Cyber Security News - November 2021
22/11/2021
Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023
Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year.
"We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend.
The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously outlined plans to be "fully end-to-end encrypted until sometime in 2022 at the earliest."
The shift to encryption is a crucial element of Meta's proposals to build a unified privacy-focused communications platform it announced in March 2019, with CEO Mark Zuckerberg stating that the "future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever."
19/11/2021
UK fighting hacking epidemic as Russian ransomware attacks increase
The National Cyber Security Centre (NCSC) said it tackled a record number of cyber incidents in the UK over the last year, with ransomware attacks originating from Russia dominating its activities.
The cybersecurity agency said it had helped deal with a 7.5% increase in cases in the year to August, fuelled by the surge of criminal hackers seizing control of corporate data and demanding payment in cryptocurrency for its return.
Paul Chichester, director of operations, said that “ransomware has certainly dominated a significant portion of year” and that the hacking epidemic had become “global as a story in the last 12 months”.
Central government and the UK public sector do not pay cyber ransoms, although fixing the damage can take months. Rebuilding Hackney’s affected systems cost around £10m, with some of the costs met by central government.
11/11/2021
Government commits millions to security investment
Westminster has committed to ploughing millions of pounds into cyber security in government in the shape of investments in the National Cyber Security Programme and in central and local government bodies, as the UK’s public sector comes under high and sustained volumes of cyber attacks.
The sums announced today in the 2021 Spending Review and Autumn Budget total over £750m and form part of a total investment of £2.6bn in cyber and legacy IT during the period of the Spending Review – most of which will be spent on improving the government’s own cyber security. It comes on top of already-agreed funding for the National Cyber Force, which is currently being stood up.
Prominently, the Spending Review provides for a £114m increase in the UK’s National Cyber Security Programme, which the government says will enable the UK to adapt, innovate and invest to maintain and extend its competitive edge as a “responsible, democratic” cyber power on the world stage. It comes ahead of the next iteration of the National Cyber Security Strategy, which is expected soon.
02/11/2021
New Android Malware Can Gain Root Access to Your Smartphones
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection.
The malware has been named "AbstractEmu" owing to its use of code abstraction and anti-emulation checks undertaken to thwart analysis right from the moment the apps are opened. Notably, the global mobile campaign is engineered to target and infect as many devices as possible indiscriminately.
Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality. Only one of the rogue apps, called Lite Launcher, made its way to the official Google Play Store, attracting a total of 10,000 downloads before it was purged.
01/11/2021
Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.
Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control (UAC).
Researchers from Rapid7 recently identified the campaign and warn the goal of the attackers is to extricate sensitive data and steal cryptocurrency from the targeted infected PC.
Andrew Iwamaye, Rapid7 research analyst, said that the malware maintains persistence on PC “by abusing a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privileges.”
Follow Us
Be the first to know
You might also like
