Information Technology

Facebook is one of those thing that I have a love/hate relationship with. I find it a great way to keep in touch with people, but it can quickly turn into a hellstew at any moment.

And it’s not just the ads. It’s the spam, the prompts for games and quizzes, videos popping out all over the place, and all the other distracting random stuff designed to steal my precious hours on this earth.One of the best things that I did to improve my Facebook experience was to install a browser extension called FB Purity.I honestly think that without this I would have dumped Facebook a long time ago.Must read: Facebook is the AOL of 2021FB Purity is a browser extension that, as the makers put it, “helps you to take control of your Facebook experience.”Who doesn’t need some of that in their life?

There’s so much built into FB Purity that it’s hard to know where to start, so I’ll just cover the features that I find useful.There’s a text filter system that lets you filter out specific keywords/phrases. This is great for making things like political posts and anti-vax/5G conspiracy tinfoil hat garbage evaporate.There’s also a powerful image content filter that lets you filter out images of cats, dogs, selfies, babies, memes, food, and smoking. It also allows you to create custom image content filters.With a few clicks you can hide all of the following: Events, Games and App Requests, Recommended Pages, Suggested Groups, People You May Know / Find More Friends, Get Connected, Pokes, Friend Requests, Birthdays, Chat, Trending Topics / Trending Hashtags, Businesses For You, Stories, Watchlist.I no longer get invites to play games, which is just super.FB Purity will also tell you on your list has deleted, unfriended or blocked you. This can reveal some interesting trends, but on the whole I’m not that bothered by what other people choose to do.FB Purity is only available for desktop browsers — Mozilla Firefox, Google Chrome (and any Chromium-based browser), Edge, Safari, Opera, Brave and Maxthon — and runs on Windows, macOS, Linux, and  Chrome OS (so unfortunately there’s no version for iOS/Android).FB Purity is donationware, so if you like it, you can donate to keep the project moving forward.I’ve had FB Purity installed on my desktops and laptops for several years. The browser extension is solid and reliable, and is updated regularly. There are a few unsupported features currently because of the new Facebook look, but on the whole it does an excellent job.

Social Networking More

One of the directors involved in the BitConnect cryptocurrency Ponzi scheme has pleaded guilty to his role in the conspiracy.

This week, the US Department of Justice (DoJ) said that Los Angeles resident Glenn Arcaro has pleaded guilty to the charge of conspiracy to commit wire fraud. Together with the forfeiture of criminal gains, Arcaro faces a maximum penalty of 20 years in prison.The 44-year-old was accused of playing a part in BitConnect, an unregistered securities offering and cryptocurrency scheme that collapsed in 2018. BitConnect promised investors high returns based on investments leveraging market volatility, but in order to participate, traders had to purchase BitConnect Coins (BCC) through Bitcoin (BTC) deposits.  When BitConnect closed, without warning, the price of BCC plummeted and users were unable to access their funds.  At the time, BitConnect operators cited bad press, distributed denial-of-service (DDoS) attacks, and the scrutiny of US regulators as reasons for its exit. Law enforcement then set to work tracking down the scheme’s operators.The DoJ says that investors in the US and abroad lost over $2 billion in what is considered to now be “the largest cryptocurrency fraud ever charged criminally.” In front of US Magistrate Judge Mitchell Dembin, Arcaro admitted to fraudulently conspiring with others to promote the cryptocurrency scam, as well as misleading investors over the proprietary software BitConnect apparently used to track the market and ensure profit.

