Categories


Authors

BTH News 22May2020

BTH News 22May2020

This Week In Cybersecurity

This week Between the Hacks reports that Apple adds contact tracing to the iPhone, a new LogMeIn phish, 26% of endpoints use unsupported Windows 7, Verizon releases their 13th annual DBIR report, and Mikko Hyppönen’s Disobey keynote from February, 2020.


iPhoneContactTracing01.png

iPhone Contact Tracing Introduced This Week

Apple released iOS 13.5 this past Wednesday. Included are two updates based on COVID-19.

The first is the back-end technology to support the collaborative Apple and Google contract tracing solution. Reuters reports that 23 countries are interested in this solution which is likely because it is not centralized and claims to protect privacy rather than exploit it. The contact tracing feature is disabled by default but can be found at Settings > Privacy > Health > COVID-19 Exposure Logging. At this time you cannot enable Exposure Logging until an authorized app is installed on your system that can send Exposure Notifications. It is expected that government and private sector developers will release apps that can leverage this solution in the coming months. You can read more about how the privacy-protecting solution works in this ZDNet article.

The second update is minor but very helpful. This update will now make an iPhone go to the “Enter Pin” screen the first time facial recognition fails. Previously, the iPhone would try facial recognition three times before having the user enter his or her pin. With so many people wearing masks these days, this is a welcome change.

These updates will install automatically but if your iPhone hasn’t upgraded yet and you want to do it manually, you can install it by opening the Settings app and going to General > Software Update.


Phishing example from Abnormal Security

Phishing example from Abnormal Security

Beware of New LogMeIn Phish

Email security company, Abnormal Security, reported of a new phishing attack against LogMeIn customers. This phishing email appears to come from LogMeIn and informs recipients of a zero day patch that the recipient must install by clicking on a link in the email. The email warns that if the recipient fails to apply this update, their LogMeIn subscription will be suspended.

The link in that email appears to be valid by, “using an anchor text impersonation to make it appear to actually be directing to the LogMeIn domain.” If a recipient clicks on the link, it redirects them to a phishing site that appears to be a valid LogMeIn login page where the attacker can harvest valid login credentials from the victim.

This is one more example of how attackers are taking advantage of the opportunity to attack the massive number of people who are working from home.




More Than 26% of Endpoints Still Run Windows 7

Microsoft officially ended support for Windows 7 in January 2020 which means that they are no longer creating security patches and feature updates. Despite a years-long campaign to encourage users to upgrade, more than 26 percent of endpoints still run Windows 7. Threatpost reports that those numbers have shown a slight uptick since the start of the COVID-19 pandemic, which is likely due to organizations deploying older machines to suddenly support remote workers.


Verizon DBIR Released

This week Between The Hacks reported on the release of the 13th annual Verizon Data Breach Investigations Report, also known as the DBIR. At 119-pages, this is the 13th edition of the DBIR and it is the most extensive with more than 32,000 incidents, 3,950 of which were confirmed breaches.

Not only can you read more about the DBIR, but this article also links to thirteen additional cybersecurity reports. So if you’re a cybersecurity professional, academic, journalist or really anyone who is interested in cybersecurity, this is a valuable resource for you to get the statistics for all of your 2020 presentations.


Tip of the Week

Mikko Hyppönen’s Disobey Keynote

The cybersecurity industry has many experienced and engaging keynote speakers. A favorite at many conferences around the world, is Mikko Hyppönen, the Chief Research Officer of the Finnish cybersecurity company, F-Secure. If you have never heard Mikko speak, now is your chance. In addition to his Ted Talks and appearances in TV and movies, Mikko keynotes at conferences around the world and in early 2020, he gave the following presentation at the Disobey conference in Helsinki. Enjoy.


Picture of the Week

ZoomApple.jpeg
Domain Name Confusion

Domain Name Confusion

Verizon's 2020 Data Breach Investigations Report (DBIR)

Verizon's 2020 Data Breach Investigations Report (DBIR)