Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/22/2021

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet

Criminals are upping the potency of distributed denial-of-service attacks with a technique that abuses a widely used Internet protocol that drastically increases the amount of junk traffic directed at targeted servers. DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service. As DDoS-mitigation services develop protections that allow targets to withstand ever-larger torrents of traffic, the criminals respond with new ways to make the most of their limited bandwidth. In so-called amplification attacks, DDoSers send requests of relatively small data sizes to certain types of intermediary servers. The intermediaries then send the targets responses that are tens, hundreds, or thousands of times bigger. The redirection works because the requests replace the IP address of the attacker with the address of the server being targeted.

 

Spotting scammy emails

Let’s say you get an email about a charge to your credit card for something you aren’t expecting or don’t want. Your first instinct may be to immediately call the company or respond to the email and to stop the payment. Scammers know that, and are taking advantage of it in a new phishing scheme. People tell us they’re getting emails that look like they’re from Norton, a company that sells antivirus and anti-malware software. (Tip: the emails are NOT from Norton.) The emails say you’ve been (or are about to be) charged for a Norton product — maybe an auto renewal or new order. If this is a mistake, the email says, you should call immediately. (Tip: don’t.)

 

Twitter images can be abused to hide ZIP, MP3 files — here’s how

Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. Although the art of hiding non-image data in images (steganography) isn’t novel, the fact that the images can be hosted on a popular website like Twitter and are not sanitized opens up a possibility for their abuse by malicious actors. Yesterday, researcher and programmer David Buchanan attached example images to his tweets that had data such as entire ZIP archives and MP3 files hidden within. Although the attached PNG files hosted on Twitter represent valid images when previewed, merely downloading and changing their file extension was enough to obtain different content from the same file.

 

Your House Key? Researchers Are Working On a Way To Hack It

In a study published last year, researchers with the National University of Singapore laid out what is essentially a high-tech solution for breaking and entering.

The method, which is being called the “SpiKey” attack, is quite novel. It leverages acoustical analysis of the noises a key makes when it enters a lock to virtually simulate its approximate size and shape. From there, a potential attacker could potentially “clone” the key, easily gaining access to a home or building, researchers say. How it might work goes something like this: A sophisticated burglar uses a smart phone mic or other device to record a potential victim as they enter their home. Software can then be used to analyze the sounds the key made as it engaged the lock, honing in on “the time difference between audible clicks” to “infer the bitting information,” the researchers write.

 

Zuckerberg: Facebook may actually be in a ‘stronger position’ after Apple’s iOS 14 privacy changes

Facebook CEO Mark Zuckerberg on Thursday said he is confident the social media company “will be able to manage through” Apple’s upcoming planned privacy update to iOS 14, which will make it easier for iPhone and iPad users to block companies from tracking their activity to target ads. “We’ll be in a good position,” Zuckerberg said Thursday afternoon in Josh Constine’s PressClub Clubhouse room. Apple’s upcoming privacy changes will inform users about device ID tracking and ask them if they want to allow it. The tracking is based on a unique device identifier on every iPhone and iPad called the IDFA. Companies that sell mobile advertisements use this ID to help target ads and estimate their effectiveness. Apple has said that the change will roll out early this spring. Zuckerberg explained that the change could benefit Facebook if more businesses decide to sell goods directly through Facebook and Instagram.

 

Computer giant Acer hit by $50 million ransomware attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019. Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof. These leaked images are for documents that include financial spreadsheets, bank balances, and bank communications. In response to BleepingComputer’s inquiries, Acer did not provide a clear answer regarding whether they suffered a REvil ransomware attack, saying instead that they “reported recent abnormal situations” to relevant LEAs and DPAs.

Related Posts