’s own statement in July that it would shut down its US operations after the US government sanctioned the company with the ban on Kaspersky antivirus software that took place in June this year.

(BleepingComputer)

A cyber attack hits government agencies in the Detroit area

Wayne County and the city of Detroit suffered a cyberattack on Wednesday and spent the rest of last week working to resolve an outage in government buildings and systems. Officials stated that bill payment and tax payment portals were affected, as was inmate processing in corrections services, but not in city systems.

(The record)

Ryanair faces GDPR issues related to customer ID checks

An investigation has been launched by Ireland’s Data Protection Commission (DPC) into the discount carrier’s customer verification process practices. Graham Doyle, Deputy Commissioner at the DPC, said they had received numerous complaints from Ryanair customers across the EU/EEA who were then required to undergo a verification process after booking their flights. “The authentication methods used by Ryanair include facial recognition technology which incorporates customer biometric data. This investigation will assess whether Ryanair’s verification methods are compliant with the GDPR.”

(The Register)

Thanks to today’s episode sponsor, Vanta

As the number of third-party breaches continues to rise, companies are becoming increasingly vigilant, meaning more time is spent on manual security assessments. With Vanta Questionnaire Automation, security and compliance teams can complete security assessments up to 5 times faster, freeing you up to focus on running your security and compliance programs. More than 8,000 global companies like ZoomInfo, SmartRecruiters, and Noibu use Vanta to save time on security assessments. To learn more about questionnaire automation, visit vanta.com.

Google’s Pixel 9 protects against baseband attacks

As we reported in August, baseband attacks are a major security concern for mobile phone networks. The mobile baseband manages a smartphone’s network connectivity for LTE, 4G and 5G. Threat actors have taken advantage of this to inject fabricated or manipulated network packets to take over devices or their firmware for remote code execution or to deploy spyware. Google says the Pixel 9 “deploys the most secure baseband yet,” using proactive prevention and improved detection.

(Safety matters)

Apple releases critical iOS and iPadOS updates to fix password vulnerability

The updates fix a security issue that could allow users’ passwords to be read by the supporting Apple VoiceOver technology. This is classified as a vulnerability and has been assigned a CVE number. It’s described as a logic issue in the new Passwords app and affects a wide range of iPhones and iPads. Security researcher Bistrit Daha is credited with discovering and reporting the flaw. The problem has now been resolved. A list of affected Apple devices is available in the show notes for this episode.

(The hacker news)

Malware delivered via podcast invite

In July this year, Iranian threat actor TA453 sent a podcast invite to a prominent Jewish religious figure, which was actually a phishing email aimed at delivering a new malware toolkit, BlackSmith, containing a PowerShell Trojan called AnvilEcho. Posing as a research director at the Institute for the Study of War, the attacker lured the target with a podcast invite and then proceeded to use a number of social engineering techniques, including password-protected files, spoofed domains, Hotmail accounts, and referencing an actual podcast. of the counterfeit organization. A full analysis of the scheme is available on the Proofpoint blog.

(CyberSecurity News and Proofpoint)

Harvard students create Meta Ray-Ban mod that can identify people in seconds

The creation, built by two students from the school, AnhPhu Nguyen and Caine Ardayfio, could potentially allow a wearer of Meta’s new smart glasses to identify anyone they see. Their tool, which they have called I-Xray, uses the glasses to stream video footage to Instagram. Faces captured in the images are then sent to a facial recognition app such as PimEyes, which matches images to the publicly available database of faces, names and PII. This will provide enough information to cross-reference the data using people search sites to find addresses and more details – possibly even partial Social Security numbers. All in about a minute. To make this even more intriguing, all the data that I-XRAY itself collects becomes publicly available, creating a potential privacy nightmare for just about everyone.

(The Register)

The post Cybersecurity News: Neuberger’s Insurance Suggestion, Kaspersky PlayStore Takedown, Detroit Suffers Cyberattack appeared first on CISO Series.