AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/11/2022

Move over Apple Pay – Hitachi has created a fingerprint payment system

A new biometric finger vein-based biometric authentication system could one day replace your smartphone as the easiest way to pay for goods and services. Nikkei Asia reports that Hitachi has developed just such a system for payments using only your finger: Hitachi has developed a finger vein-based biometrics authentication system to enable the user to check in to a hotel or make payments at shops without a credit card or a smartphone, Nikkei has learned. The report says that by simply placing a finger over a reader, terminals can identify the user to obtain information such as credit card details for payment, but also information such as age or vaccination records, suggesting the system could also be used as a way to verify age and to aid travel.

 

Denial-of-service disrupts Finnish government sites during Zelenskyy speech

A denial-of-service attack knocked the websites for Finland’s defense and foreign ministries offline Friday, the government there said, just as Ukrainian President Volodymyr Zelenskyy spoke to the Finnish parliament. The disruption also coincided with Finland weighing a bid to join NATO and the same day the Finnish defense agency said a Russian aircraft violated its airspace. The Finns didn’t point the finger at any particular culprit, nor did the foreign ministry answer a request for comment on the responsible party. But denial-of-service incidents — where attackers overwhelm a website with fake traffic to disable it — have emerged frequently against Ukrainian targets dating back to before the Russian invasion, with Ukraine explicitly blaming the Kremlin, sometimes with the U.S. backing up those allegations. Russia has also been hostile toward NATO expansion.

 

Microsoft won’t give you any more security updates if you don’t upgrade Windows 10 version 20H2 in the next month

Microsoft is putting the squeeze on anyone who is hanging doggedly on to an old version of Windows. The company is ending support for Windows 10 version 20H2 in just a few short weeks, meaning that anyone who fails to upgrade will no longer receive security updates. Microsoft would, of course, like users to upgrade to Windows 11, but this is not the only option. In all, there are four editions of Windows 10 that reach end of support at the same time. The Home, Pro, Education and Pro for Workstation releases of Windows 10 version 20H2 all reach end of service on May 10, 2022 — just one month from now.

 

Hackers use Conti’s leaked ransomware to attack Russian companies

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly. This lack of attacks is due to the general belief by Russian hackers that if they do not attack Russian interests, then the country’s law enforcement would turn a blind eye toward attacks on other countries. However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks.

 

Human activated risk still a pain point for organizations

Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations. Human activated risk is introduced by human behaviours or actions, through coercion by bad actors, human error or malicious intent. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it.

 

Cop stops driverless car, driverless car seems to flee, confusion ensues

Welcome to the future, in which police officers have to learn to deal with self-driving cars which may not always cooperate. An Instagram video published on April 2 shows police officers in San Francisco pulling over an autonomous vehicle operated by Cruise, likely because its front lights are off. The video shows the officers walking around the fully driverless vehicle, trying to open its doors before giving up. Then, the vehicle takes off and drives another 30 meters or so before stopping after the next intersection. The police follow, and then we see the officers once again trying to open the driverless car’s doors and perhaps turn on its lights. According to Cruise, the car behaved as expected.

Related Posts