February 28, 2022
David Redekop

TWINN Security News February 28

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Our brief focus this week is around Android stalkerware. Historically, the Android ecosystem has been an attractive market for users and developers alike. Since Android phones tend to also be less costly than iPhones, and publishing an app has fewer hurdles, it’s no wonder that it has attracted the masses. The problem with mass adoption with few publishing hurdles means that it continues to be riddled with security problems, not unlike the decades we’ve struggled to keep up with the exploited weaknesses in Windows.

So, with that background, it is not surprising that stalkerware on Android is a real problem as the Zack Whittaker reports here:

Behind the stalkerware network spilling the private phone data of hundreds of thousands. It is worth pointing out that these issues are ones we know about. How many other unknown vulnerabilities continue to exist in Android and its appa, nobody knows.

Hacktivists Plot Attacks on Russia With Ukraine Government’s Urging. The tables have turned. Many history cyber attacks have been attributed to Russia, but now with volunteers around the world co-ordinating cyber attacks against Russia, this will be worth watching.

Consumer Reports Finds Risky Permissions, Security Concerns In All Five Printer Manufacturers. Printers have always been a quiet weakness in a network, so this isn’t news to the cyber-aware, but it is a good reminder to practice good security hygiene. Network segmentation is key, as many printer vendors don’t have fixes.

Meet The Secretive Surveillance Wizards Helping The FBI And ICE Wiretap Facebook And Google Users. We should all be aware of PenLink, a most pervasive wiretapper. While law enforcement needs tools to assist in capture, the danger is always that surveillance powers are misused.

One of the most dangerous threats is back again: Emotet is reborn. As usual, it begins with malspam email containing malicious Office attachments, or a phishing link. masking malicious strings and content like URLs, IPs, commands, or even shellcodes. This makes it even more difficult for endpoint software to detect it as malicious. So beware and make good use of zero trust policies which are the best mitigation here.

Did you know? 

If you or someone you know was hit with Hive ransomware and didn’t pay up, there’s good news: Academics publish method for recovering data encrypted by the Hive ransomware.

For a video version of this see: https://youtu.be/bb6I7s5ilx4