Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/02/2021

The Rise of Vendor-Owned News Sites Underscores the Appetite for Cybersecurity Information

One of the most prolific cybersecurity journalists, Catalin Cimpanu of ZDNet, left the popular CBS-owned tech publication on Friday. Today he joins The Record, a publication backed by the cybersecurity firm Recorded Future. (Catalin’s jump to Recorded Future is occurring the day after the firm issued a report on its startling discovery that a Chinese state-sponsored hacking group dubbed Red Echo introduced malware into Indian power grid control systems, possibly shutting down power in Mumbai.) Catalin’s decision to become a cybersecurity reporter for The Record highlights an intriguing and unique aspect of the cybersecurity industry, namely, the wealth of vendor-funded and fully-owned journalistic publications and outlets. Several high-profile and heavily trafficked sites owned by cybersecurity companies are looking to directly cover the industry beat in ways that don’t push their products. Unlike other industries (and many other cybersecurity companies), these news-oriented companies aren’t forcing journalists they hire to switch from “hack to flack” but instead allow the reporters to (more or less) continue plying their trade.

 

Hackers are finding ways to hide inside Apple’s walled garden

You’ve heard of Apple’s famous walled garden, the tightly controlled tech ecosystem that gives the company unique control of features and security. All apps go through a strict Apple approval process, they are confined so sensitive information isn’t gathered on the phone, and developers are locked out of places they’d be able to get into in other systems. The barriers are so high now that it’s probably more accurate to think of it as a castle wall.  Virtually every expert agrees that the locked-down nature of iOS has solved some fundamental security problems, and that with these restrictions in place, the iPhone succeeds spectacularly in keeping almost all the usual bad guys out. But when the most advanced hackers do succeed in breaking in, something strange happens: Apple’s extraordinary defenses end up protecting the attackers themselves.

 

Hackers exploit websites to give them excellent SEO before deploying malware

Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. SEO optimization is used by webmasters to legitimately increase their website’s exposure on search engines such as Google or Bing. However, Sophos says that threat actors are now tampering with the content management systems (CMS) of websites to serve financial malware, exploit tools, and ransomware. In a blog post on Monday, the cybersecurity team said the technique, dubbed “Gootloader,” involves deployment of the infection framework for the Gootkit Remote Access Trojan (RAT) which also delivers a variety of other malware payloads. 

 

Judge in Google Case Disturbed That Even ‘Incognito’ Users Are Tracked

When Google users browse in “Incognito” mode, just how hidden is their activity? The Alphabet Inc. unit says activating the stealth mode in Chrome, or “private browsing” in other browsers, means the company won’t “remember your activity.” But a judge with a history of taking Silicon Valley giants to task about their data collection raised doubts Thursday about whether Google is being as forthright as it needs to be about the personal information it’s collecting from users. At a hearing Thursday in San Jose, California, U.S. District Judge Lucy Koh said she’s “disturbed” by Google’s data collection practices as described in a class-action lawsuit that says the company’s private browsing promises is a “ruse.” The suit seeks $5,000 in damages for each of the millions of people whose privacy has been compromised since June of 2016. Weighing Google’s attempt to get the suit dismissed, Koh said she finds it “unusual” that the company would make the “extra effort” of data collection if it doesn’t use the information to build user profiles or targeted advertising.

 

VPNs begin to lose their relevance, even as they remain difficult to shed

Virtual private networks have been around for decades, but the past year forced many organizations to expand their use to keep up with growing telework trends. In response, criminal and state-backed hacking groups stepped up their own exploitation of the technology as well. A recent report from Zscaler found that VPNs are still overwhelmingly popular: 93% of companies surveyed reported that they have used them in some capacity. The flip side of that coin is a similarly broad recognition of the dangers and tradeoffs involved, with 94% saying they are also aware of the security risks associated with using VPNs and two-thirds (67%) acknowledging that they are considering alternative options for secure remote access. That concern may be warranted, as Digital Shadows research released last month found that criminal hackers who specialize in gaining and selling initial access into victim networks exploited the technological changes brought on by the global pandemic. Over the past year, the firm noted a substantial increase in the number of initial access listings for sale on the dark web in 2020, particularly those for VPN access which “flourished off the back of increased remote working trends.”  

Related Posts