AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/21/2021

Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered

The pandemic has brought existential conversations to the forefront in recent months. However, in an increasingly virtual world, threats are no longer reserved for the physical universe we occupy and cybersecurity breaches are increasingly common. It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered or mugged, according to a recent Atlas VPN post. “With headlines around the world being dominated by government security breaches, large enterprise data leaks, and similar cybersecurity issues, the concerns seem to be justified,” the post said. The Atlas VPN post is based on Gallup US phone survey data collected between Sept. 30 and Oct. 15, 2020. Overall, nearly three-quarters (72%) of respondents said they worry frequently or occasionally about having their “personal, credit card, or financial information stolen by computer hackers,” while 12% of respondents said they never worry about this scenario.


Brave browser takes step toward enabling a decentralized web

Brave has just taken a step toward supporting a decentralized web by becoming the first browser to offer native integration with a peer-to-peer networking protocol that aims to fundamentally change how the internet works. The technology is called IPFS (which stands for InterPlanetary File System), a relatively obscure transport protocol that promises to improve on the dominant HTTP standard by making content faster to access and more resilient to failure and control. This explainer from TechCrunch offers a good overview of how the protocol works. But here’s the short version: while HTTP is designed for browsers to access information on central servers, IPFS accesses it on a network of distributed nodes. Vice likens it to downloading content via BitTorrent, rather than from a central server. You type in a web address like normal, and the network is able to find the nodes storing the content you want.


Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary measures. While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.


In hidden message on White House website, Biden calls for coders

The recently updated website for President Joe Biden’s White House carried an invitation for tech specialists savvy enough to find it. Hidden in the HTML code on www.whitehouse.gov was an invitation to join the U.S. Digital Service, a technology unit within the White House. “If you’re reading this, we need your help building back better,” the message said. Former President Barack Obama launched the service in 2014 to recruit technologists to help revamp government services – for example by modernizing Medicare’s payment system or reforming hiring practices across government agencies. Tech specialists join the Digital Service for typically one or two years.


Google Chrome now checks for weak passwords, helps fix them

Google has added a new feature to the Chrome web browser that will make it easier to check if their stored passwords are weak and easy to guess, exposing users to brute force attacks or password cracking attempts. The new feature will be rolled out to Google Chrome users over the coming weeks after updating to version 88, promoted yesterday to the Stable channel. This feature was introduced to Chrome Canary in December, hidden behind the experimental “Passwords weakness check” Chrome flag. Google Chrome allows creating, storing, and filling your passwords with a mouse click while browsing the web using a built-in password manager. After finding weak passwords, Chrome will allow you to change them using stronger ones that can be generated on the spot and stored for later use.


Hacker posts 1.9 million Pixlr user records for free on forum

A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. Pixlr is a very popular and free online photo editing application with many of the same features found in a professional desktop photo editor like Photoshop. While Pixlr offers basic editing tools for free, the site also provides premium memberships that include more advanced tools, stock photos, and other features. Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine. ShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via data breach brokers. In the past, ShinyHunters has been responsible for data breaches at Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and many more.


Microsoft shares how SolarWinds hackers evaded detection

As Microsoft’s security experts found, the hackers who orchestrated the SolarWinds attack showcased a range of tactics, operational security, anti-forensic behavior that drastically decreased the breached organizations’ ability to detect their malicious actions. “[T]he attackers behind Solorigate are skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection,” Microsoft reveals. “During our in-depth analysis of the attacker’s tactics, techniques, and procedures (TTPs) seen through the lens of Microsoft 365 Defender’s rich telemetry, we observed a few techniques that are worth disclosing to help other defenders better respond to this incident and use hunting tools like Microsoft 365 Defender advanced hunting or Azure Sentinel queries to search for potential traces of past activity.”

Related Posts