AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/02/2021

Update on campaign targeting security researchers

In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.” The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page. In January, targeted researchers reported that the PGP key hosted on the attacker’s blog acted as the lure to visit the site where a browser exploit was waiting to be triggered.


What to know before downloading a subscription management app

As consumers add more and more subscriptions to their budget, keeping track of the payments and reducing costs can get tricky. Many people are turning to subscription management apps to help. If you’re thinking about using an app, such as Truebill or Trim, here’s how to cut back on your expenses and stick to your budget, all while keeping your personal data safe. Be careful whom you trust with your data. Subscription management apps help consumers identify the subscriptions they are paying for, find subscriptions that can be canceled, and remember when payments are taken from their bank account. To do all this, apps need to access your financial records. Most apps are trustworthy, but avoid the risk of identity theft by reading the fine print carefully. This includes reviewing the app’s privacy policies, before you allow access to your bank account and other financial data.


SCO Linux FUD returns from the dead

I have literally been covering SCO’s legal attempts to prove that IBM illegally copied Unix’s source code into Linux for over 17 years. I’ve written well over 500 stories on this lawsuit and its variants. I really thought it was dead, done, and buried. I was wrong. Xinuos, which bought SCO’s Unix products and intellectual property (IP) in 2011, like a bad zombie movie, is now suing IBM and Red Hat “illegally Copying Xinuos’ software code for its server operating systems.” For those of you who haven’t been around for this epic IP lawsuit, you can get the full story with “27 eight-by-ten color glossy photographs and circles and arrows and a paragraph on the back of each one” from Groklaw. If you’d rather not spend a couple of weeks going over the cases, here’s my shortened version. Back in 2001, SCO, a Unix company, joined forces with Caldera, a Linux company, to form what should have been a major Red Hat rival. Instead, two years later, SCO sued IBM in an all-out legal attack against Linux.


Akamai Sees Largest DDoS Extortion Attack Known to Date

Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai. The recently observed assaults haven’t reached the magnitude of the largest DDoS attacks the company has mitigated to date, which have peaked at 1.35 Tbps in 2018 and at 1.44 Tbps in 2020, but three of them are among the six biggest volumetric DDoS attacks Akamai has ever encountered. Akamai says the increased number of bigger volumetric DDoS attacks is, in fact, the new norm. Since the beginning of the year, the company has already observed more attacks peaking at over 50 Gbps than during the entire 2019. The largest of these were 800+ Gbps assaults: one at 824 Gbps, the other at 812 Gbps, both during the same day, February 24. Akamai also observed a 594 Gbps attack on March 5.


Quantum computing breakthrough could accelerate adoption by years

A UK-based startup has been able to demonstrate a process for manufacturing quantum chips at scale using existing manufacturing processes. 

Founded by academics from UCL and Oxford University, Quantum Motion has been able to create a stable qubit, the building block of quantum computers, on a standard silicon chip. This is a positive departure from current endeavors that rely on special chips fabricated in the confines of a lab. “We’re hacking the process of creating qubits, so the same kind of technology that makes the chip in a smartphone can be used to build quantum computers,” explained John Morton, Professor of Nanoelectronics at UCL and co-founder of Quantum Motion. Qubits are the building blocks of quantum computers, and are usually fabricated using specialized and expensive technologies such as superconductors or individually trapped atoms.


North American cities are ‘most digitally advanced,’ new report says

North American cities, including 40 in the United States, have more-advanced digital services and digital infrastructure than their international counterparts, according to research published this week by a Philadelphia-based innovation think tank. Cities in North America are the most prepared in the world to deliver government services built on artificial intelligence, the “internet of things” and cloud-based software, according to the report, published Tuesday by ESI ThoughtLab, an arm of the consulting firm Econsult Solutions. Twelve U.S. cities — including Baltimore, Boston, Los Angeles and New York — are global “leaders” in deploying connected infrastructure and making digital investments, the report claimed. The 167-city study, titled “Smart City Solutions for a Riskier World,” classified another 17 cities as “intermediate” in their progress toward becoming “smart cities,” possessing somewhat less-advanced data collection and analysis systems.

Related Posts