AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/15/2021

1 – DuckDuckGo can now block the Google Chrome tracking method, FLoC

In an attempt to better track users and predict their search habits, Google Chrome has developed FLoC (Federated Learning of Cohorts). FLoC provides visibility into user data to any website that desires this information. In fact, FLoC places each user in an ID group to help websites recognize and target individuals. In response, the alternative search engine DuckDuckGo has come out with an extension for Chrome that can block FLoC tracking. Furthermore, users now have the option of using either the DuckDuckGo application or extension to entirely opt out of FLoC monitoring.


2 – U.S. intelligence community details destructive cyber capabilities, growing influence threats

The intelligence community made its most direct public attribution yet that Russia was behind weaving malicious code into a SolarWinds software update to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. The intelligence community said Russia was behind the software supply chain hack in the intelligence community’s Annual Threat Assessment, which the Office of the Director of National Intelligence released Tuesday. “A Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments,” the assessment notes, without naming SolarWinds.


3 – FireEye: More than 1,900 distinct hacking groups are active today

US cybersecurity firm FireEye says that based on its internal data, there are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cybercrime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously-known clusters. The 1,900 figure includes nation-state-sponsored threat actors (known as APTs), financially motivated groups (known as FINs), and uncategorized groups (known as UNCs) about which information is still scarce to place them in either of the first two categories.


4 – WhatsApp flaw lets anyone lock you out of your account

If you use WhatsApp, you may want to be wary of an attack where cybercriminals could suspend your account using only your phone number. The underlying loophole abuses a lapse in security of two independent WhatsApp processes, according to Forbes, which quoted research by Luis Márquez Carpintero and Ernesto Canales Pereña. For context, when you first go through the process of setting up your WhatsApp account on a device, you’re asked for your phone number to which a verification code is sent. Once you enter the code, you’re prompted for your two-factor authentication (2FA) number to confirm your identity. However, there is no way to prevent anyone from using your number in the verification process. If an attacker were to do that, you would receive calls and messages from WhatsApp with a verification code, together with a notification urging you not to share the registration code with anyone. The criminal could do this repeatedly, whereas you might disregard the messages as a bug.


5 – Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone

The FBI partnered with an Australian security firm called Azimuth Security to gain access to an iPhone linked to the 2015 San Bernardino shooting, a new report from The Washington Post reveals. Before now, the methods the FBI used to get into the iPhone were kept secret. It was only clear that Apple wasn’t involved, as the company had refused to build a backdoor into the phone, kicking off a legal battle that only ended after the FBI successfully hacked the phone. The phone at the center of the fight was seized after its owner, Syed Rizwan Farook, perpetrated an attack that killed 14 people. The FBI attempted to get into the phone but was unable to due to the iOS 9 feature that would erase the phone after a certain number of failed password attempts. Apple attempted to help the FBI in other ways but refused to build a passcode bypass system for the bureau, saying that such a backdoor would permanently decrease the security of its phones.


6 – Risk startup LogicGate confirms data breach

Risk and compliance startup LogicGate has confirmed a data breach. But unless you’re a customer, you probably didn’t hear about it. An email sent by LogicGate to customers earlier this month said on February 23 an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud, which helps companies to identify and manage their risk and compliance with data protection and security standards. LogicGate says its Risk Cloud can also help find security vulnerabilities before they are exploited by malicious hackers. The credentials “appear to have been used by an unauthorized third party to decrypt particular files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment,” the email read.

Related Posts