Information Technology

Image: Mastercard
Mastercard announced the quiet expansion of the trial for its digital identification service, following the successful completion of phase one with partners Deakin University and Australia Post.
Announced in December, the three parties kicked off two trials: The first for an identity verification process of student registration and digital exams at Deakin’s Burwood and Geelong campuses in Victoria, and the second integrating Mastercard’s digital ID solution with the one the postal service is working on.
See also: Australia Post a ‘trusted’ service provider for government identification
The pilot saw students create a digital identity in Australia Post’s Digital ID app and use it to gain access to Deakin University’s exam portal. Mastercard said the ID successfully orchestrated the sharing of verified identity data between the two parties, sending only the specific personal information required to permit entry using its network.
The three organisations expanded the trial to verify students taking exams online.
“The platform represents an opportunity to create new ways for people to confirm their identity without having to handover any physical documents when completing an application, accessing benefits, booking accommodations and more,” Mastercard said in a statement.
The second phase of the trial built on work to integrate the Mastercard and Australia Post services, connecting with other third-party platforms to “extend the value and use of the service” to more providers and partner organisations in Mastercard’s ID network.

“Digital identity must be built on a framework of trust, partnership and consumer choice,” Mastercard Australasia Division President Richard Wormald said. “Demonstrating this level of interoperability points to the huge potential for more partners across more sectors — such as telecoms, retail, banking, and government — to provide greater value and impact.
“Integrating with ID’s highly secure network enables these services to extend the reach of their existing offering, while enabling consumers to stay in complete control over where their identity data is stored and how it is used.”
Last week, Mastercard, alongside Optus, announced customers could use the former’s service to prove their identity online and in-store.
Optus will progressively offer the service to its customers via the My Optus app. Optus said its introduction would enable customers to create a secure, reusable, and verified digital identity that could be used when purchasing a new device, making account changes, and buying additional services, among other things.
During Senate Estimates earlier this month, Australia’s Digital Transformation Agency (DTA) revealed it was moving forward with the plan to allow the private sector and state government entities to develop their own digital ID platforms.
“It is important to note, today we’re using myGovID, but into the future, you’ll be able to use a choice of identity provider, there’ll be additional providers … it could be a bank, it could be a state and territory identity provider. So individuals and businesses dealing with the Australian government and national services will be able to make a choice,” DTA CDO Peter Alexander said at the time.
He also said legislation was on its way to allow the expansion of digital ID into the private sector.
MORE FROM MASTERCARD
Mastercard, Idemia, and MatchMove to pilot contactless card with biometric reader in Asia
It would eliminate the need for customers to use a PIN number or signature to authorise payments.
Mastercard keeping humans in the loop of AI fraud and risk-related decisions
The company’s APAC head of services has said humans will continue to play an integral role in keeping fraud and risk at a minimum.
Mastercard CEO explains why Facebook’s Libra project was abandoned
The lofty goals of the cryptocurrency scheme were not enough to convince financial giants of its potential.
Mastercard ups contactless payment limit to AU$200
Further reducing the need to touch a terminal in an effort to help battle the spread of COVID-19. More

Image: Microsoft
A French security researcher has accidentally discovered a zero-day vulnerability that impacts the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.
The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
HKLMSYSTEMCurrentControlSetServicesRpcEptMapper
HKLMSYSTEMCurrentControlSetServicesDnscache
French security researcher Clément Labro, who discovered the zero-day, says that an attacker that has a foothold on vulnerable systems can modify these registry keys to activate a sub-key usually employed by the Windows Performance Monitoring mechanism.
“Performance” subkeys are usually employed to monitor an app’s performance, and, because of their role, they also allow developers to load their own DLL files to track performance using custom tools.
While on recent versions of Windows, these DLLs are usually restricted and loaded with limited privileges, Labro said that on Windows 7 and Windows Server 2008, it was still possible to load custom DLLs that ran with SYSTEM-level privileges.
Issue discovered and disclosed accidentally
But while most security researchers report severe security issues like these to Microsoft in private, when they find them, in Labro’s case, this was too late.
Labro said he discovered the zero-day after he released an update to PrivescCheck, a tool to check common Windows security misconfigurations that can be abused by malware for privilege escalation.

