AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/04/2022

OpenSSF Announces The Alpha-Omega Project to Improve Software Supply Chain Security for 10,000 OSS Projects

Following a meeting with government and industry leaders at the White House, OpenSSF is excited to announce the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. Microsoft and Google are supporting the Alpha-Omega Project with an initial investment of $5 million. This builds on previous industry-wide investments into OpenSSF aiming to improve open source software security. Widely deployed OSS projects that are critical to global infrastructure and innovation have become top targets for adversarial attacks. Following new vulnerability disclosures, adversary attacks can be seen within hours. For example, recently discovered vulnerabilities in the widely deployed Log4j library forced many organizations into crisis as they raced to update applications using the popular library before adversaries could attack. 


ESET antivirus bug let attackers gain Windows SYSTEM privileges

Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. The flaw (CVE-2021-37852) was reported by Michael DePlante of Trend Micro’s Zero Day Initiative, and it enables attackers to escalate privileges to NT AUTHORITY\SYSTEM account rights (the highest level of privileges on a Windows system) using the Windows Antimalware Scan Interface (AMSI). AMSI was first introduced with Windows 10 Technical Preview in 2015, and it allows apps and services to request memory buffer scans from any major antivirus product installed on the system.


Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform

Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday. This is the second-biggest hack of a DeFi platform ever, just after the $600 million Poly Network security breach. Experts pointed out that this is largest attack to date on Solana, which is a high-performance blockchain like Ethereum and that is increasing its popularity thanks to the interest in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems. Wormhole is a communication bridge between Solana and other top decentralized finance (DeFi) networks and allows to transfer of cryptocurrency across different blockchains, including Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra.


3D printed guns, underground markets, bomb manuals: police crackdown continues

Law enforcement continues to tackle information online considered to be dangerous, with bomb manuals the subject of a new operation. As internet access shifted from a luxury made possible through dial-up to something akin to a human right in many countries, the web became a catalyst for new, innovative business models, e-commerce, new means of communication, and a critical channel for education – especially useful during COVID-19 stay-at-home orders. However, when it comes to education and e-commerce, law enforcement worldwide has taken different stances on what is considered allowable, and some topics, guides, and trading posts become the subjects of investigations and, in some cases, seizures or takedowns. 


Google unveils differential privacy tool for Python developers processing data

On Friday, Google debuted a new product developed with OpenMined that allows any Python developer to process data with differential privacy. The two have been working on the project for a year, and Google said the freely available privacy infrastructure will help millions in “the global developer community — researchers, governments, nonprofits, businesses and more — build and launch new applications for differential privacy, which can provide useful insights and services without revealing any information about individuals.”


Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine

Since November, geopolitical tensions between Russia and Ukraine have escalated dramatically. It is estimated that Russia has now amassed over 100,000 troops on Ukraine’s eastern border, leading some to speculate that an invasion may come next. On Jan. 14, 2022, this conflict spilled over into the cyber domain as the Ukrainian government was targeted with destructive malware (WhisperGate) and a separate vulnerability in OctoberCMS was exploited to deface several Ukrainian government websites. While attribution of those events is ongoing and there is no known link to Gamaredon (aka Primitive Bear), one of the most active existing advanced persistent threats targeting Ukraine, we anticipate we will see additional malicious cyber activities over the coming weeks as the conflict evolves. We have also observed recent activity from Gamaredon. In light of this, this blog provides an update on the Gamaredon group.

Related Posts