AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/08/2022

Ukraine joins Nato cyber knowledge hub

Nato’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) has unanimously approved the accession of Ukraine to the organisation as a contributing participant in a vote held at a meeting of its Steering Committee. CCDCOE, which is based in the Estonian capital Tallinn, said Ukraine’s experience from previous state-backed cyber attacks orchestrated by Moscow would provide significant value to the organisation, which is tasked with interdisciplinary applied research, consultations, training and exercises in cyber security. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise between Ukraine and CCDCOE member nations,” said CCDCOE director Jaak Tarien. “Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training.”


Samsung confirms Galaxy source code breach but says no customer information was stolen

Samsung on Monday confirmed that the company recently suffered a cyberattack, but said that it doesn’t anticipate any impact on its business or customers. Last week, South American hacking group Lapsus$ claimed it had stolen 190GB of confidential data, including source code, from the South Korean tech giant’s servers. The group also posted snapshots of the alleged data online. Samsung has now confirmed in a statement, without naming the hacking group, that there was a security breach, but it asserted that no personal information of customers was compromised. “We were recently made aware that there was a security breach relating to certain internal company data. Immediately after discovering the incident, we strengthened our security system,” the company said.


Social media phishing attacks are at an all time high

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment. The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021. As part of their report, Vade analyzed 184,977 phishing pages to create stats based on billion corporate and consumer mailboxes that the cybersecurity firm protects.


Cloudflare not fully backing out of Russia, company says, as tech firms are forced to weigh in

Cloudflare, a major web infrastructure firm that keeps websites online by protecting them from distributed denial-of-service  attacks, said Monday that it will continue to provide some services within Russia despite several calls to pull out, stating that “Russia needs more Internet access, not less.” The statement is just the latest example of internet infrastructure firms having to explain how they are approaching business in Russia as that country’s government continues its brutal assault on Ukraine, and the government of Ukraine seeks to isolate Russia from the internet by publicly calling out major tech and web firms with business interests there.


This major Linux security vulnerability has been fixed, so patch now

If you’re running a Linux distro on your computer or use an Android smartphone, you should install the latest updates immediately as a severe security vulnerability has been found and patched in the Linux kernel. The vulnerability, tracked as CVE-2022-0847 and dubbed “Dirty Pipe”, was discovered by a software developer named Max Kellerman at the web hosting company IONOS earlier this year.  According to a detailed blog post published by Kellerman, he first became aware of the vulnerability present in the Linux kernel since 5.8 after receiving customer complaints about corrupted files. After the same problem occurred multiple times after the first report, Kellerman was able to recognize a pattern and discover that the cause of the error was in the Linux kernel itself.


“Alexa, hack yourself” – researchers describe new exploit that turns smart speakers against themselves

Researchers have discovered a novel way of exploiting Amazon Echo smart speakers to perform commands. They get the Amazon Echo speaker to say the commands to itself. In a technical paper, researchers from London’s Royal Holloway University in London and the University of Catania in Italy describe their findings, which exploits how an Echo device can correctly interpret voice commands – even when they are played by the device itself. The attack which has been dubbed “Alexa versus Alexa” (or AvA for short) sees an attacker taking control of an Echo’s speaker, and commanding it to say malicious spoken instructions out loud to itself. Through the technique, a vulnerable device could be ordered to make unauthorised purchases from Amazon, or turn on or off IoT devices in the home or office. Cunningly, even when Echo devices request verbal confirmation of a sensitive command, the researchers found it was trivial to bypass the check by making the device say the word “yes” around six seconds after issuing the command.

Related Posts