The update, released last month, added support for a new set of checks for privilege escalation techniques.
Labro said he didn’t know the new checks were highlighting a new and unpatched privilege escalation method until he began investigating a series of alerts appearing on older systems like Windows 7, days after the release.
By that time, it was already too late for the researcher to report the issue to Microsoft in private, and the researcher chose to blog about the new method on his personal site instead.
ZDNet has reached out to Microsoft for comment today, but the OS maker has not provided an official statement before this article’s publication.
Both Windows 7 and Windows Server 2008 R2 have officially reached end of life (EOL) and Microsoft has stopped providing free security updates. Some security updates are available for Windows 7 users through the company’s ESU (Extended Support Updates) paid support program, but a patch for this issue has not been released yet.
It is unclear if Microsoft will patch Labro’s new zero-day; however, ACROS Security has already put together a micro-patch, which the company released earlier today. The micro-patch is installed via the company’s 0patch security software and prevents malicious actors from exploiting the bug through ACROS’ unofficial patch. More

China has rebuked India’s move to block another 43 mobile apps developed by Chinese tech vendors as “glaring violation” of international rules. It also decries the UK government’s new security law, threatening hefty fines for telcos that use Huawei Technologies’ 5G equipment, for breaching free trade rules and eroding “mutual trust” between both countries. 
The Chinese Embassy in India said it “firmly oppose” the Indian government’s repeated attempts at using national security as “an excuse” to prohibit Chinese mobile apps. It said in a statement Wednesday that it had always required Chinese companies operating overseas to adhere to and ensure compliance with international laws and regulations. They also should conform to public order and “good morals”, it said. 

Blocking China can lead to fragmented 5G market
With China-US trade relations still tense, efforts to cut out Chinese vendors such as Huawei from 5G implementations may create separate ecosystems and consumers could lose out on benefits from the wide adoption of global standards, as demonstrated with 4G.
Read More

The embassy’s rebuke came after India earlier this week expanded its ban to include another 43 Chinese apps, including AliExpress, DingTalk, MangoTV, and Taobao Live. This had followed a previous ban of 59 mobile apps that had included TikTok, WeiBo, and WeChat. 
India’s Ministry of Electronics and Information Technology said: “This action was taken based on the inputs regarding these apps for engaging in activities that are prejudicial to sovereignty and integrity of India, defence of India, security of state, and public order.”
The country had begun blocking its citizens from using Chinese mobile apps in June, following a border clash between Indian and Chinese soldiers that resulted in the death of 20 Indian soldiers and scores others injured. 
The Chinese Embassy, though, called for its India counterparts to provide a “fair, impartial, and non-discriminatory” business environment for all market players, including China. It added that India’s “discriminatory practices” were in violation of World Trade Organisation (WTO) rules. 
“China and India should bring bilateral economic and trade relations back to the right path for mutual benefit and win-win results on the basis of dialogue and negotiation,” the embassy said. 