“In truth, BitConnect operated a textbook Ponzi scheme by paying earlier BitConnect investors with money from later investors,” prosecutors say. As a director, Arcaro took a slice of every investment made through BitConnect’s pyramid lending programs. As much as 15% of each trade went into his pocket and he eventually earned over $24 million. “Arcaro has accepted responsibility for his actions of defrauding thousands of individuals worldwide to invest in BitConnect,” commented Special Agent in Charge Eric Smith, FBI Cleveland Field Office. “He lined his pockets with millions of dollars, money from victims that believed their funds were being invested into a new cryptocurrency with a high rate of return.” In June, SEC charged five alleged members of the BitConnect promoter pool. The regulator claims that in 2017 and 2018, the five promoted and sold securities through the BitConnect lending program, which promised investors returns as high as 40%. Marketing consisted of YouTube content, social media, and ‘testimonials’. The promoters each earned between $475,000 and $1.3 million in commission.  The US Securities and Exchange Commission (SEC) has also filed a complaint against Arcaro and BitConnect founder Satish Kumbhani. The regulator is seeking injunctions and civil penalties. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Getty Images
Gaming giant Tabcorp has supported the call for banning credit card use by Australians on online gaming platforms, such as betting apps, but its CEO believes such a mandate should be the responsibility of banks.Appearing before a joint committee as part of its inquiry into the regulation of the use of financial services, such as credit cards and digital wallets, for online gambling in Australia, Tabcorp CEO David Attenborough said while his organisation would not oppose a ban on credit cards for online wagering, it would oppose a ban for online lotteries.”I’m not sitting here saying I accept a ban on credit cards for gambling. I’m saying if the committee decides it’s going to ban it, we’re not going to oppose it for online wagering,” he told the Parliamentary Joint Committee on Corporations and Financial Services on Friday.Attenborough said only 14% of transactions through online wagering use a credit card. People already cannot use a credit card in a retail environment — that is a pub, club, or race track, for example.He said a large chunk of those using credit cards gamble responsibly and use it for convenience, but conceded there is a proportion that is much higher risk, and said his organisation recognised this and “wraps a whole bunch of controls around it”.”I don’t think people should gamble with debt,” he said, citing again the reason for not contesting the ban on credit card use.”If that is the solution the committee chooses to do, we will support that, but that legislation needs to be applied to the financial sector because they’re best set up to be able to implement that,” Attenborough said.

The financial services sector has previously testified to the committee that a self-regulated model would allow the gambling sector to adapt to new entrants in the payments space, such as digital wallets and cryptocurrencies, whereas heavy legislation would require too much change to keep up.”Banning credit cards is a blunt instrument and you’re better to put layers of extra risk controls around customers that use them, because at least you’ve got them in a bucket where you can watch them very closely and have extra scrutiny on them,” Attenborough said in response to the proposition.”I think banning them just drives them — if they’ve really got a problem they’re going to find a way around to get their money where they want to gamble it, and then we’ve got to make sure we understand where that’s happening and it might not be visible to us anymore because it will go via a digital wallet, via an intermediary of cryptocurrency, or something and we’ll never even know there was a credit card involved.”See also: Data centre fire ‘likely’ behind TAB’s weekend-long outageWith the use of credit cards in online wagering declining, at least on his platform, Attenborough said legislating the ban would speed this up.”It is an old world form of transacting that’s declining and you’re just going to speed up that and then move it into a multitude of different wallets where the only people that will really know what’s going on will be the financial sector, not us, we won’t have a clue,” he said.”If we got more information from the banks that a card was suspect, we could shut it down. If the banks notified us that this was a problem, we would be able to stop dealing with that problem, but this flow of information doesn’t happen.”In addition, if the ban wasn’t a legislated one, stakeholders such as racing bodies and the merchant that processes the transactions, in this case Mastercard, could interject, Attenborough added. As such, if it becomes law, he said his organisation would need “three to six months at best, nine months at worst, depending on regulators”.Attenborough said, however, a problem gambler would always find a way to get around blocks or bans, adding “it will be the banks that will be able to find them”.On self-exclusion, Attenborough believes more data-sharing needs to occur.”We’ve been quite tough on closing accounts and encouraging customers to exclude and it really frustrates [me] when I read articles that these customers have then gotten themselves into big trouble carrying on betting somewhere else,” he said.”It’s really critical that there is a much better way [to] protect people who have got a problem. It’s still got some privacy issues around it because the way the national exclusion register will have to work is customers will have to lodge themselves into it and there will be some customers that might exclude from us, but don’t choose to lodge themselves into the national exclusion register.”He also claimed that the only way platforms could properly deal with the issue would be through a national regulator. IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:Suicide Call Back Service on 1300 659 467Lifeline on 13 11 14Kids Helpline on 1800 551 800MensLine Australia on 1300 789 978Beyond Blue on 1300 22 46 36Headspace on 1800 650 890QLife on 1800 184 527RELATED COVERAGE More

The FBI sent out a notice warning companies in the the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to “disrupt operations, cause financial loss, and negatively impact the food supply chain.””Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants. Cybercriminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems,” the FBI said. “Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.”The notice goes on to explain that the food and agriculture sector has faced an increasing number of attacks in recent months as ransomware groups target critical industries with large attack surfaces. Many of the biggest food companies now use an array of IoT devices and smart technology in their processes. The FBI noted that larger agricultural businesses are targeted because they can afford to pay higher ransoms and smaller entities are attacked because of their inability to afford high-quality cybersecurity. “From 2019 to 2020, the average ransom demand doubled and the average cyber insurance payout increased by 65 percent from 2019 to 2020. The highest observed ransom demand in 2020 was $23 million USD, according to a private industry report. According to the 2020 IC3 Report, IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million across all sectors,” the FBI said. “Separate studies have shown 50-80 percent of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors. Although cyber criminals use a variety of techniques to infect victims with ransomware, the most common means of infection are email phishing campaigns, Remote Desktop Protocol vulnerabilities, and software vulnerabilities.”

