Information Technology

The US tech giant shared personal information of 3.3 million users without their consent, the South Korean government said. More

Request to reconsider designation is dismissed by Federal Communications Commission. More

The bug could have been exploited by playing around in a browser’s developer console and editing a cookie field. More

Image: Mastercard
Mastercard announced the quiet expansion of the trial for its digital identification service, following the successful completion of phase one with partners Deakin University and Australia Post.
Announced in December, the three parties kicked off two trials: The first for an identity verification process of student registration and digital exams at Deakin’s Burwood and Geelong campuses in Victoria, and the second integrating Mastercard’s digital ID solution with the one the postal service is working on.
See also: Australia Post a ‘trusted’ service provider for government identification
The pilot saw students create a digital identity in Australia Post’s Digital ID app and use it to gain access to Deakin University’s exam portal. Mastercard said the ID successfully orchestrated the sharing of verified identity data between the two parties, sending only the specific personal information required to permit entry using its network.
The three organisations expanded the trial to verify students taking exams online.
“The platform represents an opportunity to create new ways for people to confirm their identity without having to handover any physical documents when completing an application, accessing benefits, booking accommodations and more,” Mastercard said in a statement.
The second phase of the trial built on work to integrate the Mastercard and Australia Post services, connecting with other third-party platforms to “extend the value and use of the service” to more providers and partner organisations in Mastercard’s ID network.

“Digital identity must be built on a framework of trust, partnership and consumer choice,” Mastercard Australasia Division President Richard Wormald said. “Demonstrating this level of interoperability points to the huge potential for more partners across more sectors — such as telecoms, retail, banking, and government — to provide greater value and impact.
“Integrating with ID’s highly secure network enables these services to extend the reach of their existing offering, while enabling consumers to stay in complete control over where their identity data is stored and how it is used.”
Last week, Mastercard, alongside Optus, announced customers could use the former’s service to prove their identity online and in-store.
Optus will progressively offer the service to its customers via the My Optus app. Optus said its introduction would enable customers to create a secure, reusable, and verified digital identity that could be used when purchasing a new device, making account changes, and buying additional services, among other things.
During Senate Estimates earlier this month, Australia’s Digital Transformation Agency (DTA) revealed it was moving forward with the plan to allow the private sector and state government entities to develop their own digital ID platforms.
“It is important to note, today we’re using myGovID, but into the future, you’ll be able to use a choice of identity provider, there’ll be additional providers … it could be a bank, it could be a state and territory identity provider. So individuals and businesses dealing with the Australian government and national services will be able to make a choice,” DTA CDO Peter Alexander said at the time.
He also said legislation was on its way to allow the expansion of digital ID into the private sector.
MORE FROM MASTERCARD
Mastercard, Idemia, and MatchMove to pilot contactless card with biometric reader in Asia
It would eliminate the need for customers to use a PIN number or signature to authorise payments.
Mastercard keeping humans in the loop of AI fraud and risk-related decisions
The company’s APAC head of services has said humans will continue to play an integral role in keeping fraud and risk at a minimum.
Mastercard CEO explains why Facebook’s Libra project was abandoned
The lofty goals of the cryptocurrency scheme were not enough to convince financial giants of its potential.
Mastercard ups contactless payment limit to AU$200
Further reducing the need to touch a terminal in an effort to help battle the spread of COVID-19. More

Image: Microsoft
A French security researcher has accidentally discovered a zero-day vulnerability that impacts the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.
The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
HKLMSYSTEMCurrentControlSetServicesRpcEptMapper
HKLMSYSTEMCurrentControlSetServicesDnscache
French security researcher Clément Labro, who discovered the zero-day, says that an attacker that has a foothold on vulnerable systems can modify these registry keys to activate a sub-key usually employed by the Windows Performance Monitoring mechanism.
“Performance” subkeys are usually employed to monitor an app’s performance, and, because of their role, they also allow developers to load their own DLL files to track performance using custom tools.
While on recent versions of Windows, these DLLs are usually restricted and loaded with limited privileges, Labro said that on Windows 7 and Windows Server 2008, it was still possible to load custom DLLs that ran with SYSTEM-level privileges.
Issue discovered and disclosed accidentally
But while most security researchers report severe security issues like these to Microsoft in private, when they find them, in Labro’s case, this was too late.
Labro said he discovered the zero-day after he released an update to PrivescCheck, a tool to check common Windows security misconfigurations that can be abused by malware for privilege escalation.