During a daily press conference, China’s Foreign Ministry Spokesperson Zhao Lijian expressed “serious concerns” over India’s four separate moves since June to impose restrictions on Chinese mobile apps under “the pretext” of national security. 
Zhao said: “These moves, in glaring violation of market principles and WTO rules, severely harm the legitimate rights and interests of Chinese companies. China firmly rejects them.”
He added that that India was responsible for observing market principles and safeguarding the legal rights and interests of its international investors, including Chinese businesses. 
He urged the Indian government to retract its ban or risk further damage to bilateral cooperation between the two nations, in which economic and trade cooperation should be “mutually beneficial”.
UK ban “in collaboration” with US
Zhao also lashed out at the UK’s new security law, which threatened local telcos with hefty fines if they proceeded to use Huawei’s 5G equipment despite an existing ban on the deployment of such systems. 
The security bill provides the UK government with “unprecedented” powers to force telecoms giants to comply with the ban, including the ability to impose controls on their use of equipment supplied by companies that are deemed unsafe.  
Companies that fail to meet the new requirements face fines of up to 10% of their annual turnover or, in the case of a continuing contravention, at £100,000 ($133,600) per day.
In response to the new security rule, Zhao said: “Without any concrete evidence, the UK, in collaboration with the US, has been discriminating and suppressing Chinese companies citing nonexistent ‘security risks’. It blatantly violates the principles of market economy and free trade rules, severely undermines the interests of Chinese companies, and continually erodes mutual trust with China, which is the basis for bilateral cooperation. 
“In light of this, significant concerns have been raised over the openness and fairness of the British market as well as the security of foreign investment in the UK,” he said. 
Apart from the US and UK, Australia and New Zealand are amongst nations that have imposed bans on the use of 5G equipment from Chinese tech vendors, specifically, Huawei. Telcos in other markets such as Belgium, Canada, and Singapore, have opted to deploy their 5G networks on Huawei’s competitors, Ericsson and Nokia. 
RELATED COVERAGE More

Image: Interpol
Three Nigerians suspected of being part of a cybercrime group that has made tens of thousands of victims around the world have been arrested today in Lagos, Nigeria’s capital, Interpol reported.
In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT.
Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware.
To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages.

Sample email sent by the TMT group
Image: Group-IB

One of the email automation tools used by the group to spam victims.
Image: Group-IB
The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients.
Group-IB said the group relied “exclusively on a variety of publicly available” malware strains such as AgentTesla, Loky, AzoRult, Pony, NetWire, and others, all available for download for free or for sale at cheap prices on underground forums.
Once the hackers had access to credentials, the TMT group would engage in Business Email Compromise (BEC), a type of online fraud where they’d attempt to trick companies into making payments into the wrong accounts — controlled by the group’s members.
More than 50,000 victims

The TMT group sent email spam campaigns in multiple languages and managed to infect companies in the US, the UK, Singapore, Japan, Nigeria, and others.
While an investigation is still ongoing, Interpol and Group-IB said they were able to track more than 50,000 organizations that have been infected with the group’s malware.
All in all, more than 500,000 government and private sector companies in more than 150 countries received emails from the group, according to Interpol.
Group-IB said the group was organized in multiple smaller sub-groups that worked together and that many of the TMT’s members are still at large.
A Group-IB spokesperson said this group is not the same TMT group referenced in an AdvIntel 2019 report (as being one of the main distributors of the REvil ransomware). More

A new form of ransomware is becoming increasingly prolific as cyber criminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims.
Egregor ransomware first emerged in September but has already become notorious following several high profile incidents, including attacks against bookseller Barnes & Noble, as well as video game companies Ubisoft and Crytek.
According to cybersecurity researchers at Digital Shadows, Egregor ransomware has already claimed at least 71 victims across 19 different industries around the world – and it’s likely the group behind it is only just getting started after meticulously planning their activities.
“The level of sophistication of their attacks, adaptability to infect such a broad range of victims, and significant increase in their activity suggests that Egregor ransomware operators have been developing their malware for some time and are just now putting it to (malicious) use,” said Lauren Palace, analyst at Digital Shadows.
Like all ransomware gangs, the main motive behind Egregor is money and in order to stand the best chance of extorting payment, the gang use what has become a common common tactic following ransomware attacks – threatening to release private information stolen from the severs of victims if they don’t pay. In some cases, attackers will release a snippet of information with the ransom note, as proof they mean business.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 
While Egregor has impacted organisations in a variety of sectors around the world, there for seem to be some element of targeting in the attacks – over a third of the campaigns have targeted the industrial goods and services sector and the vast majority of victims across all sectors are in the US.

