AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/01/2021

Research shows Google collects 20x more data from Android than Apple collects from iOS

Tech companies have been talking more about privacy in recent years, and Apple proudly says that it protects user data more than anyone else. This week, new research by Douglas Leith from Trinity College showed that Google collects up to 20 times more data from Android users compared to the data Apple collects from iOS users.  As reported by Ars Technica, the research analyzed the amount of telemetry data transmitted directly to the companies responsible for the iOS and Android operating systems. It checked not only data sent to Apple or Google through pre-installed apps, but also during idle periods. Another interesting point of this research is that it also considers data sent from users who have chosen not to share any information with the companies in the settings for each operating system.


Malware uses underground call centers to trick users into infecting themselves

The operators of the BazarLoader malware are working together with underground call centers to trick the victims of their spam campaigns into opening malicious Office documents and infecting themselves with malware. While this is not the first time when cybercrime gangs have worked together with underground call centers, this is the first time when we see a major malware distributor, such as the BazarLoader gang, use this tactic on a large scale. The attacks are so strange and different from anything else seen on the malware scene today that they have their own name and are usually referred to as BazarCall or BazaCall, due to the fact they rely on a phone call to finish the infection process.


Don’t give hackers a home run by using these baseball team names in your passwords

The start of Major League Baseball season is upon us, and password security firm Specops software is using the yearly milestone to remind people that easily guessed passwords like those containing MLB team or mascot names are a sure-fire way to strike out on keeping your account safe.  “Hackers are known to be opportunistic,” said Specops’ Darren Siegel, adding that current events like the start of baseball season or film and music awards seasons give attackers a reason to use related keywords and phrases when trying to breach accounts. Specops combed its database of breached passwords, analyzing more than 800 million records to arrive at this list of the baseball team names most commonly used in stolen passwords.


USA to publish detailed analysis of SolarWinds hacking tools

US Cyber Command and the Department of Homeland Security (DHS) are preparing to release a detailed analysis of the hacking tools used in the SolarWinds attack, which targeted multiple federal agencies and private firms last year. The report was originally scheduled to be released on Wednesday, but the DHS delayed it without explanation. However, it’s still expected to be published soon. The report provides details on 18 pieces of malware used by suspected Russian hackers to infiltrate US entities. Potentially, it could enable organisations to discover malicious artefacts in their own systems, and take appropriate action to remove them One of the tools analysed is a backdoor named Sunshuttle, which provides hackers with persistent access to a network. Another is called Sibot: a covert tool that masquerades as Windows software.


Feds Charge 22-Year-Old For Hacking Kansas Water Supplier

A Kansas man allegedly tried to tamper with the local water supply after hacking into a public water system, according to federal investigators. On Wednesday, the Department of Justice indicted 22-year-old Wyatt Travnichek of Ellsworth County, Kansas for the hacking crime, which federal investigators say took place two years ago. The incident is separate from last month’s breach involving a water treatment plant in Oldsmar, Florida. The Justice Department claims Travnichek remotely hacked into a protected computer belonging to a rural water district in Ellsworth County, Kansas. After accessing the computer, Travnichek then allegedly shut down certain processes that can affect “the cleaning and disinfecting procedures” at the water treatment facility. “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas, in the announcement. 


Malware hidden in Call of Duty cheat software proves that cheaters never prosper

Hackers have been hiding malware in cheating software for Call of Duty: Warzone and have been trying to spread it to “cheating cheaters,” as a report from Activision calls them (via Vice). You can read the full report here, but it explains that there’s been a campaign by hackers to try to get Warzone players to download a fake cheating engine. After players run it, the malware can then go on to infect the computer with whatever payload is chosen by the hacker.

In short: cheaters never prosper. If the malware doesn’t get you, you’ll likely just get banned from the game instead. Players downloading cheats to help them pwn and then getting pwned themselves is nothing new. I’ll admit it: I wasted my childhood by being a serial cheater, sneaking peeks at my sister’s Battleship board or slipping myself a couple extra $100s when acting as the banker in Monopoly. And when playing video games, I cheated, too. Never online (I had dial-up in the age of Modern Warfare 2), but I certainly downloaded my fair share of patches and mods to try to make games easier or to get better loot.

Related Posts