WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations

Overview

Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now criticizing it. They claim that, under the guise of privacy enhancement, Sandbox allows Google to track users within the browser itself- first-party ad tracking.

Impact

Noyb’s main concern is that Sandbox may be less invasive in comparison, but it still doesn’t fully eliminate user tracking and violates data protection laws. They also criticize Google’s consent mechanisms for not being fully transparent or fair, and they may be illegal under EU regulations.

That said, the ongoing use of Sandbox continues despite adjustments in response to regulatory feedback. Phased testing and a gradual deprecation of third-party cookies are also planned.

Recommendation

Users should stay informed about the Privacy Sandbox developments and be aware of the consent they are providing. That said, Organizations relying on Chrome, especially for digital advertising and data analytics, should prepare for changes in cookie handling. More importantly, regulatory bodies should monitor the implementation of these technologies to ensure genuine privacy enhancements.

Critical Security Vulnerabilities Uncovered in ZKTeco Biometric Systems

Overview

Kaspersky’s search reveals 24 critical vulnerabilities in ZKTeco’s biometric systems. These flaws range across multiple types, including SQL injections, buffer overflows, command injections, arbitrary file operations, etc. The flaws could allow unauthorized access, data theft, and potentially allow hackers to deploy malicious software.

Impact

Attackers could bypass biometric verifications using things like manipulated user data or counterfeit QR codes, and potentially commit access violations. Biometric data is at risk of being stolen and sold on dark networks. Remote manipulation of devices can also lead to execution of arbitrary code and system config alterations, all of which can lead to installation of backdoors.

Potential Risks

CVE-2023-3938:?SQL injection via QR code scanning could authenticate unauthorized access.

CVE-2023-3939:?Command injection flaws may allow the execution of OS commands with elevated privileges.

CVE-2023-3940 and CVE-2023-3941:?Flaws allowing arbitrary file reads and writes could enable access to sensitive data.

CVE-2023-3942 and CVE-2023-3943:?Additional SQL injections and buffer overflows could permit database manipulations.

Recommendation

Network Segmentation:?Isolate biometric readers in separate network segments to limit breach impacts.

Strong Access Controls:?Employ robust admin PWs and enhance security configurations.

Reduced QR Code Use:?Minimize reliance on QR codes for authentication.

Comprehensive Security Assessment:?Conduct thorough security checks and biometric system audits.

North Korean Phishing Campaigns Target Brazilian Fintech Sector

Overview

Google’s Mandiant and Threat Analysis Group (TAG)?highlights a surge in phishing attacks conducted by North Korean operatives. The attacks target Brazil’s financial technology and cryptocurrency sectors. Their phishing tactics have been active since 2020, committed by multiple North Korean groups, notably?UNC4899.

Impact

The primary targets are govt. agencies, aerospace, technology, and specifically, Brazil’s fintech and cryptocurrency firms. They use social engineering to initiate contact through social media, presenting fraudulent job opportunities with well-known firms to lure targets.

They escalate to the distribution of trojanized apps, leading to potential system control. Other campaigns involve masquerading as recruiters to distribute malware like?AGAMEMNON, which is a downloader for further exploits. Also, groups like PAEKTUSAN have impersonated HR personnel to infiltrate aerospace firms.?PRONTO?also targeted diplomats with decoy emails.

Recommendation

Be vigilant in communication, especially unsolicited job offers. Use enhanced security protocols to implement stringent security measures i.e. regular system audits, updated antivirus, anti-phishing tools, comprehensive employee training, etc. Isolate critical networks from general network access. Most importantly, ensure compliance with international cybersecurity regulations.

Click here to read more