The notice goes on to list multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million. JBS ended up paying an $11 million ransom to the REvil ransomware group after the attack caused meat shortages across the US, Australia and other countries. The FBI also cited an attack in November on a US-based international food and agriculture business that was hit with a $40 million ransom demand from the OnePercent Group. The company was able to recover from backups and did not pay the ransom. The notice lists a number of measures food and agriculture sector companies can take to protect themselves, including having backups, network segmentation, multifactor authentication and proactive monitoring of remote access/RDP logs. The notice came the same week as CISA urged companies to be wary of long weekends considering how many attacks have taken place on holidays this year. While they had no specific threat intel, the notice warned that threat actors know IT teams will be traveling or out of the office over the coming Labor Day weekend. White House deputy national security adviser Anne Neuberger spoke to the press on Thursday urging companies to search for signs of compromise before the long weekend and create action plans in the event of an attack. “We want to raise awareness and this need for awareness is particularly for critical infrastructure owners and operators who operate critical services for Americans,” Neuberger said.”Organizations and individuals should be on alert now because criminals sometimes lay their steps in advance and begin their planning.” More

The SEC handed down sanctions against eight firms this week for a slate of cybersecurity failures that resulted in the leakage of personal data for thousands of people. Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors and Cetera Investment Advisers (collectively, the Cetera Entities); Cambridge Investment Research and Cambridge Investment Research Advisors (collectively, Cambridge); and KMS Financial Services (KMS) were all named by the SEC for lackluster cybersecurity policies that led to “email account takeovers exposing the personal information of thousands of customers and clients at each firm.”All of the firms are Commission-registered as broker dealers, investment advisory firms, or both, according to an SEC statement. The Cetera companies will pay a $300,000 penalty while Cambridge will pay a $250,000 penalty and KMS will pay a $200,000 penalty.The SEC said that from November 2017 to June 2020, 60 cloud-based email accounts of Cetera Entities employees were hacked into, leading to 4,388 customers and clients having their personal information leaked. The SEC did not list the kind of personal information leaked in each case. “None of the taken over accounts were protected in a manner consistent with the Cetera Entities’ policies. The SEC’s order also finds that Cetera Advisors LLC and Cetera Investment Advisers LLC sent breach notifications to the firms’ clients that included misleading language suggesting that the notifications were issued much sooner than they actually were after discovery of the incidents,” the SEC statement said. “According to the SEC’s order against Cambridge, between January 2018 and July 2021, cloud-based email accounts of over 121 Cambridge representatives were taken over by unauthorized third parties, resulting in the PII exposure of at least 2,177 Cambridge customers and clients. The SEC’s order finds that although Cambridge discovered the first email account takeover in January 2018, it failed to adopt and implement firm-wide enhanced security measures for cloud-based email accounts of its representatives until 2021, resulting in the exposure and potential exposure of additional customer and client records and information.”

Fifteen KMS financial advisers had their accounts taken over, leading to the exposure of almost 5,000 customers’ information between September 2018 and December 2019. KMS didn’t change its cybersecurity policies until May 2020 and didn’t even implement those changes until August 2020. Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit, said investment advisers and broker dealers need to fulfill their obligations concerning the protection of customer information. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks,” Littman said. All of the firms violated the Safeguards Rule protecting customer information and Cetera violated other rules related to erroneous information included in their breach notification letters. “Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty,” the SEC said in a statement. Pravin Kothari, executive vice president at cybersecurity company Lookout, said organizations of all kinds need to be aware of the growing risk with their data in the cloud and always protect personal identifiable information and protected health information considering the growing number of regulations on data privacy of individuals, such as GDPR , PCI DSS, HIPAA and CCPA.”Financial services have additional regulations for client data protection such as GLBA, SEC, FFIEC,” Kothari added. Digital Shadows threat intelligence team lead Alec Alvarado noted that the cases revealed the continued targeting of cloud-based email services often results in broader compromise. Account takeover continues to emerge as a significant problem for organizations as the exposed credential database grows, Alvarado said. “A second implication is the potential exposure that can result from a single compromise. Threat actors can easily conduct lateral movement and pivot across compromised infrastructure after they gain initial access,” Alvarado told ZDNet.  More

