https://th.thgim.com/sci-tech/technology/pkom3a/article31672226.ece/alternates/FREE_730/25THCACHEPHISHING

Today’s cache | Massive phishing campaign using Excel 4.0, UK to review Huawei’s 5G gear, and more

Today's cache is your daily download of the top 5 updates from the world of technology.

by

A large-scale COVID-19 themed phishing campaign is under way, in which attackers are sending malicious Microsoft Excel 4.0 macros to users.

Privacy regulator in Ireland has submitted a draft decision on Twitter and WhatsApp to peers in the EU to weigh in and sign off on probes related to GDPR.

Closer in Europe, Britain’s cyber security agency is conducting a new review of Huawei’s 5G gear, citing recent sanctions on the Chinese company by the US.

Google may be working on an end-to-end encryption for its RCS. And lastly, a hacker group has released ‘jailbreak’ tool for iOS’ version 11 to 13.5.

Twitter, WhatsApp are under scanner of EU privacy watchdog

Ireland’s data protection regulator has submitted a draft decision to other EU member authorities in relation to alleged data breach notification by Twitter.

The draft submitted by Irish Data Protection Commission is part of its investigation on whether Twitter had complied with Articles 33(1) and 33 (5) of GDPR.

The investigation deals with big tech firms that hold user data failing to report data breach within 72 hours after having become aware of the leak.

The draft decision on Twitter has been sent to other peer privacy regulators in the European Union for their sign-off.

Separately, the Irish regulator has completed a probe and drafted its decision on Facebook-owned WhatsApp for non-compliance with Articles 12 to 14 of GDPR. The examination revolves around transparency in relation to information WhatsApp shares with Facebook.

The social network giant has been asked to give its comments on the draft before other EU regulators can give their inputs.

The Irish regulator is seeking its EU peers’ sign off on its drafts as the alleged violations of the companies under probe span the EU.

Since the General Data Protection Regulation took off in May 2018, the Irish regulator’s probes have been building up. But, there hasn’t been a single final decision on the probes to date.

New review into Huawei’s 5G networks in UK

Britain’s cyber security agency is conducting a new review into the impact of using Huawei’s equipment in UK’s 5G networks, the BBC reported.

UK’s National Cyber Security Centre’s (NCSC) review comes after the US brough a fresh ban against Huawei.

“The security and resilience of our networks is of paramount importance,” NCSC spokesman said.

“Following the US announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the UK’s networks.”

UK had resisted US pressure in January to sanction the Chinese company from being part of its 5G technology.

The British government had previously approved a limited role for Huawei in developing the country’s latest mobile networks.

The Chinese telecom company was allowed to supply only 35% of the telecom gear in a network’s periphery, including radio masts. It was not allowed to supply “sensitive parts” of the network.

The cyber security agency has told mobile operators in Britain to comply with the limits on using Huawei’s equipment in their networks.

Huawei has firmly denied that it would support the Chinese state if it attacks one of the company’s clients.

A new tool to ‘jailbreak’ several versions of iOS

A hacker group Unc0ver released a new tool to ‘jailbreak’ several versions of iOS from 11 to 13.5, the Wired reported. This is a significant hit to Apple’s secure iOS image.

Unc0ver’s jailbreak can be installed using jailbreaking platforms AltStore and Cydia. The hacker team says the jailbreak is stable and that it doesn’t drain battery life or stop use of Apple services like iMessage, Apple Pay, or iCloud.

The team also claims that it would protect user data and that iOS’ sandbox security wouldn’t be undermined.

"This jailbreak basically just adds exceptions to the existing rules," Unc0ver's lead developer, told Wired.

"It only enables reading new jailbreak files and parts of the file system that contain no user data."

Initial response from researchers who tested the jailbreak indicate that it works as intended. But the community hasn’t fully assessed the jailbreak as the tool is not open source, making it difficult to analyse.

This jailbreak is a so called zero-day vulnerability, meaning there won’t be a patch coming in the next few days to block the tool as Unc0ver did not disclose its findings to Apple in advance.

Massive phishing campaign using Microsoft’s Excel

A massive phishing campaign to trick users into opening malicious Excel 4.0 macros is under way, Microsoft’s security team warned.

The COVID-19 themed campaign sends legitimate remote access tool NetSupport Manager using emails with malicious Excel 4.0 macros. The phishing campaign had started on May 12, and has used several hundreds of unique attachments.

The emails purport to come from Johns Hopkins Center with the title “WHO COVID-1 SITUATION Report.” The attached files open with a security warning, and reveal a graph of supposed COVID-19 cases in the US.

If the user allows the file to run, the malicious spreadsheet downloads and runs NetSupport Manager RAT.

The NetSupport RAT used in this campaign further drops multiple components, including .dll, .ini, and other .exe files. It connects to a C2 server, allowing attackers to send more commands, Microsoft Security Intelligence said in a tweet.

The hundreds of unique spreadsheets in the this campaign use highly complicated formulas leading the users to connect to the same URL to download the payload.

“This COVID-specific threat intelligence feed represents a start at sharing some of Microsoft’s COVID-related IOCs,” Microsoft said in a statement.

“We will continue to explore ways to improve the data over the duration of the crisis.”

Google Messages may get end-to-end encryption for RCS

Rich communication services (RCS) is a more advanced form of messaging, and an open competitor to Apple’s iMessage. What distinguishes RCS from iMessage are the additional layer of security. RCS are not encrypted end-to-end like iMessage.

But that may well be about to change. According to an analysis of Google Messages version 6.2 by 9to5 Google, the team has found that work is under way to allow users to send end-to-end encrypted messages via RCS.

The team has identified a total of 12 new strings in the app that make references to encryption.

The report clarifies that there is not enough details to know for certain that these are for message encryption. But, it is possible that both the sender and receiver will need to be using Google Messages app for messages to be encrypted.

The team has identified for certain that both the parties must have a good internet connectivity simultaneously for the encrypted RCS messages to go through.