Information Technology

Image: Heye Jensen
Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems.

Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.
“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” Red Canary’s Tony Lambert wrote in a report published last week.
But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it’s unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.
Furthermore, the purpose of this malware is also unclear, and researchers don’t know what its final goal is.
Once Silver Sparrow infects a system, the malware just waits for new commands from its operators —commands that never arrived during the time researchers analyzed it, hoping to learn more of its inner workings prior to releasing their report.
But this shouldn’t be interpreted as a failed malware strain, Red Canary warns. It may be possible that the malware is capable of detecting researches analyzing its behavior and is simply avoiding delivering its second-stage payloads to these systems.

The large number of infected systems clearly suggests this is a very serious threat and not just some threat actor’s one-off tests.
Silver Sparrow supports M1 chips
In addition, the malware also comes with support for infecting macOS systems running on Apple’s latest M1 chip architecture, once again confirming this is a novel and well-maintained threat.
In fact, Silver Sparrow is the second malware strain discovered that can run on M1 architectures after the first was discovered just four days before, showing exactly how cutting-edge this new threat really is.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Lambert warned in his report.
“Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.”
The Red Canary report contains indicators of compromise, such as files and file paths created and used by the malware, which can be used to detect infected systems. More

Melbourne’s RMIT University has said significant progress has been made in restoring its systems, following reports on Friday the university had fallen victim to a phishing attack.
“RMIT has made significant progress in restoring access to many of the IT systems that were affected by an outage last week,” an RMIT spokesperson said on Monday.
“On-campus classes are proceeding as scheduled and we look forward to welcoming students to a range of orientation activities on campus this week.”
RMIT staff will continue to work remotely to “make it easier for restoration activities to continue at pace”, however.
Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia
RMIT took to Twitter on Thursday at 9:45pm AEDT to inform students its IT services team was working to resolve issues that had impacted access to some of the university’s supported applications and systems. 
The university on Friday morning had cancelled in-person classes. RMIT said this would allow it to resolve the issues as quickly as possible and ensure students were still provided with access to the systems they need. 

Following reports the outage was a result of a “significant cyber attack”, RMIT said on Friday at 5pm AEDT there was no evidence to suggest a breach.
“From the analysis undertaken to date, which has been independently validated, there is currently no evidence to suggest any data breaches as a result of these issues,” it said.
“RMIT staff will continue to work remotely, with access to critical systems including Office 365 and Canvas.”
More to come
HERE’S MORE FROM RMIT
RMIT University researchers develop ultra-thin photodetector that can detect shades of light
The technology could potentially be used to help advance the early detection of cancer.
Monash University and RMIT develop AI and AR device to read emotional cues
Designed to augment emotional communication beyond traditional settings.
The human brain inspires RMIT researchers to develop a light-powered AI chip
The chip could potentially be used to power drones, robotics, smart watches, and bionic implants. More

Dell Technologies has established an innovation facility in Singapore that focuses on research and development (R&D) work in key digital transformation technologies, including edge computing, data analytics, and augmented reality. The result of a three-year investment totalling $50 million, it is the company’s first such facility to be built outside the US. 
It also houses a team dedicated to enhancing user experience, according to Dell’s president of Asia-Pacific Japan and global digital cities, Amit Midha. Of the total investment, $23 million alone will be invested this year. 
The facility also accommodates Dell’s existing R&D work in Singapore that is responsible for the company’s global design and development work for product categories that include monitors and client peripherals. In addition, it encompasses a hardware prototyping lab focused exclusively on product design, including the development of artificial intelligence (AI) technologies. 