One of the reasons Egregor has suddenly surged in numbers appears to be because it’s filling a gap left open by the apparent retirement of the Maze ransomware gang.
“Given their sophisticated technical capabilities to hinder analysis of malware and target a large variety of organizations across the ransomware landscape, we can only conclude that the Egregor ransomware group will likely continue in the future, posing more and more of a risk to your organization,” said Place.
Egregor ransomware is still new, so it isn’t yet fully clear how its operators compromise victim networks. Researchers note that the code is heavily obfuscated in a way that seems to be specifically designed to avoid information security teams from being able to analyse the malware.
However, the Digital Shadows analysis does suggest that email phishing could be one of the initial methods of compromise for attacks.
Organisations could go a long way towards protecting themselves against Egregor ransomware and other malware attacks by employing information security protocols like multi-factor authentication, so if a username and password is compromised by attackers, there’s an extra barrier that prevents them from exploiting it.
It’s also highly recommended that organisations apply the latest security patches and updates when they arrive because that prevents cyber criminals being able to exploit known vulnerabilities in order to gain access to networks.
And for an extra layer of protection against ransomware attacks, organisations should regularly made backups of their network and store them offline, so if the worst happens and the network is encrypted, it can be relatively simply restored without giving into the extortion demands of hackers.
READ MORE ON CYBERSECURITY More

Rust, the programming language hatched at Mozilla, has found a major fan in Amazon Web Services (AWS). 
AWS has announced its intention to hire more Rust developers in coming months as part of its plan to support the open-source community behind the young language, which has become popular for systems programming. 

Open-source Rust only reached version 1.0 five years ago. It was created with a prime goal of eradicating memory-related security bugs in Firefox’s Gecko rendering engine. Many of these security issues were because the engine was written in C++, which Mozilla described as having “an unsafe memory model”. 
Microsoft is also a big fan of Rust has been exploring its use in search of a way of reducing memory-related vulnerabilities in Windows components written in C and C++. But while Rust is well liked, not many developers are familiar with it, Stack Overflow found in its 2020 survey of 65,000 developers.  
AWS, last year became a sponsor of Rust, and has written several products in Rust. One of the latest is Bottlerocket, a Linux-based container operating system. 
Beyond providing sponsorship, the cloud company AWS is using its hiring power to support the language.  
It recently started hiring contributors to Rust and Tokio, a runtime for writing applications in Rust for all kinds of devices. AWS says it is building a Rust and Tokio team to support its long-term plans. 

“Given our dependence on Rust, we need deep in-house Rust expertise, just as we have with Java and other foundational technologies,” said Matt Asay, an open-source exec at AWS. 
Shane Miller, a senior software engineering manager at AWS, is tasked with hiring Rust engineers. She explains the importance of Rust to AWS.  
“Rust is a critical component of our long-term strategy, and we’re investing to deliver Rust engineering at Amazon scale. That includes developer tools, infrastructure components, interoperability, and verification,” Miller says.
There are about 120 Rust-related vacancies spanning software development, hardware development, support engineering, and systems and security engineer.  
Amazon Lab126, the R&D unit behind the Amazon Echo and Kindle devices, has several vacancies for engineers who know Rust along with C, C++ and Java. AWS is also looking for engineers for Lambda, its serverless compute service, as well as its Ring home security service, and more. 
The hiring effort is both good for AWS and for the Rust community because it will encourage more people to learn the language and then contribute, notes Marc Brooker, a senior principal engineer at AWS. 
“Hiring engineers to work directly on Rust allows us to improve it in ways that matter to us and to our customers, and help grow the overall Rust community,” said Brooker.  
More on Rust and programming languages More

State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries.
The UK’s National Cyber Security Centre (NCSC) has issued an alert warning that a number of groups are currently using a vulnerability in MDM software from MobileIron.

