AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/08/2022

The Ukraine War Is Giving Commercial Space an ‘Internet Moment’

Capabilities honed by commercial space companies to document the destruction inflicted by Russia in Ukraine are likely to have long-lasting effects on the industry. Satellites have brought the world unprecedented glimpses into the brutal war, whether through commercial imagery showing the Russian destruction of a shelter clearly labeled as having kids inside, social-media videos shared via SpaceX’s Starlink satellites, or a photojournalist’s pictures from Mariupol filed through satellite phones. It’s likely these graphic dispatches from the war zone have played at least some role in the global outpouring of support and aid, including the 4 in 10 Americans who said in a March poll that the U.S. should be doing more to help Ukraine. 

 

CrowdStrike and Mandiant Form Mission-Focused Strategic Partnership to Protect Organizations Against Cyber Threats

As two of the most respected leaders in the cybersecurity industry, CrowdStrike and Mandiant share a common mission to stop breaches and put customers’ needs first. Both companies have long operated under the practice that in order to defend against tenacious cyber adversaries, there must be a combination of cutting edge products and elite cybersecurity experts. Because of this, both companies have embraced an open and collaborative approach with high caliber partners and technologies to provide organizations superior protection.

 

Americans’ trust in tech companies hits new low

Trust in tech companies has continued to decline in the U.S. and Canada, while rising in most of the rest of the world. That’s according to fresh data from Edelman’s annual 2022 Trust Barometer, shared first with Axios. The decline in trust comes as pressure is mounting for regulators and legislators to more tightly regulate the industry and its perceived excesses. Globally, the tech industry remains the most trusted sector of business, earning the trust of 74 percent of those served, ahead of healthcare and education. By contrast, social media is the lowest ranked sector, trusted by only 44 percent of respondents.

 

A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

Nordex Group, one of the world’s largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. The attack was uncovered on March 31 and the company immediately started its incident response procedure to contain the attack. Nordex Group shut down “IT systems across multiple locations and business units” as a precautionary measure to prevent the threat from spreading across its networks.

 

Top Three Social Media Scams

While social media is a fantastic way to communicate, share, and have fun with others, it is also a low-cost way for cyber criminals to trick and take advantage of millions of people. Don’t fall victim to the three most common scams on social media.

 

Using Google’s Chrome browser? This new feature will help you fix your security settings

Google is releasing a new tool to help users configure their privacy settings in the Google Chrome browser in the form of a guided tour. The new Google Chrome Privacy Guide walks users through their privacy settings and was developed by engineers in the Google Safety Engineering Center (GSEC), the company’s global hub for privacy and security engineering. “Soon, you’ll see a new card for Privacy Guide in the “Privacy and security” tab in your Chrome settings, which you can find by clicking the three dots on the top-right corner of your browser,” Google said. The guide includes explanations for cookies, history sync, Safe Browsing, and Make Searches and Browsing Better. Google says it may add more settings to the guide based on user feedback.   

 

“CloudSquatting”: Taking Over Abandoned Cloud Storage Locations

We have identified a pervasive issue resulting from websites or applications erroneously referencing abandoned cloud resources. An attacker can easily take over these abandoned resources and potentially steal logins or payment information, modify website content, or even take control of computers. We have dubbed this class of vulnerabilities “CloudSquatting.” In a short time window, we identified 18 million requests to abandoned resources, affecting over 10,000 applications. Affected entities include e-commerce, healthcare, government websites, browser extensions, mobile applications, and desktop applications. One of the 10,000 applications was the popular app, TikTok. This issue was reported to TikTok and was swiftly fixed.

Related Posts