AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/25/2021

Firefox 86 Introduces Total Cookie Protection

Cookies, those well-known morsels of data that web browsers store on a website’s behalf, are a useful technology, but also a serious privacy vulnerability. That’s because the prevailing behavior of web browsers allows cookies to be shared between websites, thereby enabling those who would spy on you to “tag” your browser and track you as you browse. This type of cookie-based tracking has long been the most prevalent method for gathering intelligence on users. It’s a key component of the mass commercial tracking that allows advertising companies to quietly build a detailed personal profile of you. Our new feature, Total Cookie Protection, works by maintaining a separate “cookie jar” for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website.

 

Utility scams are snow joke

Winter often brings the blues, but when it brings Arctic blasts, burst pipes, power outages, and even icicles indoors, scammers aren’t far behind with weather-related scams. Scammers know severe weather may have shut off your electricity, heat, and water and might pose as your utility company. They might call to say that they’re sorry your power went out and offer a reimbursement, but first they need your bank account information. They might email you to say that there’s an error in their system, and you have to give them personal information so they can turn your gas on again. They could even threaten to leave your utilities shut off if you don’t send them money immediately. But those are all lies.

 

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn

FOR ALL THE nation-state hacker groups that have targeted the United States power grid—and even successfully breached American electric utilities—only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in Ukraine in 2015 and 2016. Now one grid-focused security firm is warning that a group with ties to Sandworm’s uniquely dangerous hackers has also been actively targeting the US energy system for years. On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos. But most noteworthy, perhaps, is a group that Dragos calls Kamacite, which the security firm describes as having worked in cooperation with the GRU’s Sandworm. 

 

Twitter’s new hacking label has already been hacked

Twitter has started to label some tweets with a warning about materials “obtained through hacking.” This new label is appearing on some news stories that Twitter believes are based on hacks and leaked documents, but Twitter users have found an easy way to hack a URL together to make it appear on any tweet. The new label appeared on a story from independent outlet The Grayzone this week. If you share the URL of this particular story, it will generate the warning. But Twitter also displays the warning if you trick it into doing so by using a specially crafted link to a genuine URL combined with the flagged one. This tricks Twitter’s card-based system into accidentally flagging tweets with this new warning. The warning trick works on both web and Twitter’s mobile apps for iOS and Android, and it even appears to crash the Android version if you attempt to like a tweet that includes this new label.

 

CrowdStrike Slams Microsoft Over SolarWinds Hack

During the attack, hackers were able to read Microsoft’s source code for how its programs authenticate users and then manipulate those programs to access new areas inside victims’ networks.  Smith said that this had been made possible not through any errors on Microsoft’s part, but as the result of customers’ configuration mistakes and other errors that meant “the keys to the safe and the car were left out in the open.” CrowdStrike’s chief executive George Kurtz said the hackers were able to exploit Microsoft’s overly complicated and “antiquated” architecture.  “The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network” and reach the cloud environment while bypassing multifactor authentication, said Kurtz. To increase national cybersecurity, Smith called for companies to improve information-sharing about cyber-attacks. Kurtz called for Microsoft to fix issues existing in Active Directory and Azure. He said: “Should Microsoft address the authentication architecture limitations around Active Directory and Azure Active Directory, or shift to a different methodology entirely, a considerable threat vector would be completely eliminated from one of the world’s most widely used authentication platforms.”

Related Posts