Networking

MDM systems allow system administrators to manage an organisation’s mobile devices from a central server, making them a valuable target for criminals or spies to break into.
SEE: Network security policy (TechRepublic Premium)
In June 2020, MobileIron released security updates to address several vulnerabilities in its products. This included CVE-2020-15505, a remote code execution vulnerability. This critical-rated vulnerability affects MobileIron Core and Connector products, and could allow a remote attacker to execute arbitrary code on a system.
The NCSC is aware that nation-state groups and cyber criminals “are now actively attempting to exploit this vulnerability to compromise the networks of UK organisations”.
While the UK report doesn’t provide any information as to the identity of these groups, this vulnerability has already become popular with Chinese state-backed hackers.

While MobileIron made security updates available for all impacted versions on 15 June 2020, not every organisation has yet updated their software.
“In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected,” NCSC said.
A proof-of-concept version of the exploit became available in September 2020, and since then both hostile state actors and cyber criminals have attempted to exploit this vulnerability in the UK and elsewhere.
These attackers typically scan victims’ networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting, NCSC said. It noted that sophisticated hackers are using this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion attempt.
SEE: Keeping data flowing could soon cost billions, business warned
NCSC notes that it’s also important for organisations using affected versions to ensure they are following other best-practice cybersecurity advice, such as scanning their own networks and undertaking continual audits. This will help identify suspicious activity in the event that this vulnerability has already been exploited.
“In the case of this MobileIron vulnerability, the most important aspect is to install the latest updates as soon as practicable,” NCSC said. More

YouTube has temporarily suspended OANN for promoting a fake COVID-19 cure on its channel. 

A spokesperson for the video platform told Axios on Tuesday that One America News Network (OANN), a conservative news outlet, will not be able to post any new content on its YouTube channel for a week — and is also no longer able to monetize video content.
The one-week ban is considered a ‘strike’ under YouTube’s COVID-19 misinformation policy. 
See also: GitHub reinstates youtube-dl library after EFF intervention
The policy was implemented by Google in an attempt to stem a wave of fake news across social media and video services at the time of the first coronavirus outbreak, including fake COVID-19 cures and treatments, conspiracy theories concerning the origin of the virus, and stories claiming COVID-19 is a bioweapon. 
YouTube removes content deemed to “pose a serious risk of egregious harm,” including videos peddling COVID-19 prevention, treatment, diagnoses, and transmission information that contradicts the World Health Organization (WHO) and local healthcare authorities.
The company has provided examples of content that violates these policies, including:
Claims that COVID-19 doesn’t exist or that people do not die from it 
Content that encourages the use of home remedies in place of medical treatment 
Other content that discourages people from consulting a medical professional or seeking medical advice
Content that claims that any group or individual has immunity to the virus or cannot transmit the virus

The first time a YouTube channel goes against YouTube’s stance on COVID-19 content, the company will send an emailed warning. Afterward, YouTube will ‘strike’ a channel up to three times to bring the message home, before deleting a repeat offender’s channel entirely.  
CNET: Debunking the election’s most widespread voter fraud claims
OANN’s video claimed there was a guaranteed cure, and this content has now been taken down by YouTube. 
According to Axios, the outlet has also been suspended from the YouTube Partner Program, which allows content creators to monetize their videos through adverts. In order to rejoin and monetize content in the future, OANN will have to reapply.
“After careful review, we removed a video from OANN and issued a strike on the channel for violating our COVID-19 misinformation policy, which prohibits content claiming there’s a guaranteed cure,” YouTube spokesperson Ivy Choi said. 
The suspension comes at the same time US Senator Bob Menendez, together with Democrat colleagues, wrote and published a letter to YouTube, urging the company to take a stronger stance against election misinformation. 
TechRepublic: Baidu Android apps caught leaking sensitive data from devices
The letter, sent to YouTube CEO Susan Wojcicki, asks for “aggressive steps” to be taken to prevent election outcome misinformation from spreading across the platform — ahead of upcoming Georgia run-off elections — and says that “YouTube and its industry peers must take responsibility and immediately stop the spread of misinformation and manipulated media on their platforms.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More