AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/23/2021

Popular remote lesson monitoring program could be exploited to attack student PCs

Researchers have uncovered a slew of critical vulnerabilities in remote monitoring software — an incident made worse as it could impact student safety and privacy.  On Monday, McAfee disclosed the existence of multiple security holes in Netop Vision Pro, popular monitoring software adopted by schools for teachers to control remote learning sessions. The software is marketed for teachers to keep control of lessons. Features include viewing student screens and sharing the teachers’, implementing web filters, pushing URLs, chat functions, and freezing student screens. “Adding technology to the classroom allows you to give your students a multitude of new resources, but it can also add more distractions,” the vendor says. “Classroom management software helps you scaffold your students’ learning while still keeping them on track. In the classroom or during remote learning, Vision’s simple features allow you to manage and monitor your students in real-time.”


RedTorch Formed from Ashes of Norse Corp.

Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services. Norse’s attack map was everywhere for several years, and even became a common sight in the “brains” of corporate security operations centers worldwide. Even if the data that fueled the maps was not particularly useful, the images never failed to enthrall visitors viewing them on room-sized screens.


The ‘Frankencloud’ model is our biggest security risk

Recent testimony before Congress on the massive SolarWinds attacks served as a wake-up call for many. What I saw emerge from the testimony was a debate on whether the public cloud is a more secure option than a hybrid cloud approach. The debate shouldn’t surround which cloud approach is more secure, but rather which one we need to design security for. We — enterprise technology providers — should be designing security around the way our modern systems work, rather than pigeonholing our customers into securing one computing model over the other. The SolarWinds attack was successful because it took advantage of a vast, intermixed supply chain of technology vendors. While there are fundamental lessons to be learned on how to protect the code supply chain, I think the bigger lesson is that complexity is the enemy of security.


Section 230 likely to take center stage at Big Tech hearing: ‘Everyone’s looking for something to blame’

The CEOs of Facebook (FB), Google (GOOG, GOOGL), and Twitter (TWTR) will appear before Congress again Thursday to answer lawmakers’ questions about the spread of disinformation and misinformation on their platforms. And just like with previous hearings involving Big Tech, Section 230 of the Communications Decency Act is expected to take center stage. Considered a foundational law for the modern internet, Section 230 protects websites from legal liability for third-party content posted to their sites, as well as from liability for moderating that content. The law has come under an increasingly harsh microscope as members of Congress on both sides of the aisle have sought to air their grievances about whether social media companies regulate speech on their platforms too much or too little — especially in light of the role of social media in the deadly assault on the Capitol on Jan. 6. The debate over 230 could have long-lasting implications not only for how some of the biggest sites on the internet operate, but also the smallest, including whether they continue to host user-generated content.


Swiss firm says it has accessed servers of a SolarWinds hacker that attacked 4,700 targets

A Swiss cyber-security firm says it has accessed servers used by a hacking group tied to the SolarWinds breach, revealing details about who the attackers targeted and how they carried out their operation. The firm, Prodaft, also said the hackers have continued with their campaign through this month. Prodaft researchers said they were able to break into the hackers’ computer infrastructure and review evidence of a massive campaign between August and March, which targeted thousands of companies and government organisations across Europe and the United States. The aim of the hacking group, dubbed SilverFish by the researchers, was to spy on victims and steal data, according to Prodaft’s report.


How to secure your Alexa device

Do you know if your Alexa device is always listening? Do you know if a hacker got into your device? Do you know what information your Echo is storing? It’s not just your computer or your smartphone that needs to be secured. Your Echo needs to be secured, too. There are a few steps you can take to enhance safety and protect your privacy when using Alexa devices. Choosing a strong password and using a pin for voice purchases are a few examples of security measures you can take. On the same day Amazon unveiled the Echo Show 5, it also announced a new privacy feature that allows customers to delete all of their recordings from their Alexa device for a specific day.

Related Posts