AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/19/2021

Apple will only approve COVID-19 vaccination apps verified by health authorities

It may not be enough just to get vaccinated against COVID-19 — you may also need proof that you’ve completed the vaccination course to be able to travel, to go to school or to enter establishments in the immediate future. That’s why apps providing proof of vaccination you can easily take with you have started popping up, and why Apple has conjured up a rule to make sure those apps only offer legitimate information. The tech giant has announced in its developer page (as spotted by 9to5Mac) that apps generating health passes based on vaccine records must be submitted by developers working with companies and entities recognized by public health authorities. In other words, Apple will only approve apps if they’re released by test kit manufacturers, laboratories, healthcare providers or other similar organizations and companies approved by health agencies. Of course, it also welcomes submissions directly from the government, as well as from medical and other credentialed institutions.


Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

Quad9, the privacy-focused domain resolver, announced Wednesday it would move its offices to Zurich, Switzerland to subject itself to stricter privacy laws. The Switzerland move will place the company under a European Union-like privacy regime. Though Switzerland is not part of the EU, it has adopted the provisions of the General Data Protection Regulation with one major difference: the Swiss privacy law applies to all global users of a Swiss-based service, not just those in the region. So why would a company choose to relocate to a country with more stringent standards? “We’ve always said that we don’t collect any personal information – that’s always been a promise from us. The problem is that a lot of people don’t necessarily believe promises, because promises can easily be broken,” said John Todd, executive director of Quad9. “We wanted to put ourselves in a position where people didn’t simply have to believe us on our word; they actually could believe us based in some statements of law.”


RIPE NCC discloses failed brute-force attack on its SSO service

RIPE NCC, the organization that manages and assigns IPv4 and IPv6 addresses for Europe, the Middle East, and the former Soviet space, has disclosed today a failed cyber-attack against its infrastructure. “Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime,” the organization said in a message posted on its website earlier today. The agency said it mitigated the attack and found that no account was compromised but that an investigation is still underway. “If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.”


Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code

Microsoft’s security team said today it has formally completed its investigation into its SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers. “Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” the company said today, in its final report into the SolarWinds-related breach. Microsoft said that after cutting off the intruder’s access, the hackers continued to try to access Microsoft accounts throughout December and even up until early January 2021, weeks after the SolarWinds breach was disclosed, and even after Microsoft made it clear they were investigating the incident.


“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost certainly have seen, where you visit an apparently honest web page and then get pestered with online surveys. We’ve warned our readers many times about the risks of online surveys – even ones that don’t obviously or explicitly lead to attempted malware infections. At best, you will often end up giving away a surprising amount of personal data, typically in return for a minuscule chance of winning a free product (fancy phones, high-value gift cards and games consoles are typically used as lures).

Related Posts