AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/24/2023

A Murderer Targeted Pregnant Moms In A Private Facebook Group, Feds Say 

In late October 2022, Kelly, a first-time mom from Siloam Springs, Arkansas, posted in a private Facebook group for parents in the locale. “I’m looking for a small baby swing and maternity clothes,” she said. She got a response from a member called Lucy Barrow, whose account was only created that month, claiming her old profile had been blocked. “I might have some tops in that size,” Barrow wrote, her profile picture a dog playing with a chew toy. “I’m in Bella Vista but could meet somewhere on Friday.” 

 

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks 

The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that’s designed to be used by security professionals in their red team operations. 

 

iOS 16.3 is now available with a big focus on security 

Apple has released iOS 16.3, which adds the ability to use a security key to lock down your Apple ID and appears to bring the company’s Advanced Data Protection for iCloud feature to countries outside of the US. It also tweaks the Emergency SOS call system, includes a new “Unity” wallpaper, and adds support for the second-gen HomePodLast year, Apple announced the hardware key feature, which lets you use something like a Yubikey as a second factor to log in to your Apple account, as part of a push to help people lock down their iCloud accounts.  

 

Facebook Introduces New Features for End-to-End Encrypted Messenger App 

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. “Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption,” Meta’s Melissa Miranda saidThe social media behemoth said it intends to notify users in select individual chat threads as the security feature is enabled, while emphasizing that the process of choosing and upgrading the conversations to support E2EE is random. “It’s designed to be random so that there isn’t a negative impact on our infrastructure and people’s chat experience,” Miranda further explained. 

 

Android 14’s tight security to block you from downloading outdated apps 

With every passing year, Google enhances the security of Android to safeguard users’ privacy and data. Well, it seems like Android 14 will bring a great security feature that will stop you from downloading outdated apps on your phone. Apparently, Android 14 will block the installation of apps meant for outdated Android versions. For years, Android app developers have had to ensure that their apps are updated to use the latest features and align with the Android OS security measures. Recently, Google updated its guidelines to ensure that the newly listed Play Store apps target Android 12. However, this security measure of requiring Android 12 at a minimum is applied only to items in the Google Play Store. 

 

NSA publishes IPv6 Security Guidance 

The National Security Agency (NSA) published guidance to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). IPv6 Security Guidance highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface. 

Related Posts