AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/15/2021

Apple drops ‘exclusion list’ which allowed its own apps to bypass firewalls

The latest beta of macOS Big Sur has reportedly removed the contentious ability for Apple’s own apps to bypass firewalls, and hide their network use. Apple’s release of the macOS Big Sur 11.2 beta appears to show that the company is dropping a controversial network feature. In the current public version of Big Sur, 56 of Apple’s own apps and system processes can use the internet even when a user has blocked all access with a firewall. Adding to the controversy, when those apps do access the internet, they do so without a user or any network traffic apps being able to monitor or report on them. Apple did this in part because of its Gatekeeper security system. It’s not clear yet how Gatekeeper security will work if the Mac is blocked by a firewall. Also, the presence or absence of a feature in a beta is not a guarantee that it will be the same when the macOS update is released publicly.


More federal victims of SolarWinds hacking likely to come forward, CISA chief says

“The number [of federal victims] is likely to grow with further investigation,” Brandon Wales, CISA’s acting director, said in an interview Friday. “That being said, we do believe that the number will remain extremely small because of the highly targeted nature of this campaign. And that is going to be true for both government and private-sector entities compromised.” As the investigation unfolds, Wales said, it is clear that his agency needs additional authorities and resources to prevent such a detrimental hack in the future. He called the hacking campaign “one of the most complex and challenging that this agency has ever faced in the cyber arena.”


The Data-Centric Path to Zero Trust

Few people would seriously dispute the advantages of a zero-trust security model, particularly in a fast-changing cloud environment with business being conducted by a dispersed workforce using a wide variety of devices. The reasons for zero trust inevitably lead us into a data-centric approach. From an atomic level — the data level — a data-centric approach affords organizations the flexibility to, for example, establish and enforce policies on top of their security. If someone who has access to certain data but moves to another job where they should not, it can be difficult to go in and manually undo some of the controls that exist around user authentication. But if your policy is to authenticate every time a person tries to access that data, it goes to a policy engine that confirms who they are, where they are, what device they’re using, or whatever rules the policy establishes. If something isn’t right, that person doesn’t get in. A data-centric approach abstracts the complexity out and puts it into a policy enforcement engine, which gives organizations the assurance they need in real time.


SolarWinds Hack Forces Reckoning With Supply-Chain Security

The hack of SolarWinds Corp. provided an unwanted holiday gift that will keep on giving to many companies: a jolt to the supply chains that help the digital economy run. After working in recent weeks to assess their exposure to the attack on the software provider, businesses have turned to probing other vendors’ security, re-evaluating vetting processes for partners and even pausing updates to applications, executives say. Cybersecurity experts say the task could grow more complex as details about the hack continue dribbling out. The efforts are reminiscent of measures taken after the Sept. 11, 2001, terrorist attacks to bolster aviation security, said Omar Khawaja, chief information security officer of nonprofit insurance and care provider Highmark Health. The fallout from the SolarWinds hack is pressuring firms to more aggressively review their technology, he said, even if it slows business.


Facebook Sees Increase in Users Promoting Violent Events

Facebook Inc. said an increasing number of users are posting fliers and images using violent or incendiary language to promote gatherings across the country over the next week, echoing warnings from law enforcement that there could be another attack similar to last week’s riot at the U.S. Capitol. A Facebook spokeswoman said the social network is tracking “dozens” of fliers promoting events on Jan. 17, Jan. 18 and Jan. 20, the date of President-elect Joe Biden’s inauguration. The company is removing the postings using image recognition technology, and many of the images calling for the gatherings in Washington and elsewhere have been flagged to Facebook by a group of partner organizations that track terrorism and cybercrime. “We work with experts in global terrorism and cyber-intelligence to identify calls for violence and remove harmful content that could lead to further violence,” the spokeswoman said. “We are continuing all of these efforts and working with law enforcement to prevent direct threats to public safety.”


Home schooling – how to stay secure

Many pupils are starting their new school term from home rather than the classroom. For families with younger kids, home schooling is often the first time that their children have needed to use computers (rather than gaming consoles) in earnest. Whether you’re new to home schooling, going back to it after a break, or an old hand, it’s worth taking a moment to ensure you’re doing it securely. Taking the time to establish good security practices now will lay the foundations for safe IT use in the years to come.


Tech Giants Hope for US Data Privacy Law

Google, Twitter and Amazon are hopeful that Joe Biden’s incoming administration in the United States will enact a federal digital data law, senior company officials said at CES, the annual electronics and technology show. “I think the stars are better aligned than ever in the past,” Keith Enright, Google’s chief data privacy office, told a discussion Tuesday on trust and privacy. The European Union’s General Data Protection Regulation (GDPR), which has applied since May 2018, has largely contributed to making consumers aware of the issues related to the data that they submit to large digital platforms on a daily basis. This European data rights charter influenced California, which has now had the California Consumer Privacy Act (CCPA) for over a year. “That tends to dramatically increase the chances that we can develop the political will at the federal level to do something, just to create a uniform rule of law so that companies know what the rules of the road are and individual users know what their rights and protections are,” Enright said.

Related Posts