AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/21/2022

1 – The German BSI agency recommends replacing Kaspersky antivirus software

The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine. According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors. “The Federal Office for Information Security (BSI) warns according to §7BSIlaw before using virus protection software from the Russian manufacturer Kaspersky. the BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.” reads the BSI announcement.


2 – CISA ‘Cyber Storm’ exercise simulated response to critical infrastructure attack

The Secret Service partnered with the Cybersecurity and Infrastructure Security Agency (CISA) last week to host a three-day cyber response program, gathering 2,000 participants from international, federal, state, and local governments as well as the private sector. As threats of cyberattacks on critical infrastructure heighten amidst the ongoing war between Russia and Ukraine, the event, called Cyber Storm VIII, was focused on evaluating structures in place for cybersecurity response and readiness. The event, which had participants from 200 organizations from an array of sectors, was not a response “to any specific or credible threats,” CISA said in a statement.


3 – Fake Valorant cheats on YouTube infect you with RedLine stealer

Korean security analysts have spotted a malware distribution campaign that uses Valorant cheat lures on YouTube to trick players into downloading RedLine, a powerful information stealer. This type of abuse is quite common, as the threat actors find it easy to bypass YouTube’s new content submission reviews or create new accounts when reported and blocked. The campaign spotted by ASEC targets the gaming community of Valorant, a free first-person shooter for Windows, offering a link to download an auto-aiming bot on the video description.


4 – Dev Sabotages Popular NPM Package to Protest Russian Invasion

The developer behind the hugely popular npm package “node-ipc” has released sabotaged versions of the library to condemn Russia’s invasion of Ukraine: a supply-chain tinkering that he’d prefer to call “protestware” as opposed to “malware.” Regardless of the peace-not-war messaging, node-ipc is now being tracked as a malicious package: one with malicious code that targets users with IP addresses located in Russia or Belarus that overwrites their files with a heart emoji. It started on March 8, when npm maintainer Brandon Nozaki Miller (aka RIAEvangelist) wrote source code and published an npm package called peacenotwar and oneday-test on both npm and GitHub.


5 – Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency (EASA) warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be targeting satellite communications networks in general. The navigation-jamming attacks affecting airplanes started Feb. 24, the first day of the Russian invasion of Ukraine, EASA said – and they’ve continued to proliferate. So far, the affected areas include the Black Sea airspace, Eastern Finland, the Kaliningrad region and other Baltic areas, and the Eastern Mediterranean area near Cyprus, Turkey, Lebanon, Syria and Israel, as well as Northern Iraq.


6 – Netflix fights password-sharing with test of $3 “Extra Member” fee

Netflix will soon charge an extra fee for sharing accounts with people in other households. This is the company’s latest attempt to reduce the password-sharing that has been common among Netflix users for years. The fee will roll out in Chile, Costa Rica, and Peru “over the next few weeks” and potentially go worldwide at a later date. “Members on our Standard and Premium plans will be able to add sub accounts for up to two people they don’t live with—each with their own profile, personalized recommendations, login and password—at a lower price: 2,380 CLP in Chile, 2.99 USD in Costa Rica, and 7.9 PEN in Peru,” Netflix said in an announcement yesterday. Based on current conversion rates, 2,380 CLP is about $2.98 USD and 7.9 PEN is about $2.12 USD. The new fee will be paired with the ability for users to transfer profile information (including their viewing history and watchlist) to a new account or an Extra Member account. After rolling out the fee and profile transfers in Chile, Costa Rica, and Peru, Netflix will “be working to understand the utility of these two features for members in these three countries before making changes anywhere else in the world,” the company said.


7 – Standard virtual workspace security is improving but still not enough

The COVID-19 pandemic sparked a shift towards work-from-home or telecommuting arrangements, which many companies are saying they are likely to retain even after the pandemic. This new way of working or doing business has raised the demand for collaboration platforms and virtual rooms, which in turn create new cyber security challenges. One recent flaw is referred to as a cross-site leak or XS-Leak and is linked to Slack’s file-sharing feature. If exploited, malicious actors can potentially identify users outside of the workforce messaging platform. It allows cybercriminals to circumvent the web browser security feature called “same-origin policy,” which stops browser tabs and frames of different domains from accessing each other’s data.


8 – FBI warns on ransomware that uses DDoS to threaten victims. Here’s what to watch out for

AvosLocker, a ransomware-as-a-service menace that launched in July 2021, continues to attack US critical infrastructure, the US Federal Bureau of Investigations (FBI) has warned in an advisory. The AvosLocker gang has targeted victims in the US within financial services, critical manufacturing, and government facilities, according to the FBI. “AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets,” the FBI’s Internet Crime Center (IC3) reports. 

Related Posts