AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/18/2022

Meta faces billion-pound class-action case

Up to 44 million UK Facebook users could share £2.3bn in damages, according to a competition expert intending to sue parent company Meta. Dr Liza Lovdahl Gormsen alleges Meta “abused its market dominance” to set an “unfair price” for free use of Facebook – UK users’ personal data. She intends to bring the case to the Competition Appeal Tribunal. A Meta representative said users had “meaningful control” of what information they shared.  Facebook “abused its market dominance to impose unfair terms and conditions on ordinary Britons, giving it the power to exploit their personal data”, Dr Lovdahl Gormsen says. And this data, harvested between 2015 and 2019, provided a highly detailed picture of their internet use, helping the company make “excessive profits”.


Ukrainian Official Says Belarusian Intelligence Likely Behind Cyberattack

A top Ukrainian official says a Belarusian intelligence agency is likely behind the hacking of several Ukrainian government websites this week. Serhiy Demedyuk, deputy secretary of Ukraine’s national security and defense council, spoke with Reuters on January 15, a day after Ukrainian websites were disabled and defaced with threatening messages. Demedyuk said a group known as UNC1151 was behind the hack. “This is a cyberespionage group affiliated with the special services of the Republic of Belarus,” he said in a written comment to Reuters. The cyberattack came as Russia has massed tens of thousands of troops near Ukraine’s borders. The crisis, and the threat of a new invasion of Ukraine, brought diplomats from Washington, Moscow, and Europe together for three separate, high-level meetings this past week.


Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to proactively protect from any malicious activity. While our investigation is continuing, MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.


Safari bug can leak some of your Google account info and recent browsing history

A serious Safari bug disclosed in this blog post from FingerprintJS can disclose information about your recent browsing history and even some info of the logged-in Google account. A bug in Safari’s IndexedDB implementation on Mac and iOS means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. You can try it out for yourself with this live demo.

For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user’s profile picture is revealed.


Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down

UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it’s shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. “Don’t build any conspiracy theories about us leaving,” the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic. “It is [a] weighted decision, we are not young and our health do[es] not allow [us] to work like this any longer.” The UniCC team also gave its users 10 days to spend their balances, while also warning customers to “not follow any fakes tied to our comeback.”


Managers think their systems are unbreakable. Cybersecurity teams aren’t so sure

Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom. The World Economic Forum’s new report, The Global Cybersecurity Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations. According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn’t result in significant disruption.

Related Posts