AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/10/2022

1 – FBI pushes for ‘real time’ cyber incident reporting mandates, liability protections

FBI Director Christopher Wray continued to argue that his bureau should receive mandatory reports about hacks and other significant cyber incidents from critical infrastructure “in real time” and called for strong liability protections for businesses. In testimony to the House Intelligence Committee Tuesday, Wray was asked to assess the impact of the Cyber Incident Reporting Act, which passed the Senate last week in a package of cyber-related legislation. Wray strongly endorsed the concept of the bill, but said the bureau had a number of issues with the way the reporting was structured. “No one believes more in the importance of private sector reporting of cyber threat information than I do. I’ve been testifying and calling for it for quite some time. It’s important however that information flow real time,” said Wray.


2 – Most ServiceNow Instances Misconfigured, Exposed

Nearly 70 percent of instances of the software-as-a-service (SaaS) platform ServiceNow Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being potentially exposed to the public. ServiceNow is a $4.5 billion company whose software helps enterprises with their digital workflows. According to a report published Wednesday by AppOmni, more than 20,000 companies use the platform. The cause of all the exposure, the report stated, is “a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users.” ACLs – access control lists – track permissions in an IT environment.


3 – Ukraine invasion: This may be the quiet before the cyber-storm, IT staff warned

As the invasion of Ukraine heads into its third week with NATO allies ratcheting up sanctions against Russia, infosec vendors have urged Western governments and businesses to prepare for retaliatory cyberattacks. According to Mandiant, Ukraine remains the top target for destructive or disruptive cyberattacks. That said, several US and EU sectors including government, financial services, energy and utilities, and transportation face a “moderate-high” risk of attack from Kremlin-backed miscreants. Media outlets, meanwhile, face a “moderate” risk.  So far, apart from a few standout moments – such as web systems being knocked over, wiper malware infecting machines, and satellite communication terminals coming under attack – there’s been little indication of a serious, widespread escalation in cyberwarfare between Russia and Ukraine and its allies.


4 – Mobile Malware is Surging in Europe: A Look at the Biggest Threats

Starting in early February, our researchers detected a 500% jump in mobile malware delivery attempts in Europe. This is in keeping with a trend we’ve observed over the past few years where mobile messaging abuse has steadily increased as attackers ramp up attempts at smishing (SMS/text-based phishing) and sending malware to mobile devices. In 2021 alone, we detected several different malware packages across the globe. Although volume fell sharply toward the end of 2021, we’re seeing a 2022 resurgence. Today’s mobile malware is capable of a lot more than just stealing credentials. Recent detections have involved malware capable of recording telephone and non-telephone audio and video, tracking location and destroying or wiping content and data. Here’s a primer on some of the most common mobile malware our users are facing—and simple steps you can take to protect yourself. 


5 – Anonymous hacked Russian cams, websites, announced a clamorous leak

Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken over more than 400 Russian cameras in support of Ukraine. The hacktivist shared the live feed of the hacked cameras on the website behindenemylines.live, the hacked cams are grouped in various categories based on their location (Businesses, Outdoor, Indoor, Restaurants, Offices, Schools, and Security Offices). Anonymous overlaid text describing the atrocities of an absurd invasion that Putin tries to hide from his population. The message states “Putin is killing children, 352 Ukraine civilians dead. Russians lied to 200RF.com”. In a similar campaign, recently the hacker group hacked live TV channel streaming services in Russia to broadcast war footage from Ukraine.

Related Posts