Client-side encryption coming for versions of enterprise Gmail, business email scams are stealing food, and more.
Welcome to Cyber Security Today. It’s Monday, December 19th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Google will soon add optional client-side encryption for organizations to improve email security and privacy. However, it will be available only for organizations and school boards subscribing to three enterprise versions of Gmail. These are Workspace Enterprise Plus, Education Plus and Education Standard. Google said IT administrators can sign up to be included in the beta test until January 20th. It didn’t say when full service will start. Client-side encryption improves security and privacy. But it also means IT administrators will have to manage encryption keys.
Attention Linux and Windows administrators using the Samba networking protocol: Security updates have been issued to close four vulnerabilities. These are in Samba Active Directory, the Netlogon Secure Channel, and two Windows Kerberos-related problems. These patches, released last week, should be installed as soon as possible.
Business email compromise scams are usually aimed at stealing money. This con tricks a finance department into changing the bank account where payments regularly are electronically deposited to instead go to an account controlled by a crook. However, U.S. government authorities are warning the same scam is now also being used to steal food. Criminals are spoofing emails to impersonate employees of real companies and ordering shipments of food, which go to an address where crooks are waiting. The distributor or manufacturer is never paid. The crooks, meanwhile, probably repackage and sell the goods. In several cases the product the crooks wanted was powdered milk. While the warning is to the food industry, you should note that this email scam can be used against a manufacturer of any product. The FBI advises firms to independently verify the contact information of new vendors or customers, watch for tip-offs in email like poor grammar and spelling. And most important, ensure employees verify requested changes to existing invoices, bank deposit information and contact information.
Just over a year ago I told you that Google had disrupted the command and control infrastructure behind a botnet called Glupteba. It distributes malware through millions of compromised computers. Well, it took about six months for those behind the botnet in Russia to rebuild and get back to business. That’s according to researchers at Nozomi Networks. What makes Glupteba unique is it uses the Bitcoin blockchain to hide its command and control domains. You may not realize it, but the Bitcoin blockchain has places not only to store digital currency but also to keep up to 80 bytes of any data. A domain address easily fits in there. So taking complete control of the botnet is impossible unless authorities have the private keys of the Bitcoin addresses. By the way, the Cerber ransomware uses the same tactic. The report does say defenders can take some action, including blocking access to blockchain-related domains.
Finally, some gaming enthusiasts using the Corsair K100 keyboard have been unnerved by spooky behaviour. Sometimes their computer suddenly enters text created days or weeks before. Corsair told the Ars Technica news site that no one has hacked the keyboard or installed a keylogger on victims’ computers. It suspects the problem is the keyboard’s ability to record macros is inadvertently switching off and on. One solution: Reset the keyboard by unplugging it, then hold the Escape key down for five seconds when plugging it back in.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.