- Shared Security Podcast
- Posts
- New Episode Alert EP151
New Episode Alert EP151
Details on the FireEye hack and more news from last week!
In episode 151 for December 14th 2020: What you need to know about the stolen FireEye "Red Team" tools and the FUD going on in the media about the attack, Foxconn gets hit with a ransomware attack plus details on how ransomware attacks are evolving, and how Apple is stopping advertisers from tracking you across different applications.
Do you have a car that uses a key fob? If you do, you need an additional layer of security to protect your car from being broken into or even stolen. That's where a Silent Pocket Faraday key fob guard can help prevent relay attacks,
, making headlines across the world. Pick one up for yourself or as a holiday gift by visiting
and make sure you use discount code "sharedsecurity" to receive 10% off of your order during checkout.
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
The big breaking news last Tuesday was the disclosure by FireEye, one of the largest cybersecurity firms in the US, that
. News and details of this attack were posted on the FireEye blog by FireEye's CEO, Kevin Mandia. Kevin stated that the attacker went after information related to certain government customers and gained access to FireEye's "red team" assessment tools that are used during client engagements to test their security. FireEye specifically stated that none of the tools contain zero-day exploits and that there has been no evidence that any attacker has used these stolen tools in other attacks. In response,
to the security community which have the ability to either detect or block the use of these stolen tools.
Now
(which of course stands for Fear Uncertainty and Doubt) over this news with a few media reports going as far to say that this is as bad as the Shadow Brokers leak of the NSA's EternalBlue exploit which caused all sorts of attacks including the WannaCry ransomware attacks in 2017. This breach is not even close to being the same as almost all of the stolen FireEye tools have already been identified as open source or already well known publicly available tools, modified of course for FireEye's clients and other specific use cases. And all of the vulnerabilities that these tools exploit have well known patches and updates available. I'll also mention that FireEye did a great job disclosing this breach to the public and their customers. Not only were they honest about what happened, but they provided real countermeasures which is something that you don't see many breached companies, especially cybersecurity companies do these days. So kudos to the FireEye team for doing the right thing and setting an example of how an organization should respond to a security breach.
Foxconn electronics giant hit by ransomware, $34 million ransom
Electronics giant
where the attackers demanded a $34 million dollar ransom. Foxconn is the largest electronics manufacture in the world with over 800,000 employees across the world. If you're using an Apple iPhone or many other popular electronics, it was probably built by Foxconn. This attack looks to be attributed to a group called "DoppelPaymer", which according to media reports, said that they attacked Foxconn's North America facility located in Mexico but they did not attack the entire company. The attackers have also claimed to have encrypted about 1,200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB of backups. According to a report from BleepingComputer Foxconn has confirmed the attack and said that they are slowly bringing systems back into service. No word on if Foxconn is planning on paying the ransom.
In other ransomware news,
to be more like nation-state attackers conducting full-scale network intrusions. Recent attacks show signs that attackers are spending months doing reconnaissance and ensuring specific types of ransomware is installed and working before encrypting the network. This means that attackers are moving from being opportunistic to becoming more like APT (Advanced Persistent Threat) attackers. Ironically, most ransomware attacks can be prevented by ensuring systems are fully patched and updated, which continues to be a major problem for most organizations.
Apple could block apps that don't comply with new privacy feature
And in privacy news, Apple threatened last week to remove apps from the App Store if they don’t comply with an upcoming privacy feature allowing users to block advertisers from tracking them across different applications. The new feature called "App Tracking Transparency", coming out next year, will require developers to show a notification stating that the app "would like permission to track you across apps and websites owned by other companies." Of course companies like Facebook, Google, and others have criticized this change because tracking of users is how they make money. This change may also impact smaller digital marketing firms that sell your information to third-parties.
And in related news, WhatsApp (which is a company owned by Facebook) is criticizing Apple's plans to add new privacy labels that will be on full display for each app in the Apple AppStore. WhatsApp says that this new requirement is anti-competitive because Apple's own encrypted messaging service (Messages) is preinstalled on iPhones and doesn't need to be downloaded from the AppStore. WhatsApp says that it's not fair that people can't compare privacy labels from first and third-party apps that they may use. For more details and for my thoughts on these privacy labels,
.
Watch this episode on our YouTube Channel!
NovemberMonthly ShowEpisode 106In our November monthly episode we discuss the scams that you may encounter this holiday shopping season due to the pandemic and our top tips on how to stay safe and more secure when doing your shopping this year.
Watch this episode on our YouTube Channel!
Please support our sponsors!
Take advantage of this exclusive offer and help support this podcast!
Visit
to shop Silent Pocket's great line of privacy focused products.