Companies are increasingly mentioning cybersecurity in their earnings reports, according to a new study from analytics company GlobalData. In the first half of 2021, mentions of ‘cybersecurity’ in earnings transcripts grew by 33%, with particularly stark growth since Q2 2020. Rinaldo Pereira, a business fundamentals analyst at GlobalData, said cybersecurity is one of many tech-related terms increasingly finding their way into earnings reports. Works like “cloud” and “big data” have also been used more often since 2020, Pereira explained. “The lasting shift in digital operations of both business and consumers, coupled with the rising incidences of data breaches, are driving mentions of ‘data security,’ ‘cloud security’ and ‘network security’ in 2021 earnings transcripts,” Pereira said. “The World Bank’s August 2021 announcement of a Global Cybersecurity Fund is likely to drive more discussions around safer digital transitions, M&A and investment, with the rising complexity of cyberattacks.”Cybersecurity-related risk mentions grew at a similar pace in 2020, increasing by about 30% compared to 2019. 
GlobalData
Pereira added that words like “malware,” “ransomware”, and “breach” also featured heavily in cybersecurity discussions in 2021 earnings transcripts. The terms were mostly used as organizations look to invest more in cybersecurity to head off future attacks. 

Pereira told ZDNet that cybersecurity and terms related to it began to be featured in earnings transcripts in 2019 when several major hacks and breaches — including attacks on Facebook, Capital One and First American — drew headlines.”The rise in cybersecurity discussions in 2021 can be attributed to the rising risk of ransomware and malware attacks due to the prolonged work from home trends and rising digital customer channels,” Pereira said. “Companies also seem to be more driven towards procuring cybersecurity services as they continue to be worried of risks posed due to large-scale cyberattacks. It is expected that companies are likely to discuss more cybersecurity investment, M&A in filings with the rising complexity of cyberattacks and breaches and is proving to be a tailwind for the cybersecurity industry.” Pereira explained that cyber events are increasingly having an impact on financial statements in recent years, and discussions around cyber insurance may also rise in the coming months.  More

Check Point Research has announced the discovery of a vulnerability in  the popular messaging platform WhatsApp that allowed attackers to read sensitive information from WhatsApp’s memory.WhatsApp acknowledged the issue and released a security fix for it in February. The messaging platform — considered the most popular globally with about two billion monthly active users — had an “Out-Of-Bounds read-write vulnerability” related to the platform’s image filter functionality, according to Check Point Research. The researchers noted that exploitation of the vulnerability would have “required complex steps and extensive user interaction.” WhatsApp said there is no evidence that the vulnerability was ever abused.  The vulnerability was triggered “when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”Check Point researchers discovered the vulnerability and disclosed it to WhatsApp on November 10, 2020. By February, WhatsApp issued a fix in version 2.21.1.13. that added two new checks on source images and filter images. 

“Approximately 55 billion messages are sent daily over WhatsApp, with 4.5 billion photos and 1 billion videos shared per day. We focused our research on the way WhatsApp processes and sends images. We started with a few image types such as bmp, ico, gif, jpeg, and png, and used our AFL fuzzing lab at Check Point to generate malformed files,” the report explained. 

“The AFL fuzzer takes a set of input files and applies various modifications to them in a process called a mutation. This generates a large set of modified files, which are then used as input in a target program. When the tested program crashes or hangs due to these crafted files, this might suggest the discovery of a new bug, possibly a security vulnerability.” From there, the researchers began to “fuzz” WhatsApp libraries and quickly realized that some images could not be sent, forcing the team to find other ways to use the images. They settled on image filters because they require a significant number of computations and were a “promising candidate to cause a crash.”Image filtering involves “reading the image contents, manipulating the pixel values and writing data to a new destination image,” according to the Check Point researchers, who discovered that “switching between various filters on crafted GIF files indeed caused WhatsApp to crash.””After some reverse engineering to review the crashes we got from the fuzzer, we found an interesting crash that we identified as memory corruption. Before we continued our investigation we reported the issue to WhatsApp, which gave us a name for this vulnerability: CVE-2020-1910 Heap-Based out-of-bounds read and write. What’s important about this issue is that given a very unique and complicated set of circumstances, it could have potentially led to the exposure of sensitive information from the WhatsApp application,” the researchers said. “Now that we know we have Heap Based out of bounds read and write according to WhatsApp, we started to dig deeper. We reverse-engineered the libwhatsapp.so library and used a debugger to analyze the root cause of the crash. We found that the vulnerability resides in a native function applyFilterIntoBuffer() in libwhatsapp.so library.”The crash is caused by the fact that WhatsApp assumes both the destination and source images have the same dimensions, and a “maliciously crafted source image” of a certain size can lead to an out-of-bounds memory access, causing a crash. The fix for the vulnerability now validates that the image format equals 1, meaning both the source and filter images have to be in RGBA format. The new fix also validates the image size by checking the dimensions of the image. In a statement, WhatsApp said they appreciated Check Point’s work but noted that no one should worry about the platform’s end-to-end encryption. “This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users,” WhatsApp explained. “As with any tech product, we recommend that users keep their apps and operating systems up to date, to download updates whenever they’re available, to report suspicious messages, and to reach out to us if they experience issues using WhatsApp.” Facebook, which owns WhatsApp, announced in September 2020 that it would launch a website dedicated to listing all the vulnerabilities that have been identified and patched for the instant messaging service.WhatsApp previously released a fix for a vulnerability related to a bug in the Voice over IP (VoIP) calling feature of the app on both iOS and Android. Burak Agca, an engineer at cloud security company Lookout, told ZDNet that concern about WhatsApp comes from the well publicized capabilities of spyware created by NSO Group and originally discovered by Lookout and The Citizen Lab.”We have seen multiple variants of the same attack. We have observed that such attacks typically execute an exploit chain taking advantage of multiple vulnerabilities across the app and the operating system in tandem. For example, the first such discovered chain exploited a vulnerability (since patched) in the Safari browser to break out of the application sandbox, following which multiple operating system vulnerabilities (also, since patched) were exploited to elevate privileges and install spyware without the user’s knowledge,” Agca said. “The WhatsApp exploit seems to exhibit a similar behavior, and the end-to-end details of these types of exploits come under scrutiny by the security community. For individuals and enterprises, it is clear relying on WhatsApp saying its messaging is encrypted end to end is simply not enough to keep sensitive data safe.” More