Speaking to media in the lead up to the hub’s official launch Monday, Midha said more than 160 new roles would be added by year-end to support the innovation hub, including designers and developers, with most of the positions currently already filled. These new hires would push R&D initiatives for the vendor’s customers and partners across the globe. 
Pointing to Dell’s goal of creating technologies that “drive human progress”, he said key investment areas for the Singapore facility would be in line with the company’s focus areas comprising 5G, edge, data management, hybrid cloud, AI and machine learning, and cybersecurity. 
“The world needs technology now more than ever,” he added. “In encouraging the adoption of digital solutions and new technologies, strengthening our product and process innovation system, and engaging the talent pipeline, we believe we are paving the path for a more resilient, progressive, inclusive, and sustainable economy.” 
Dell earlier this month launched a skills accelerator programme in Singapore, offering to equip 3,000 students, fresh graduates, and mid-career professionals over the next two years with skills in cloud computing, data protection, data science, and big data analytics. The scheme encompassed two separate programmes, including a partnership with Singapore Management University that would see more than 1,000 of the school’s undergraduates experience cloud-native technologies and content as part of their curriculum. A five-week training programme also would be offered to 1,000 employees of Dell’s local partners and customers that had enrolled in Singapore’s SGUnited Traineeship or Mid-Career Pathways programme. 

Asked what challenges companies currently faced in their efforts to innovate, Midha said the COVID-19 pandemic had expanded every organisation’s remote workforce. It underscored the need to figure out how innovation could be facilitated while employees worked from home or remotely, he noted. 
This was where collaboration and digital tools came into play, he said. He added that companies also would need to establish the right polices and culture that would drive innovation in the new work environment and enable colleagues build on each other’s ideas.
RELATED COVERAGE More

Most Brazilian companies have not increased their investments in information and cyber security since the Covid-19 pandemic emerged despite an increase in threats, according to a new study on perceptions of cybersecurity risk in Latin America since the start of the crisis.
According to the survey, carried out by consulting firm Marsh on behalf of Microsoft, 84% of organizations failed to boost their security spend since March 2020, even though 30% of those polled saw an increase in malicious attacks as a consequence of the novel coronavirus crisis, with phishing and malware being the most frequent types of occurrences.
Despite the increase in security threats, 56% of the Brazilian companies polled currently invest 10% or less of their IT budget in cybersecurity. According to the study, 52% of Brazilian organizations said investment in security has not changed since the start of the pandemic.

In terms of employee practices around security, only 23% of the Brazilian organizations that took part in the study said their workforce is using company-provided equipment to work. At a regional level, 70% of Latin organizations allowed their employees to use their personal devices following the shift to remote working.
According to the study this significantly increased exposure to some type of cyber incident, but remote access security is a priority for only 12% of respondents and the second item on the list for 7% of respondents.
Only a quarter of the Latin companies surveyed increased their cyber security budgets after the pandemic, while the increase in the data protection budget was 26%. Moreover, only 17% of organizations in Latin America have insurance against cyber threats.
“Many results found in this analysis are really worrying, such as the low rates of companies with insurance against cyber risks and security investment”, said Marta Schuh, cyber risks superintendent at Marsh Brazil.

“Now that companies are more exposed to remote work and the use of personal devices, it is worrying that few companies have increased their cybersecurity budget after the pandemic and some have even reduced this investment, despite the notable increase in cyber attacks”, she added. The study follows the news on massive data leaks in Brazil, which have emerged over recent weeks. More

After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and said it is likely that the incident was initiated in a corporate environment.
Procon notified the credit information multinational following the emergence of a leak that exposed the personal data of more than 220 million citizens and companies, which is being offered for sale in the dark web. Security firm PSafe discovered the incident, which exposed all manner of personal details, including information from Mosaic, a consumer segmentation model used by Serasa, Experian’s Brazilian subsidiary.

Following the emergence of the leak in January, Procon notified the credit bureau, and asked the company for a confirmation of the incident, and an explanation of the reasons that caused the leak, the steps taken to contain it, how it will repair the damage to consumers impacted and the measures taken to prevent it from happening again.
“No hypothesis has been ruled out, and at the moment we consider it is more likely that the leak came from inside companies rather than hackers,” said Procon’s executive director Fernando Capez, adding that Experian’s feedback prompts more questions than answers. The explanations from the company will be analyzed by the board of the consumer rights body, and a fine may be applicable if any wrongdoing becomes evident.
According to Procon, Experian informed that all its activities that involve personal data comply with the Brazilian data protection regulations, and that processing of such data can legally serve several purposes. That part of the answer was insufficient, the consumer rights body said, since “there is no legal basis for the treatment and use of data in an indiscriminate manner” and that includes data of deceased individuals, also exposed in the leak.
In addition, Procon noted that Serasa Experian did not specify the technical and organizational measures adopted to implement its data protection policy. Moreover, the company reinforced what it had said in a statement released last week in its response to the notification, that there is no evidence that credit data has been illegally obtained from its Brazilian subsidiary. The company also argued that there is no evidence that its technology systems had been compromised.
In relation to Serasa Experian’s risk mitigation policy that may occur in such circumstances, Procon said the company only stated that a “comprehensive information security program” is currently in place. Regarding damage repair to consumers, Serasa Experian stated that its website has instructions on what to do in case of fraud. Procon’s stance is that this is a preventive measure rather than a reparative action.

