SORBS Shutdown, Microsoft Recall and TikTok's Zero-day and Apple's Passwords App
Notable security news for the week of June 2nd-8th 2024, brought to you by the F5 Security Incident Response Team. This week your editor is Dharminder. In this edition, I have security news about SORBS spam blacklist service, which was shutdown by the owner Proofpoint, Tiktok's zero-day vulnerability which was used by attackers to compromise high profile user accounts, Microsoft's Recall feature changed from default to opt-in in Windows 11 and Apple's new "Passwords" app.
We in F5 SIRT invest lot of time to understand the frequently changing behaviour of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT.
Ok so let's get started to find details of security news.
SORBS Spam Blocklist Service, Permanent Shutdown
The Spam and Open Relay Blocking System (SORBS) a service which provided free access to a DNS-based Block List (DNSBL) that contains over 12 million spam-related servers, which are known source of phishing attacks, spams and other email nasties has been shutdown by its owner, Proofpoint. This service was created twenty plus years ago by Michelle Sullivan, SORBS was highly regarded for its accuracy and used by over 200,000 organizations. The shutdown involved emptying SORBS's 18 "Zones," which categorized different types of spam-related servers. Closure of the service has ignited
discussions in the anti-spam community about potentially acquiring SORBS, with hopes that a legitimate entity will take over to prevent spammers from misusing the service. Despite many alternatives like SpamCop and Spamhaus, SORBS was distinctly valued for its transparency and thorough documentation, which ensured fairness in its operations.
https://www.theregister.com/2024/06/07/sorbs_closed/
TikTok’s Zero-day Vulnerability - High Profile User Accounts Compromised
Miscreants exploited a zero-day vulnerability in TikTok's direct messages feature to hijack high-profile accounts of companies and celebrities, including Sony and CNN. The attack involved sending a specially crafted direct message to victims, which, when opened, exploited a software vulnerability to gain control over their accounts. The exploit does not require victim to download or click on any link. The exact workings of the exploit, the number of compromised accounts, and the responsible parties remain undisclosed. As per the reports, TikTok's security team has taken measures to stop the attack and is working with affected users to restore access. This incident will definitely adds to TikTok's security challenges, which already have included previous vulnerabilities discovered and fixed before exploitation. It also comes amid broader concerns about TikTok's data security practices due to its Chinese parent company, ByteDance, and ongoing legal battles in the U.S. over potential national security risks.
https://www.theregister.com/2024/06/05/tiktok_confirms_cnn_accounts_hijacked/
Recall - Default To Opt-In Feature in Windows 11
Due to significant customer backlash, Microsoft has announced changes to its upcoming Recall feature in Windows 11, addressing security and privacy concerns raised by experts. The feature which was initially planned to be enabled by default, will now require users to opt-in during setup. Additionally, It will require authentication through Windows Hello and proof of presence to access the timeline and snapshots. Recall works by taking periodic screenshots of the user's active window and recording activities, which are then analyzed by an on-device AI to create a searchable semantic index. The feature is currently exclusive to Copilot+ PCs with Snapdragon X ARM processors, with plans for Intel and AMD compatibility. Initially, the feature stored data in plain text, which raised security alarms. In response, Microsoft will encrypt the Recall database and implement "just in time" decryption, ensuring snapshots are only accessible upon user authentication. These updates come after privacy concerns were raised, highlighting that malware could access decrypted data post-login. Microsoft's adjustments aim to address these security vulnerabilities by maintaining encryption until user authentication. This move aligns with CEO Satya Nadella's directive to prioritize security over other features, reinforcing the company's commitment to protecting user data. The updated Recall feature will be available from June 18.
https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns
Apple's Password Manager - Passwords
Apple is planing to introduce a standalone password manager named 'Passwords' for iOS 18, iPadOS 18, and macOS 15 at the upcoming Apple Worldwide Developers Conference. It seems this new app aims to provide an easier and more visible way for users to manage and generate strong, unique passwords, thus enhancing security against data breaches. The Passwords app will sync login information across iPhones, iPads, and Vision Pro devices using iCloud Keychain. Additionally, the app will have capability to import credentials from other password managers and support categories for different types of passwords, including WiFi networks and website accounts. It will also function as a multi-factor authentication app.