AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/26/2022

EU to fund bug bounty programs for LibreOffice, Mastodon, three others

The European Union will fund a bug bounty program for five open source projects that are heavily used by public services across the EU. The five programs include LibreOffice, a document editing app and a free alternative to Microsoft Office; Mastodon, a web-based utility for hosting your private social network; Odoo, an enterprise resource planning (ERP) application; Cryptopad, an app exchanging encrypted messages; and LEOS, a software designed to help with drafting legislation. The bug bounty program will run throughout the year on the Intigriti bug bounty platform, and the EU will provide a rewards pool of up to €200,000 ($225,000). Bug hunters will be eligible to earn as much as €5,000 ($5,600) for “exceptional vulnerabilities,” and they can also earn a 20% bonus if they provide a fix within their reports.


Linux vulnerability can be ‘easily exploited’ for local privilege escalation, researchers say

A newly disclosed vulnerability in a widely installed Linux program can be easily exploited for local privilege escalation, researchers from cyber firm Qualys said today. The memory corruption vulnerability (CVE-2021-4034)—which affects polkit’s pkexec—is not remotely exploitable. However, it can be “quickly” exploited to acquire root privileges, the researchers said in a blog post. “This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration,” the Qualys researchers said in the post. In Unix-like operating systems, polkit (formerly known as PolicyKit) is used to control system-wide privileges. Polkit’s pkexec is a program that enables an authorized user to execute commands as a different user.


New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device’s software. The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt,” as shown in the image below. This screen informs the victim that they should pay 0.03 bitcoins (approximately $1,100) to an enclosed Bitcoin address unique to each victim.


New Jersey Court Rules “Acts of War” Insurance Policy Exclusion Inapplicable to Russian Malware Attack

Pharmaceutical giant Merck won a major victory over its insurance carrier in New Jersey Superior Court recently. Merck’s victory means its carrier is liable to pay out up $1.4 billion to Merck for alleged losses arising out of the 2017 NotPetya malware attack. Merck’s all-risks property policy covered Merck for losses resulting from destruction or corruption of computer data software. The carrier declined coverage for the NotPetya attack, citing a policy exclusion for “loss or damages caused by hostile or warlike action.” Judge Thomas Walsh of the New Jersey Superior Court issued a Partial Summary Judgment for Merck, finding that the “hostile or warlike action” exclusion did not apply to the malware attack. 


Virginia woman ordered to stop harassing, stalking Apple CEO Tim Cook

A California judge granted a temporary restraining order to Apple CEO Tim Cook after the company said a Virginia woman sent him hundreds of sometimes threatening messages and appeared at his condominium in Palo Alto last year, court documents show. The order barring the 45-year-old woman from harassing, stalking and contacting Cook was issued Friday by Santa Clara County Superior Court Judge Carol Overton. In a petition for the order, Apple said the woman began harassing Cook in October 2020, when she is alleged to have tweeted that they were married and that Cook fathered her twin children. The petition alleges that in October and November 2020, the woman emailed Cook 200 times with messages that showed a “significant escalation in tone” and became “threatening and highly disturbing.” 


Why Your Business Continuity Plan Should Cover Communication and Office Access

Imagine a scenario where your company’s digital infrastructure goes offline. Your servers are unreachable, the company website is offline, internal communication stops working and employees are locked out of offices because keycard security systems are down. Your entire company—literally everything it does—just stops. It’s a nightmare scenario, but if you’re prepared with a business continuity plan, it can be a short-term inconvenience instead of a company disaster. As we’ve seen just recently with the massive Facebook outage, these scenarios can happen to any organization.

Related Posts