AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/31/2022

Attackers connect rogue devices to organizations’ network with stolen Office 365 credentials

Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations’ network by registering it with their Azure AD. If successful, they are ready to launch the second wave of the campaign, which consists of sending more phishing emails to targets outside the organization as well as within (to expand their foothold). The Microsoft 365 Defender Threat Intelligence Team has recently spotted a large-scale campaign targeting organizations in Australia and South East Asia.


FBI considered using Pegasus spyware for US domestic surveillance

A new report uncovers how Israel used the NSO Group’s infamous Pegasus iPhone hacking tool, and how the FBI secretly bought it. It has previously been reported that Israeli police have used the Pegasus spyware against its own citizens, and done so without legal oversight. Now the New York Times has released the results of a year-long investigation into the company behind the Pegasus spyware, including how the US considered using it and a more advanced tool. According to the full report, and a New York Times summary of it, the FBI secretly bought Pegasus spyware in 2019. The NSO Group also reportedly gave the agency a demonstration of Phantom, a newer tool which was able to hack American phone numbers.


Microsoft: Windows needs at least 8 hours online to update reliably

Microsoft says that Windows devices need to be online for at least eight hours to get the latest updates and have them correctly installed after they’re released through Windows Update. The amount of time devices running Windows are powered on and connected to Windows Update is tracked by Microsoft as ‘Update Connectivity.’ This measurement correlates the systems’ lack of enough connected time with why they’re not up to date while also making it easier to understand why some devices are unlikely to get recently released updates successfully.


Apple Could Add Authentication To AirPods

Is there a security risk when it comes to the AirPods? On a very small chance, there is always the possibility that someone could swap one of their AirPods for yours, in which they will then be able to listen in on your phone calls and conversations, or even use it to control Siri on your iPhone. It feels like a very unlikely scenario, but it could happen, so much so that Apple is actually looking into creating a user authentication system for future AirPods. This is according to a patent discovered by Patently Apple in which Apple could introduce some kind of authentication system to ensure that the person wearing the AirPods is indeed the owner.


Face ID with mask support arrives in iOS 15.4 beta

If you use an iPhone with Face ID (or any phone that unlocks via facial recognition, for that matter), there’s little doubt that you’ve encountered the frustration of trying to unlock your phone while wearing a face mask. As many people have learned throughout the COVID-19 pandemic, face masks are pretty effective at stopping Face ID in its tracks. As we approach the third year of the pandemic, Apple is finally ready to launch a solution that doesn’t require an Apple Watch. As spotted by the folks at MacRumors, the iOS 15.4 beta finally allows users to use FaceID while wearing a face mask. No longer will iPhone users have to swipe up to unlock their phone using a password, as a simple glance at the iPhone should do it once this feature rolls out to everyone in iOS 15.4.


Microsoft sets a new record as it mitigates a 3.47 Tbps DDoS attack on Azure servers

In a blog post, the Redmond giant shared the Azure DDoS protection data for Q3 2021. The company noted that it saw an increase in the amount of DDoS attacks in the second half of 2021. With attack services being available for cheap, DDoS is a popular attack method that can be used by anyone. In second half of 2021, Microsoft mitigated an average of 1,955 attacks per day, a 40% increase from the first half. However, that pales in comparison with the 4,296 attacks that were mitigated on August 10, 2021. In total, the company managed to protect its users from over 359,713 unique attacks in the second half of 2021. While doing so, Microsoft also set a new record as it defended Azure servers against a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps). The attack originated from over 10,000 sources, spanning globally and included countries such as the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.


NCSC alerts UK orgs to brace for destructive Russian cyberattacks

The UK’s National Cyber Security Centre (NCSC) is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities. The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyberattacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019. These warnings come after Ukrainian government agencies and corporate entities suffered cyberattacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.



Related Posts