Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/27/2021

North Korean hackers are targeting security researchers with malware, 0-days

A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google’s Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware. The threat actors create fake Twitter profiles and blogs to build a fake persona as a security researcher. These accounts are then used to contact targeted security researchers via social media, including Twitter, LinkedIn, Telegram, Discord, Keybase, and email. As part of this fake persona building, the threat actors write articles analyzing existing vulnerabilities or create videos showing off PoCs they allegedly developed.

 

Hackers might be selling your Facebook data right now on this rival messaging app

Facebook has more than 2.74 billion monthly active users as of late September 2020, and a new hack impacts the privacy of nearly a fifth of them. The hack itself isn’t new, as the security breach dates back to August 2019 when it was discovered that anyone could discover the phone number associated with a Facebook profile, or vice-versa. The vulnerability was fixed, but it just resurfaced in the most disturbing way. Somebody monetized a database of over 500 million Facebook users, and it’s now selling phone numbers for $20 via a Telegram bot. Buying in bulk will get you a much better deal.

 

Firefox 85 Cracks Down on Supercookies

In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking. In short, supercookies can be used in place of ordinary cookies to store user identifiers, but  they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storageETags, and HSTS flags.

 

Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar. Folks should check for and install the latest version of their iOS, iPadOS, watchOS, and tvOS software. The iOS and iPadOS patches come a day after Google revealed North Korea’s hackers had targeted information security researchers, luring them to a website that seemingly contained a Chrome zero-day exploit to infect their Windows PCs and offering them bobby-trapped Visual Studio project files.

 

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

In a blog post on Monday, researchers from Trend Micro reported that they uncovered 70 email addresses that have been targeted with the so-called “Office 365 V4 phishing kit” since May 2020, 40 of which belong to “CEOs, directors, owners and founders, among other enterprise employee[s].” And very high-ranking people at that: Just over 45 percent of targeted individuals carried the title of CEO. The next most frequently targeted titles were managing director (9.7%) and CFO (4.8%). The attack has spanned a wide range of industry sectors, including manufacturing, real estate, finance, government and technology, and nearly 74% of businesses known to be targeted were located in America. “Based on the data distribution, CEOs in the U.S. are obviously the main targets of the threat actors that use the Office 365 V4 phishing kit,” the blog post concluded. 

 

A Look at the Legal Consequence of a Cyber Attack

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of reputational loss could be catastrophic if not handled meticulously by professionals within a reasonable time. Despite the best cybersecurity practices, cyber-attacks and data breaches are on the rise. Be it personal, financial, health, intellectual property or IT security information, data theft is a constant threat for everyone. 

Related Posts