AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/28/2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide. Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection, a closely-guarded Russian cybercriminal forum that existed until 2015. Berezan’s indictment (PDF) says he used his status at DirectConnection to secure cashout jobs from other vetted crooks on the exclusive crime forum.


Hackers Attacked Satellite Terminals Through Management Network, Viasat Officials Say

The cyberattack that cut communications for thousands of European users of Viasat’s satellite broadband service last month was carried out by hackers compromising and exploiting the system that manages customer terminals, two Viasat officials told Air Force Magazine. The attack, which happened as Russian forces rolled into Ukraine on Feb. 24, affected tens of thousands of terminals in Ukraine and across Europe, which were part of the KA-SAT network, a satellite broadband asset that Viasat bought last year from French satcom giant Eutelsat. End users affected included some in the Ukrainian military, and the attack dramatically demonstrated the vulnerability of commercial satellite communications capabilities on which the U.S. military increasingly relies.


URL rendering trick enabled WhatsApp, Signal, iMessage phishing

A rendering technique affecting the world’s leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, allowed threat actors to create legitimate-looking phishing messages for the past three years. The vulnerabilities are rendering bugs resulting in the apps’ interface incorrectly displaying URLs with injected RTLO (right to left override) Unicode control characters, making the user vulnerable to URI spoofing attacks. When injecting an RTLO character in a string, it causes a browser or messaging app to display the string from right-to-left rather than its normal left-to-right orientation. This character is predominantly used for the display of Arabic or Hebrew messages.


US says Kaspersky poses unacceptable risk to national security

The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. Kaspersky services covered by this decision include information security products, solutions, and services supplied by Kaspersky or any linked companies, including subsidiaries or affiliates. FCC’s national security ban list was also expanded to include Chinese state-owned mobile service providers China Mobile International USA and China Telecom Americas. The decision was taken following requirements in the Secure and Trusted Communications Networks Act of 2019 [PDF].


Hackers weigh in on programming languages of choice

Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed. Members of Europe’s Chaos Computer Club, which calls itself “Europe’s largest association of hackers” were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results. The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.


Google Issues Emergency Security Update For 3.2 Billion Chrome Users—Attacks Underway

Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability. The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability. A fact that only goes to emphasize how serious this one is. In a Chrome stable channel update announcement, published March 25, Google confirms it “is aware that an exploit for CVE-2022-1096 exists in the wild.” All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.


US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

The European Union and the US have reached a high-level agreement to allow transatlantic data sharing under a deal that promises better privacy rights for EU citizens and stronger oversight of US intelligence gathering. President Joe Biden and Ursula von der Leyen, president of the European Commission, announced that the EU and the US had reached agreement on a successor to the Privacy Shield data sharing agreement, ruled unlawful in July 2020 by an EU court. The White House said the US agreed to expand its oversight of US signals intelligence, strengthen civil liberties safeguards, and create a new binding legal mechanism that will give EU citizens rights of redress if they believe their data has been abused.


Russia’s invasion of Ukraine has destroyed a historic computer museum

Earlier this week, Club 8-bit, one of Ukraine’s largest privately-owned computer museums, was destroyed during the siege of Mariupol. Kotaku spotted news of the event after its owner, Dmitry Cherepanov, took to Facebook to share the fate of Club 8-bit. “That’s it, the Mariupol computer museum is no longer there,” he said on March 21st. “All that is left from the collection that I have been collecting for 15 years are just fragments of memories on the FB page, website and radio station of the museum.” Club 8-bit’s collection included more than 500 pieces of computer history, with items dating from as far back as the 1950s. Gizmodo visited the museum in 2018, describing it at the time as “one of the largest and coolest collections” of Soviet-era computers to be found anywhere in the world. It took Cherepanov more than a decade to collect and restore many of the PCs on display at Club 8-bit. What makes the museum’s destruction even more poignant is that it documented a shared history between the Ukrainian and Russian people.

Related Posts