AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/31/2021

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology. A class-action suit (PDF) in the Circuit Court of the Fifth Judicial Circuit In and For Lake County, Florida, alleges that the tech giant unlawfully intercepted communications without user consent because of its use of analytics technology on its website. The plaintiff–Holly Londers, a Lake County resident–filed the in February in a Florida state court; it was moved to the federal district court in Orlando this week. At issue in the case is session replay software that Intel—and many other companies–use on their respective websites that can track how people interact with the site, including recording their mouse movements and clicks, information they input into the site, and the pages and content they view, according to the suit.


Panasonic, McAfee team up to tackle vehicle cybersecurity

Panasonic and McAfee are joining forces to establish a vehicle security operations center (SOC) to tackle the ongoing threat of cyberattacks. Announced on Tuesday, the new partnership involves both companies jointly creating an SOC to “commercialize vehicle security monitoring services,” with a specific focus on early detection and response.  Smart and intelligent vehicle features, now becoming more common in new models, require connectivity. This is usually established through Bluetooth and internet connections, which — unless properly protected — can also give attackers a chance to establish a foothold into a vehicle’s system. In addition, software vulnerabilities can also be exploited to tamper with a car’s functionality. 


Ransomware group targets universities of Maryland, California in new data leaks

The Clop ransomware group has posted financial documents and passport information allegedly belonging to the University of Maryland and the University of California online. On March 29, the threat actors began publishing screenshots of data allegedly stolen from the US educational institutes.  These screenshots, including records that allegedly belong to the University of Maryland, Baltimore, show a federal tax document, requests for tuition remission paperwork, an application for the Board of Nursing, passports, and tax summary documents. The leaked data snapshots exposed sensitive information points including the photos and names of individuals, home addresses, Social Security numbers, immigration status, dates of birth, and passport numbers. 


Docker Hub images downloaded 20M times come with cryptominers

Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects. Aviv Sasson, part of the Palo Alto Networks threat intelligence team, Unit 42, discovered on Docker Hub 30 malicious images that are involved in cryptojacking operations. The researcher found that they came from 10 different accounts. Some of them have names that clearly indicate their purpose, while others have misleading names like “proxy” or “ggcloud” or “docker.” Images from all but one account continue to be available on Docker Hub at the moment of writing. The owner of one account called “xmrigdocker” appears to have pulled their images from the registry.


ARM introduces v9 architecture with focus on security, AI, and next-gen performance

Most of the world’s smartphones are powered by processors based on designs from ARM, as are a growing number of other devices including servers, personal computers, IoT and smart home devices, and automotive systems. While ARM releases new chip designs regularly, most modern ARM-based processors are based on ARMv8 architecture which was first introduced a decade ago. Now ARM is introducing its successor. The company says the new ARMv9 architecture will enable next-gen chips with better security, enhanced artificial intelligence features, and CPU performance improvements. ARM says it expects CPU performance to increase by 30 percent or more over the next two generations of mobile chip designs. But total performance gains may actually be higher if chip makers adopt multi-core designs and use specialized cores for graphics, AI, and other functions.


Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication. A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source — we’ll call him Adam — spoke on condition of anonymity for fear of retribution by Ubiquiti.

Related Posts