AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/04/2021


Through nanotechnology, engineers at MIT in the US have transformed spinach into sensors capable of detecting explosive materials. These plants are then able to wirelessly relay this information back to the scientists. When the spinach roots detect the presence of nitroaromatics in groundwater, a compound often found in explosives like landmines, the carbon nanotubes within the plant leaves emit a signal. This signal is then read by an infrared camera, sending an email alert to the scientists. This experiment is part of a wider field of research which involves engineering electronic components and systems into plants. The technology is known as “plant nanobionics”, and is effectively the process of giving plants new abilities. “Plants are very good analytical chemists,” explains Professor Michael Strano who led the research. “They have an extensive root network in the soil, are constantly sampling groundwater, and have a way to self-power the transport of that water up into the leaves.”


The Drovorub Mystery: Malware NSA Warned About Can’t Be Found

A piece of malware linked by U.S. intelligence agencies to hackers believed to be backed by the Russian government remains a mystery to the private sector, which apparently hasn’t found a single sample of the malware, and one researcher went as far as suggesting that it may be a false flag set up by the United States itself. In August 2020, the NSA and the FBI released a joint cybersecurity advisory detailing a piece of malware they named Drovorub. According to the agencies, Drovorub was designed to target Linux systems as part of cyber espionage operations conducted by Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, which has been linked to attacks conducted by the threat actor tracked as APT 28, Fancy Bear, Sednit and Strontium. The 45-page report released by the NSA and FBI describes Drovorub as a “Linux malware toolset” that consists of an implant with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C&C) server.


I’m Hacked. Now What?

No matter how secure you are, sooner or later you may have an accident and become hacked. Below are clues you might have been hacked and if so, what to do. – Family or friends say they are receiving unusual messages or invites from you that you know you did not send. -Your password to an account no longer works, even though you know the password is correct. -You receive notifications from websites that someone has logged into your account when you know you did not log in yourself. Do not click on any links in such notifications to check your account; instead, type the website address yourself into your browser, use your previously saved bookmark, or access your account from a mobile app.


Amazon will deploy 10,000 electric delivery vans in 15 cities by 2022

Amazon announced its plans to purchase roughly 100,000 electric delivery vans last year, and we’ll finally see 10,000 of them hit the streets by 2022. “Tens of thousands” of additional vehicles will follow throughout 2022 and beyond, presumably until the full 100,000 have been dispatched. You can get a glimpse of Amazon’s new delivery vans through the video below. From a design perspective, there’s nothing particularly special about them. They do look slightly more futuristic and sleek than other delivery vehicles out there (with a taller windshield), but that’s about it — functionally, they’re largely the same.


Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called “CacheFlow” by Avast, the 28 extensions in question — including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock — made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server. All the backdoored browser add-ons have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores.


Virtual cycling service bans riders for doping – doping their data, that is

Virtual cycling company Zwift has banned two riders for fiddling with data they uploaded to the service, and which helped them to do better in races. Zwift allows cyclists to race each other in a virtual world – after first bolting their bikes to a static trainer that allows them to pedal without going anywhere while measuring their performance by tracking power output and the speed at which riders pedal. The service quickly became a venue for e-cycling competitions, and in 2016 recognised the need for independent arbitration of disputes by creating the Zwift Accuracy and Data Analysis Group to check that rider data was accurate. The group even conducted random data testing of big races! The company has since added a Zwift Performance Verification Board to police the sport.

Related Posts