The update, released last month, added support for a new set of checks for privilege escalation techniques.
Labro said he didn’t know the new checks were highlighting a new and unpatched privilege escalation method until he began investigating a series of alerts appearing on older systems like Windows 7, days after the release.
By that time, it was already too late for the researcher to report the issue to Microsoft in private, and the researcher chose to blog about the new method on his personal site instead.
ZDNet has reached out to Microsoft for comment today, but the OS maker has not provided an official statement before this article’s publication.
Both Windows 7 and Windows Server 2008 R2 have officially reached end of life (EOL) and Microsoft has stopped providing free security updates. Some security updates are available for Windows 7 users through the company’s ESU (Extended Support Updates) paid support program, but a patch for this issue has not been released yet.
It is unclear if Microsoft will patch Labro’s new zero-day; however, ACROS Security has already put together a micro-patch, which the company released earlier today. The micro-patch is installed via the company’s 0patch security software and prevents malicious actors from exploiting the bug through ACROS’ unofficial patch. More

China has rebuked India’s move to block another 43 mobile apps developed by Chinese tech vendors as “glaring violation” of international rules. It also decries the UK government’s new security law, threatening hefty fines for telcos that use Huawei Technologies’ 5G equipment, for breaching free trade rules and eroding “mutual trust” between both countries. 
The Chinese Embassy in India said it “firmly oppose” the Indian government’s repeated attempts at using national security as “an excuse” to prohibit Chinese mobile apps. It said in a statement Wednesday that it had always required Chinese companies operating overseas to adhere to and ensure compliance with international laws and regulations. They also should conform to public order and “good morals”, it said. 

Blocking China can lead to fragmented 5G market
With China-US trade relations still tense, efforts to cut out Chinese vendors such as Huawei from 5G implementations may create separate ecosystems and consumers could lose out on benefits from the wide adoption of global standards, as demonstrated with 4G.
Read More

The embassy’s rebuke came after India earlier this week expanded its ban to include another 43 Chinese apps, including AliExpress, DingTalk, MangoTV, and Taobao Live. This had followed a previous ban of 59 mobile apps that had included TikTok, WeiBo, and WeChat. 
India’s Ministry of Electronics and Information Technology said: “This action was taken based on the inputs regarding these apps for engaging in activities that are prejudicial to sovereignty and integrity of India, defence of India, security of state, and public order.”
The country had begun blocking its citizens from using Chinese mobile apps in June, following a border clash between Indian and Chinese soldiers that resulted in the death of 20 Indian soldiers and scores others injured. 
The Chinese Embassy, though, called for its India counterparts to provide a “fair, impartial, and non-discriminatory” business environment for all market players, including China. It added that India’s “discriminatory practices” were in violation of World Trade Organisation (WTO) rules. 
“China and India should bring bilateral economic and trade relations back to the right path for mutual benefit and win-win results on the basis of dialogue and negotiation,” the embassy said. 

During a daily press conference, China’s Foreign Ministry Spokesperson Zhao Lijian expressed “serious concerns” over India’s four separate moves since June to impose restrictions on Chinese mobile apps under “the pretext” of national security. 
Zhao said: “These moves, in glaring violation of market principles and WTO rules, severely harm the legitimate rights and interests of Chinese companies. China firmly rejects them.”
He added that that India was responsible for observing market principles and safeguarding the legal rights and interests of its international investors, including Chinese businesses. 
He urged the Indian government to retract its ban or risk further damage to bilateral cooperation between the two nations, in which economic and trade cooperation should be “mutually beneficial”.
UK ban “in collaboration” with US
Zhao also lashed out at the UK’s new security law, which threatened local telcos with hefty fines if they proceeded to use Huawei’s 5G equipment despite an existing ban on the deployment of such systems. 
The security bill provides the UK government with “unprecedented” powers to force telecoms giants to comply with the ban, including the ability to impose controls on their use of equipment supplied by companies that are deemed unsafe.  
Companies that fail to meet the new requirements face fines of up to 10% of their annual turnover or, in the case of a continuing contravention, at £100,000 ($133,600) per day.
In response to the new security rule, Zhao said: “Without any concrete evidence, the UK, in collaboration with the US, has been discriminating and suppressing Chinese companies citing nonexistent ‘security risks’. It blatantly violates the principles of market economy and free trade rules, severely undermines the interests of Chinese companies, and continually erodes mutual trust with China, which is the basis for bilateral cooperation. 
“In light of this, significant concerns have been raised over the openness and fairness of the British market as well as the security of foreign investment in the UK,” he said. 
Apart from the US and UK, Australia and New Zealand are amongst nations that have imposed bans on the use of 5G equipment from Chinese tech vendors, specifically, Huawei. Telcos in other markets such as Belgium, Canada, and Singapore, have opted to deploy their 5G networks on Huawei’s competitors, Ericsson and Nokia. 
RELATED COVERAGE More

