AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – ​March 26, 2019

1 Microsoft's Leaked Edge Browser Should Make Google Worried

Over the weekend, a leaked build for the Chromium-based Edge browser has been released that is providing users with their first look at the upcoming browser from Microsoft. If you are currently using Chrome, the reports indicate that this Edge preview browser feels, performs, and has basically has the same features. Microsoft has been quiet regarding their upcoming Microsoft Edge Insider browser, but a slow trickle of leaks has provided a bit more information. With this leaked build, though, users get their first full look at the upcoming Edge browser, which from all reports feels like it has the best chance of putting a dent in Google Chrome's market share. While many people are concerned that Microsoft switching to Chromium could put all the control into Google's hands, when it comes to desktop operating systems, this may have the reverse effect.


2 DHS Invests $5.9 Million into Cyber Training Tool for Energy Sector

The Homeland Security Department is funding a new immersive cyber-training platform equipped with simulation-based scenarios and exercises aimed at protecting the nation’s energy sector. The department’s Science and Technology Directorate announced it’s awarding $5.9 million to the Norwich University Applied Research Institute to expand a training tool used by the financial services sector to organizations in the energy sector. Distributed Environment for Critical Infrastructure Decision-Making Exercises, or DECIDE, is an interactive platform that allows players to practice cyber-threat response tactics in an immersive online environment before real-life crises occur.


3 Attackers Compromise ASUS Software Update Servers to Distribute Malware

Taiwanese computer maker ASUS may have inadvertently distributed malware to over 1 million users of its systems worldwide after attackers compromised software update servers at the company last year, Kaspersky Lab said in a report Monday. Available telemetry shows the attackers planted the malware, disguised as legitimate software, on servers that ASUS uses to automatically push out software and firmware updates to users of its systems. The poisoned updates were hard to spot and block because they were digitally signed using legitimate ASUS certificates, Kaspersky Lab said.


4 Microsoft Defender comes to the Mac

Previously, this was a Windows solution for protecting the machines of Microsoft 365 subscribers and assets of the IT admins that try to keep them safe. It was also previously called Windows Defender ATP, but given that it is now on the Mac, too, Microsoft decided to drop the “Windows Defender” moniker in favor or “Microsoft Defender.” “For us, it’s all about experiences that follow the person and help the individual be more productive,” Jared Spataro, Microsoft’s corporate VP for Office and Windows, told me. “Just like we did with Office back in the day — that was a big move for us to move it off of Windows-only — but it was absolutely the right thing. So that’s where we’re headed.”


5 Two white hats hack a Tesla, get to keep it

A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser. Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric sedan via its infotainment system at the Pwn2Own hacking contest in Vancouver, Canada, last Friday. They exploited a JIT (or ‘just-in-time’) bug in the browser renderer process to display a message on the infotainment system. In addition to walking away with the car, Zhu and Cam received US$35,000 for discovering the bug, reads a Zero Day Initiative report. It’s worth noting that the flaw didn’t enable the ethical hackers to take control of the vehicle itself.

Related Posts