AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/11/2022

1 – Ukrainian IT Army Hijacked by Info-stealing Malware

Security researchers are urging pro-Ukrainian actors to be wary of downloading DDoS tools to attack Russia, as they may be booby-trapped with info-stealing malware. In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets. However, Cisco Talos claimed that opportunistic cyber-criminals are looking to exploit the subsequent widespread outpouring of support for the Eastern European nation. Specifically, it detected posts on Telegram offering DDoS tools which were actually loaded with malware. One such tool, dubbed “Liberator,” is offered by a group calling itself “disBalancer.” Although legitimate, it has been spoofed by others, said Cisco. “The file offered on the Telegram page ended up being malware, specifically an infostealer designed to compromise unwitting users,” it explained.


2 – ‘Game-changer’: SEC rules on cyber disclosure would boost security planning, spending

New rules proposed by the U.S. Securities and Exchange Commission (SEC) that would force a prompt disclosure of major cyberattacks are expected to drive a dramatic improvement in security posture among U.S. companies, cyber industry executives told VentureBeat. The proposed SEC rules include a requirement for publicly traded companies to disclose details on a “material cybersecurity incident” — such as a serious data breach, ransomware attack, data theft or accidental exposure of sensitive data — in a public filing. And under the proposed rule, the disclosure would need to be made within just four business days of the company determining that the incident was “material,” the SEC said.


3 – Brave browser goes the extra mile to block third party cookies

Brave is testing a new feature to stop bounce tracking, a sneaky method that websites use to load third-party tracking cookies so they can gather more information about who is visiting their site. As you may remember from our post about the best browsers for privacy and security, Brave is a Chromium-based browser that blocks unwanted content by default and does not need much tinkering to keep you safe and private. Brave is available for Windows, macOs, Linux, iOS, and Android. Brave Nightly is the version of Brave that is used for testing and development. The releases are updated every night, hence the name, and may contain bugs. Nightly automatically sends out crash reports when things go wrong. Nightly is now used to test a feature that’s designed to prevent what’s known as bounce tracking.


4 – Why Google’s $5.4 billion Mandiant deal may be an ‘inflection point’ for security industry

Security analysts say Google’s recent $5.4 billion deal to buy Mandiant gives the large cloud provider a sought after edge in security services and threat intelligence, even as it lays to rest earlier claims of independence by Mandiant. The deal foiled Microsoft’s attempt to land Mandiant, widely considered the leader in incident readiness and response, and threat intelligence. Analysts said while Microsoft has a strong security product portfolio, it sorely needs a security services group and more than likely will continue looking for that capability, whether via acquisition or developing internally.


5 – EU Lawmakers to Probe ‘Political’ Pegasus Spyware Use

The European Parliament on Thursday created a “committee of inquiry” to probe accusations over the use of Pegasus spyware by governments in the bloc, notably in Hungary and Poland. Lawmakers voted overwhelmingly to “investigate alleged breaches of EU law in the use of the surveillance software by, among others, Hungary and Poland”, a statement said. The 38-member committee “is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was used for political purposes against, for example, journalists, politicians and lawyers”, it said. The Pegasus malware, created by Israeli technology firm the NSO Group, was engulfed in controversy last July after a collaborative investigation by several media outlets reported that a string of governments around the world had used it to spy on critics and opponents. Hungary was listed by the investigative journalism consortium as a potential user of Pegasus, with targets including journalists, lawyers and other public figures.

Related Posts