Jada Jones/ZDNETDuring Apple’s September hardware event last year, the company announced the iPhone 16 lineup, new AirPods, and an upgraded Apple Watch. I was most happy to see the AirPods 4 model, which introduced noise cancellation to the lineup for the first time and upgraded software features — but I was secretly hoping for the AirPods Pro 3.Also: 4 headphones I swear by (and how I use each pair differently)Unfortunately, a new AirPods Pro model didn’t appear. Instead, Apple announced auditory health features and valuable software upgrades available to the AirPods Pro 2 earbuds, which have kept the device relevant even after years since launch.With the AirPods Pro 2 More

The Washington State Department of Licensing reported a cyber incident last week that may have exposed the sensitive information of more than 250,000 professionals in the state. The agency said in a statement that it “became aware of suspicious activity involving professional and occupational license data” during the week of January 24.   The Professional Online Licensing and Regulatory Information System (POLARIS) system that was affected stores information ranging from social security numbers, dates of birth and driver license numbers to other personally identifying information. “We immediately began investigating with the assistance of the Washington Office of Cybersecurity. As a precaution, DOL also shut down the Professional Online Licensing and Regulatory Information System (POLARIS) to protect the personal information of professional licensees. At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” the agency said. “If our investigation concludes that your personal information has been accessed, DOL will notify you and provide you with further assistance.”State Sen. Reuven Carlyle told The Seattle Times that he has been briefed on the issue, with the agency telling him that the Office of Cybersecurity became concerned after someone on the dark web claimed to have accessed the data. By the afternoon of January 24, the agency decided to shut down the licensing system entirely. The agency said it is working with the state’s Office of Cybersecurity to protect the licensing data and bring POLARIS back online. The department issues licenses for 39 types of businesses and professions, including cosmetology, real estate brokers, bail bondsmen, architects and more. The licenses are processed, issued and renewed in POLARIS.

A call center has been created for businesses trying to renew their licenses and the agency said it will not fine companies trying to renew their license during the outage. The state Attorney General’s Office keeps a running tally of the data breaches exposing information from citizens of the state. The website shows that in the attacks reported in 2022, more than 21,500 Washingtonians have been affected.  More

Image: Wiz.io
Users of Azure who are running Linux virtual machines may not be aware they are have a severely vulnerable piece of management software installed on their machine by Microsoft, that can be remotely exploited in an incredibly surprising and equally stupid way. As detailed by Wiz.io, which found four vulnerabilities in Microsoft’s Open Management Infrastructure project, an attacker would be able to gain root access on a remote machine if they sent a single packet with the authentication header removed. “This is a textbook RCE vulnerability that you would expect to see in the 90’s — it’s highly unusual to have one crop up in 2021 that can expose millions of endpoints,” Wiz security researcher Nir Ohfeld wrote. “Thanks to the combination of a simple conditional statement coding mistake and an uninitialized auth struct, any request without an Authorization header has its privileges default to uid=0, gid=0, which is root.” If OMI externally exposes port 5986, 5985, or 1270 then the system is vulnerable. “This is the default configuration when installed standalone and in Azure Configuration Management or System Center Operations Manager. Fortunately, other Azure services (such as Log Analytics) do not expose this port, so the scope is limited to local privilege escalation in those situations,” Ohfeld added. The issue for users, as described by Ohfeld, is that OMI is silently installed when users install log collection, has a lack of public documentation, and runs with root privileges. Wiz found over 65% of Azure customers running Linux it looked at were vulnerable.

In its advisory on the four CVEs released today — CVE-2021-38647 rated 9.8, CVE-2021-38648 rated 7.8, CVE-2021-38645 rated 7.8, and CVE-2021-38649 rated 7.0 — Microsoft said the fix for the vulnerabilities was pushed to its OMI code on August 11 to give its partners time to update before detailing the issues. Users should ensure they are running OMI version 1.6.8.1, with Microsoft adding instructions in its advisories to pull down the OMI updates from its repositories if machines are not updated yet. “System Center deployments of OMI are at greater risk because the Linux agents have been deprecated. Customers still using System Center with OMI-based Linux may need to manually update the OMI agent,” Wiz warned. The vulnerabilities were part of Microsoft’s latest Patch Tuesday. Like many vulnerabilities these days, a catchy name must be attached to them, in this case, Wiz dubbed them OMIGOD. Related Coverage More

Cyber criminals are posing as recruiters and employers to offer people fake jobs in a scheme designed to steal money, personal data and trick victims into helping them commit money laundering. Detailed by cybersecurity researchers at Proofpoint, the job fraud campaigns attempt to lure people in with the promise of upfront payments for simple jobs that can be done while working from home. 