Contacted by ZDNet, Serasa Experian did not answer to requests for comment on Procon’s response to its feedback. The agency’s demands for answers follow calls from the Brazilian Institute for Consumer Protection (IDEC) for urgent measures to investigate and punish those responsible for exposing the population’s data, as well as improved citizen information and transparency. More

One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.” Attempting to buy Zero Trust as a product sets organizations up for failure. 

ZDNet Recommends

Vendors would have you believe that the security solution, platform, or widget they are selling is Zero Trust and that you can just purchase their solution to address your needs. This is false. Vendors enable Zero Trust; they are not Zero Trust itself.  
There Is No Easy Button To Zero Trust 
Starting down the path of Zero Trust is complicated. It’s difficult to figure out where to start, so we’ve established a handy guide on how to practically enable Zero Trust from an implementation standpoint. Don’t buy into vendor hype that you can purchase something and immediately be Zero Trust. That’s not the reality of the situation. 
Organizations need to build a strategy to get to a Zero Trust architecture that encompasses more than technology and buzzwords. One example is the Zero Trust eXtended (ZTX) ecosystem which, at a bare minimum, requires: 

Assessing your existing security program’s Zero Trust maturity (people, skills, technology, capabilities, etc.). This includes understanding how people are doing their jobs and how existing business processes are done today, mapping existing technology capabilities, and understanding gaps. 

Mapping the output of this maturity assessment to the ZTX framework to understand what pillars you are strong in and which ones are lacking, specifically the capabilities in which you need to improve. 

Considering tools and technology to address the areas where you’re lacking and integrating Zero Trust implementation into existing business, IT, and security projects. 

Zero Trust Is A Security Framework, Not An Individual Tool Or Platform 
ZTX is an ecosystem with both technology and non-technology pieces. Protecting the perimeter and other prior security strategies didn’t easily adapt to change because they were designed around monolithic point solutions that didn’t integrate with each other. Zero Trust, however, is designed to be in a state of continuous review and optimization. 
The fluid, integrated nature of Zero Trust is designed to easily adapt to business changes. Organizations need to be cautious about vendor messaging, dive into details about vendor offerings, and call them out when the technology they’re pitching seems too good to be true. 
Ask the vendor you’re considering where the capability they’re describing fits in the ZTX ecosystem. If they can’t describe it, it’s a very clear sign that they don’t understand Zero Trust. Security vendors need to update their messaging to reflect the reality that Zero Trust is a journey that’s different for every organization and stop advertising Zero Trust as a product that can be bought. By selling their solutions as Zero Trust easy buttons, they continue to set their customers up for failure by perpetuating this false paradigm. 
Zero Trust isn’t a race; It’s a continuous journey 

While Zero Trust continues to be marketed as the cool new thing, at the end of the day we need to ground ourselves. Zero Trust is the new normal. COVID-19 has significantly changed the way we work and forced a lot of organizations to accelerate their digital transformation and security strategies. Take a second to see if these security solutions are the real deal by scrutinizing how they fit into the different pillars of the ZTX ecosystem and, most importantly, your organization’s overall Zero Trust strategy. They should be helping to enable organizations reach Zero Trust while improving the employee experience and should not be just another security tool that gets in the way of doing business. 
To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here. 
This post was written by Analyst Steve Turner, and it originally appeared here.  More

A year ago, Forrester set out to document a new model for security and networking that was gaining mindshare in the market. As a result, Forrester recently published its research in a new report that introduces the Zero Trust Edge model for security and network services. There’s a similar name going around in the market, “Secure Access Services Edge” (SASE) to describe the same model. We put the emphasis on the Zero Trust part.  