Image: Interpol
Three Nigerians suspected of being part of a cybercrime group that has made tens of thousands of victims around the world have been arrested today in Lagos, Nigeria’s capital, Interpol reported.
In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT.
Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware.
To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages.

Sample email sent by the TMT group
Image: Group-IB

One of the email automation tools used by the group to spam victims.
Image: Group-IB
The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients.
Group-IB said the group relied “exclusively on a variety of publicly available” malware strains such as AgentTesla, Loky, AzoRult, Pony, NetWire, and others, all available for download for free or for sale at cheap prices on underground forums.
Once the hackers had access to credentials, the TMT group would engage in Business Email Compromise (BEC), a type of online fraud where they’d attempt to trick companies into making payments into the wrong accounts — controlled by the group’s members.
More than 50,000 victims

The TMT group sent email spam campaigns in multiple languages and managed to infect companies in the US, the UK, Singapore, Japan, Nigeria, and others.
While an investigation is still ongoing, Interpol and Group-IB said they were able to track more than 50,000 organizations that have been infected with the group’s malware.
All in all, more than 500,000 government and private sector companies in more than 150 countries received emails from the group, according to Interpol.
Group-IB said the group was organized in multiple smaller sub-groups that worked together and that many of the TMT’s members are still at large.
A Group-IB spokesperson said this group is not the same TMT group referenced in an AdvIntel 2019 report (as being one of the main distributors of the REvil ransomware). More

A new form of ransomware is becoming increasingly prolific as cyber criminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims.
Egregor ransomware first emerged in September but has already become notorious following several high profile incidents, including attacks against bookseller Barnes & Noble, as well as video game companies Ubisoft and Crytek.
According to cybersecurity researchers at Digital Shadows, Egregor ransomware has already claimed at least 71 victims across 19 different industries around the world – and it’s likely the group behind it is only just getting started after meticulously planning their activities.
“The level of sophistication of their attacks, adaptability to infect such a broad range of victims, and significant increase in their activity suggests that Egregor ransomware operators have been developing their malware for some time and are just now putting it to (malicious) use,” said Lauren Palace, analyst at Digital Shadows.
Like all ransomware gangs, the main motive behind Egregor is money and in order to stand the best chance of extorting payment, the gang use what has become a common common tactic following ransomware attacks – threatening to release private information stolen from the severs of victims if they don’t pay. In some cases, attackers will release a snippet of information with the ransom note, as proof they mean business.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 
While Egregor has impacted organisations in a variety of sectors around the world, there for seem to be some element of targeting in the attacks – over a third of the campaigns have targeted the industrial goods and services sector and the vast majority of victims across all sectors are in the US.

One of the reasons Egregor has suddenly surged in numbers appears to be because it’s filling a gap left open by the apparent retirement of the Maze ransomware gang.
“Given their sophisticated technical capabilities to hinder analysis of malware and target a large variety of organizations across the ransomware landscape, we can only conclude that the Egregor ransomware group will likely continue in the future, posing more and more of a risk to your organization,” said Place.
Egregor ransomware is still new, so it isn’t yet fully clear how its operators compromise victim networks. Researchers note that the code is heavily obfuscated in a way that seems to be specifically designed to avoid information security teams from being able to analyse the malware.
However, the Digital Shadows analysis does suggest that email phishing could be one of the initial methods of compromise for attacks.
Organisations could go a long way towards protecting themselves against Egregor ransomware and other malware attacks by employing information security protocols like multi-factor authentication, so if a username and password is compromised by attackers, there’s an extra barrier that prevents them from exploiting it.
It’s also highly recommended that organisations apply the latest security patches and updates when they arrive because that prevents cyber criminals being able to exploit known vulnerabilities in order to gain access to networks.
And for an extra layer of protection against ransomware attacks, organisations should regularly made backups of their network and store them offline, so if the worst happens and the network is encrypted, it can be relatively simply restored without giving into the extortion demands of hackers.
READ MORE ON CYBERSECURITY More