ZDNet Recommends

Nearly 4,000 of these email threats are being sent every day – most are sent to people in the United States, but Europeans and Australians have also been targeted. SEE: A winning strategy for cybersecurity (ZDNet special report) In over 95% of cases, the attackers are aiming at email accounts linked to universities and colleges, targeting students who are likely to be open to flexible and remote work opportunities.Remote work has risen because of the COVID-19 pandemic, something that could make the approaches look less suspicious to victims. Some of the fraudulent emails even reference COVID-19 as a reason for the fake jobs being remote. While the lure of making easy money from remote work sounds tempting, the attacks are designed to fleece victims – according to the FBI, the average loss for victims of employment fraud actions is around $3,000. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly. They are very concerning for universities especially,” said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Those behind the attacks use several different templates, often using the real branding and logos of the companies they’re claiming to come from. The attackers are also known to use spoofed or compromised email addresses of recruiters in order to send initial emails. One of the scams purports to be from the United Nations Children’s Fund (UNICEF) for an executive personal assistant role, claiming to offer $400 for eight hours a week of work. The email contains link to a Google form, asking for a name, alternative email address, and phone number. If the victim enters their details, they receive another email with more information about the supposed job, and if the offer is accepted, the attackers send a fake cashier’s check, initially for $950, then rising to $1,950 – this is designed to look like the victim will be paid, when that isn’t the case. Instead the attackers ask the victim how much they have in their bank account, so money can supposedly be used to send toys to children in orphanages – researchers were asked to transfer $1,000. The attackers asked for the transfer to be made – something that leaves the victim out of pocket because the fake cashier’s check that supposedly covers the cost can’t be cashed. Another of the phony jobs takes a different route, sending emails in which the attackers are claiming to be recruiting college students for an alleged modelling job – which doesn’t really exist. The email claims that the victim will be paid over $2,750 up front, and any expenses related to the shoot will be reimbursed.  SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened  The attacker emails a fake check and, in some instances, it is even sent to the victim’s home – but because it’s fake, it can’t be cashed. In this case, the fraud is based around sending money to cover “shipping costs” for items to be used in the shoot – items that are never ordered for a shoot that won’t happen, ultimately resulting in money being stolen from the victim. Not only can these fake jobs leave people out of pocket, they could also potentially be unwittingly helping to facilitate cybercrime, as it’s likely some of these cash transfers are part of fraud related to other schemes. In aiming at students, the attackers are potentially exploiting naivety about online threats and the world of work – for example, a legitimate employer is very unlikely to send a paycheck before an employee’s first day of work and nor will they ask employees to buy items before they start the job. In order to avoid falling victim to these scams, it’s recommended that caution is exercised when receiving an unexpected job offer, especially if it comes from a freemail account like Gmail or Hotmail, but claims to be coming from a legitimate organisation. People should also be wary about nonexistent or overly simple interview questions and a lack of information about the job itself, or requests to switch to a personal email address or private chat account to discuss the opportunity. It’s also worth remembering that if an opportunity seems too good to be true, then it probably is.MORE ON CYBERSECURITY  More

Cloud security company RiskIQ has been bought by Microsoft for $500 million, according to Bloomberg.  RiskIQ said last year that its cybersecurity programs are used by 30% of the Fortune 500 and more than 6,000 total organizations across the world, including the US Postal Service, BMW, Facebook and American Express. In a blog post, Microsoft cloud security vice president Eric Doerr said they were acquiring the company to help customers “build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence.”In the last year, Microsoft has purchased IoT security firms CyberX and ReFirm Labs to boost its cybersecurity offerings. Microsoft paid the $500 million in cash, Bloomberg reported. The tech giant has brought in more than $10 billion in revenue from security products over the last year.  “As organizations pursue this digital transformation and embrace the concept of Zero Trust, their applications, infrastructure, and even IoT applications are increasingly running across multiple clouds and hybrid cloud environments,” Doerr said. “Effectively the internet is becoming their new network, and it’s increasingly critical to understand the full scope of their assets to reduce their attack surface. RiskIQ helps customers discover and assess the security of their entire enterprise attack surface—in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain.”Doerr touted RiskIQ’s PassiveTotal community that crowd-sources threat intelligence from around the globe. 

He said organizations can use RiskIQ threat intelligence “to gain context into the source of attacks, tools and systems, and indicators of compromise to detect and neutralize attacks quickly.””The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response,” Doerr explained.RiskIQ co-founder and CEO Elias Manousos said RiskIQ’s Attack Surface and Threat Intelligence solutions will be added to the Microsoft Security portfolio, which include Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel.In his own blog post, Manousos said that the company works with “hundreds of the Global 2,000” and that their “community has grown to more than 100,000 security professionals.””We’ll continue to support, nurture, and grow this community with Microsoft. We’ll also continue to grow and work with the valued members of our Interlock Partner Program. We’re joining Microsoft to extend and accelerate our reach and impact and are more committed than ever to executing our mission,” Manousos said. “We’ll work closely with our customers as we integrate RiskIQ’s complementary data and solutions with Microsoft’s Security portfolio to enable best-in-class solution attack surface visibility, threat detection, and response.”RiskIQ raised $83 million from Battery Ventures, Georgian, Summitt Partners, MassMutual Ventures, National Grid Partners and Akkadian Ventures in capital funding before the Microsoft acquisition, according to Crunchbase.  More