Image: Getty Images
Australian banking customers may soon be able to attach a PDF or a hyperlink to a payment, with the Reserve Bank of Australia (RBA) signalling work is underway for such a feature.”The Australian banking industry is in the process of developing a service to enable large payers, such as corporate or government entities, to send an electronic payment that includes a secure hyperlink to a PDF document,” it said.”The provision of this functionality is part of a growing trend globally to improve efficiency and lower the costs of payment services by improving the amount and quality of data that are able to be transferred together with a payment.”The remarks were made in a submission [PDF] the RBA presented to a Senate committee probing the adequacy and efficacy of Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regime.It raised the payment feature while discussing the potential to whitelist some trusted payer entities. “Some of these initiatives, such as the adoption of the ISO 20022 standard for payment message formats, provide for structured remittance data that make it easier and faster for systems to screen for financial crimes compliance,” the RBA said.Explaining how the feature works, the RBA said organisational payers that sign up to the “payment with document” service could optionally include a link to a document when sending a payment. A payee recipient would view the payment in their online banking channel and be able to click on that link, which RBA argued would provide secure, authenticated access to the PDF document associated with that particular payment.

It said the documents would be held by accredited document host providers.”For example, if an Australian government agency utilised this service, myGov could store the documents and an authenticated link would provide direct access to the document on myGov,” the RBA said. According to the RBA, the payment with document service would provide benefits to both payers and payees.”It would be of particular value to a payer that sends a high volume of correspondence to recipients detailing information about their payments. There is often a lag between payment receipt and receipt of the related correspondence — this generates a high number of calls to customer call centres, which is expensive and inefficient to manage,” the RBA said.”A ‘payment with document’ service would also be valuable to payees, who could quickly and easily access correspondence directly from their banking app or online banking service to understand what the payment was for.”The Reserve Bank said providing detailed information with the financial transaction through electronic banking channels makes this information available for consideration by financial institutions in meeting their AML/CTF regulatory obligations. But, they will need to be able to screen any documents linked to a payment in order to meet these obligations, and the RBA said this solution does not appeal to all players.A possible solution, it said, would be to maintain a whitelist of trusted payer entities that provides relief to financial institutions from the requirement to screen documents linked to payments from those trusted entities. “Our understanding is financial institutions would welcome such a whitelist, as the cost and effort involved in screening all linked payment documents would be challenging,” the RBA wrote.This would mean correspondence sent with a payment by trusted entities, such as an Australian government agency, would remain private to the payment recipient, and banks would be permitted to access the document only in order to provide technical support services to the account-holder and only with the accountholder’s consent.A formal governance framework would need to be developed for this to occur, and the RBA proposed Austrac could be the authority over the scheme.The Legal and Constitutional Affairs References Committee kicked off the inquiry in June, which, among other things, seeks to determine the effectiveness of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to prevent money laundering outside the banking sector, the attractiveness of Australia as a destination for proceeds of foreign crime and corruption, and Austrac’s role in policing such activity.RELATED COVERAGE More