Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.
If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week’s stories. Our guest this week is Davi Ottenheimer, vp, trust and digital ethics, Inrupt.
If you want to get involved you can watch live and participate in the discussion on LinkedIn Live ([register](https://www.linkedin.com/video/event/urn:li:ugcPost:6861024170604589056/)), or you can just [subscribe to the Cyber Security Headlines podcast](https://cisoseries.com/subscribe-podcast/) and get it into your feed.
Here are some of the stories we’ll be covering:
## Facebook deletes 1 billion faceprints in Face Recognition shutdown
Facebook announced Tuesday that they plan to abandon use of their Face Recognition system and delete over 1 billion facial recognition profiles in coming weeks. Face Recognition analyzes uploaded photos to identify users and automatically tag them in Memories, photos and videos. Facebook’s concerns about the technology have been significant as they recently reached a $650 million legal settlement in Illinois which claimed the company collected and stored biometric data of their users without consent. Facebook’s VP of Artificial Intelligence, Jerome Pesenti, stated, “Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.” While this change is a victory for privacy advocates, it comes with a tradeoff of some features not working as designed including automatic tagging and Automatic Alt Text (AAT), which creates image descriptions for people who are blind or visually impaired.
([Bleeping Computer](https://www.bleepingcomputer.com/news/technology/facebook-deletes-1-billion-faceprints-in-face-recognition-shutdown/) and [The Hill](https://thehill.com/policy/technology/579630-facebook-to-shut-down-facial-recognition-system))
## Iranian Black Shadow hacking group breaches Israeli Internet hosting firm
The group compromised the server of the Israeli internet hosting company Cyberserve, taking down several of the sites that it hosts. The group announced the attack on Twitter on Friday, and then published some of the stolen data shortly afterwards, stating that Cyberserve had not yet contacted them. Black Shadow was responsible for the hack of Israeli insurance firm Shirbit in December last year. In that attack it had a $1 million ransom, but the victim refused to pay it.
## Microsoft to work with US community colleges to fill 250,000 cybersecurity jobs
Microsoft made the announcement on Thursday stating their plan was to happen over the next four years, by 2025, in order to fill the country’s cybersecurity workforce shortage. The company’s commitment will include providing training for the faculty of 150 community colleges, providing free curriculum to thousands of US public community colleges, providing scholarships and supplemental resources to 25,000 students. CEO Brad Smith explained that US community colleges are cheaper to attend, are more diverse in terms of graduates, are located in every US state, and are more flexible with their students’ programs.
## Global chip shortage ‘is far from over’ as wait times get longer
The global semiconductor shortage is worsening, with wait times lengthening, buyers hoarding products and the potential end looking less likely to materialize by next year. Demand didn’t moderate as expected. Supply routes got clogged, and unpredictable production hiccups have slammed factories already running at full capacity. What’s left is widespread confusion for manufacturers and buyers alike. Some buyers trying to place new orders are getting delivery dates in 2024, said Ian Walker, operations director at electronic-components distributor Princeps Electronics Ltd., which helps companies find chips. Apple Inc. warned Thursday that supply-chain disruptions are hindering iPhone and other product manufacturing ahead of the holiday-shopping quarter.
([Wall Street Journal](https://www.wsj.com/articles/global-chip-shortage-is-far-from-over-as-wait-times-get-longer-11635413402))
## macOS flaw opened door to undetectable malware
Security researchers at Microsoft discovered a flaw in macOS’ System Integrity Protection (SIP), which would have allowed an attacker to install a hardware interface that allows them to “overwrite system files, or install persistent, undetectable malware”. SIP is an OS-level Apple sandbox that contains several memory-based variables that shouldn’t be able to be modified in non-recovery mode. The researchers found that Apple “introduced a particular set of entitlements that bypass SIP checks by design,” as part of the system update process. Apple subsequently patched the issue in macOS Monterrey, Catalina and Big Sur.
## CISA creates exploited bug catalog
The US Cybersecurity and Infrastructure Security Agency continues its efforts to shore up security within the federal government. It published a catalog of software vulnerabilities known to be exploited in the wild, issuing a binding operational directive requiring federal agencies to patch these within specified deadlines. The catalog currently includes 306 vulnerabilities across vendors, including Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, and IBM, with some dating back to 2010. For vulnerabilities discovered this year, agencies have until November 17, 2021 to apply patches. Older vulnerabilities must be patched by May 3, 2022.
## Bots used to scam 2FA codes
Vice reported on fraudsters using automated bots to steal multi-factor authentication codes or one-time passwords to authorize cash transfers. Services impacted include Apple Pay, PayPal, Amazon, Coinbase, and a wide range of specific banks. Speaking to sellers of these bot services, these cost a few hundred dollars, and lowers the barrier to entry for engaging in this behavior. Typically these services call a victim posing as a fraud alert system, asking them to verify their identity with a two-factor code sent to a phone. This code actually comes from the fraudster attempting to login to the victims account. Services for these bots operate on Telegram or Discord, where “customers” enter in a victims phone number, and the service provider users a platform like Twilio to place the automated call.
## Cybercriminals sell access to international shipping, logistics giants
On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. The researchers stated, “While already in a volatile and precarious position — especially as we head into winter — “a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy.” Although the logistics industry is constantly targeted, big names like Conti and Five Hands are appearing in the IAB research along with many newcomers.