ZDNet Recommends

Forrester is an advocate for this model for several reasons. But the primary one is this: The internet was designed without security in mind. Should we, as technologists, just expect every organization in the world to simply attach themselves directly to it and hope it all works out for them? For 25 years, we’ve just been putting Band-Aids on top of Band-Aids, hoping to stop the cybersecurity bleeding, but the carnage gets worse every year. The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for organizations’ physical locations and remote workers. 
A ZTE network is a virtual network that spans the internet and is directly accessible from every major city in the world. It uses Zero Trust Network Access (ZTNA) to authenticate and authorize users as they connect to it and through it. If those users are accessing corporate services like an on-prem application or Office 365, they may rarely even “touch” the internet, except to be safely tunneled through it, and they’ll certainly be kept away from the bad parts of town. 
Tactics Vs. Strategy 
Many enterprises are looking at this model to tactically solve a specific problem: securing the remote workforce. These organizations realize that acquiring more VPN licenses during the COVID-19 lockdown was just a stopgap measure to keep people working. Now, they’re looking for a ZTNA solution. 
All ZTE vendors have ZTNA because it’s the primary security service of their stack. Once enterprises start talking with vendors like Zscaler, Akamai, or Netskope, they realize there are more security services they can consume as a service, and now they’re talking themselves into ZTE strategy. 
In the future, after other technologies like SWG, CASB, and DLP are integrated into the stack, organizations will look to put all their network traffic through these ZTE networks. And that’s where the security and network teams will have to work together, because legacy on-prem networks are heterogenous, and the migration of giant datacenters or 12-story hospitals using software-defined WAN (SD-WAN) as a transport into the ZTE networks will be a challenge.  
We’ll solve the tactical problem, remote workforce, first with ZTNA. We’ll move on to the larger security challenges next. And finally, we’ll address the network. In the end, remote users, retail branches, remote offices, factories, and data centers will be connected to ZTE networks that will use Zero Trust approaches and technologies to authenticate, sanitize, and monitor connections through the network and into the internet and public clouds. 

To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here. 
This post was written by Senior Analyst David Holmes, and it originally appeared here.  More

The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.
Added in June 2018, Brave’s Tor mode has allowed throughout the years access to increased privacy to Brave users when navigating the web, allowing them to access the .onion versions of legitimate websites like Facebook, Wikipedia, and major news portals.
But in research posted online this week, an anonymous security researcher claimed they found that Brave’s Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.
While the researcher’s findings were initially disputed, several prominent security researchers have, in the meantime, reproduced his findings, including James Kettle, Director of Research at PortSwigger Web Security, and Will Dormann, a vulnerability analyst for the CERT/CC team.

Furthermore, the issue was also reproduced and confirmed by a third source, who also tipped off ZDNet earlier today.
The risks from this DNS leak are major, as any leaks will create footprints in DNS server logs for the Tor traffic of Brave browser users.
While this may not be an issue in some western countries with healthy democracies, using Brave to browse Tor sites from inside oppressive regimes might be an issue for some of the browser’s other users.

Brave Software, the company behind the Brave browser, has not returned a request for comment sent before this article’s publication earlier today.
Over the past three years, the company has worked to build one of the most privacy-focused web browser products on the market today, second only to the Tor Browser itself.
Based on its history and dedication to user privacy, the issue discovered this week appears to be a bug, one the company will most likely hurry to address in the coming future.
Update: Minutes after this article went live, the Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update. The source of the bug was identified as Brave’s internal ad blocker component, which was using DNS queries to discover sites attempting to bypass its ad-blocking capabilities, but had forgotten to exclude .onion domains from these checks.

tl;dr1. this was already reported on hackerone, was promptly fixed in nightly (so upgrade to nightly if you want the fix now)2. since it’s now public we’re uplifting the fix to a stable hotfixroot cause is regression from cname-based adblocking which used a separate DNS query https://t.co/dLjeu4AXtP
— yan (@bcrypt) February 19, 2021 More