AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/12/2021

Comcast scrambled to fix mistake that cut some users’ upload speeds by 20%

Some Comcast customers received an unwelcome surprise yesterday morning when their upload speeds were suddenly lowered from 20Mbps to 16Mbps. Comcast was raising download speeds on its “Extreme Pro” tier from 600Mbps to 800Mbps—good news, to be sure—but the plan’s relatively paltry 20Mbps upload speeds received a simultaneous 20 percent cut. Customers affected by the change complained to Comcast, and two of them emailed Ars yesterday. When we passed these complaints on to Comcast public relations, a spokesperson initially told us that “there was no change to the upstream speed.” But after we pointed out that customers were in fact getting reduced upload speeds, Comcast investigated further and discovered it made a mistake while rolling out download-speed upgrades for some of its plans. “The customers who received the [download] speed increase last night should now be seeing the correct upload speeds in their usage meter,” Comcast told Ars last night. “When we pushed the speed increase overnight, there was an issue with how the upload speeds were provisioned, which is why the meter and our internal tools that our care agents use were showing the upload speed of 16Mbps. Once you notified us, we quickly looked into it and everything should be correct now.”

 

Microsoft Exchange Hack Could Be Worse Than SolarWinds

The scope of damage from the newly public Microsoft Exchange vulnerability keeps growing, with some experts saying that it is “worse than SolarWinds.” As of last count, more than 60,000 organizations have fallen victim to the attack. “The scale of the attack is the biggest threat at this time,” said Mark Goodwin, managing senior analyst at security consulting firm Bishop Fox. Government institutions have been attacked, large corporations, and small local businesses, he told DCK. According to the internet scanning tool Shodan, more than 250,000 servers are vulnerable, he added. Unlike the SolarWinds breach, the Microsoft Exchange vulnerability can be exploited in an automated way. If a data center has an Exchange server accessible via the public internet, assume it’s been compromised, he said. The problem is so severe that Microsoft has released patches even for older servers that are no longer supported, Goodwin said. And, unlike the SolarWinds breach, which was primarily exploited by a single state-sponsored group, reportedly from Russia, the Microsoft Exchange vulnerability is open to everybody. 

 

Netflix tests clampdown on password sharing

Netflix might soon take an uncompromising position on password sharing, as the company this week began to test a verification system designed to dissuade the common practice.  A select number of subscribers this week were met with a prompt reading, “If you don’t live with the owner of this account, you need your own account to keep watching,” reports The Streamable. Users were then asked to verify their account by entering a generated code sent via email or text. “This test is designed to help ensure that people using Netflix accounts are authorized to do so,” a Netflix representative told the publication. It is unclear how Netflix is monitoring password usage, though an easy route would be IP address tracking. The test is reportedly limited to customers accessing the service through smart TVs, though testing could expand at a later date and become standard policy. Alternatively, nothing might come of the test, as the company told CNBC it conducts “hundreds” of similar trials each year.

 

Beer-Brewer Molson Coors Reports Ongoing Cyber Incident

The Molson Coors Beverage Company reported Thursday it is in the process of responding to an ongoing cybersecurity incident that has caused system outages throughout the brewer’s manufacturing process. “Although the company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the company’s business, including its brewery operations, production, and shipments,” Molson Coors says in a form 8-K filing with the Securities and Exchange Commission.  In the filing, the company says it has engaged leading forensic information technology firms and legal counsel to assist in the investigation. Internal IT and security teams are also working around the clock to get the systems back up as quickly as possible, the company says.

 

Apple takes serious measures in action against zero-click exploits in iOS

Apple is taking measures in an upcoming version of iOS that should make zero-click exploits more difficult. These are exploits for vulnerabilities with which an attacker can take over a device without the victim’s interaction. Exploits like this are highly sought after by both criminals as well as intelligence services, and can cost upwards of a million dollars to obtain from vendors specializing in dealing in vulnerabilities. For example, this might involve sending a specially crafted iMessage message with which an attacker can execute his code on a target’s iPhone. Such attacks have taken place in the past. Zero-click exploits have been used in several attacks on iPhone users in the past. In 2016, hackers working for the United Arab Emirates government used a zero-click tool called Karma to break into hundreds of iPhones. In 2020 a zero-click exploit was used to monitor iPhones belonging to 37 journalists. Google’s Project Zero team has also discovered vulnerabilities that could have allowed for zero-click attacks.

Related Posts