AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/16/2021

1 – Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network. In typical fashion for human-operated ransomware attacks, the threat actor stole sensitive information before encrypting devices on the network. Ragnar Locker stated that they had stolen 1TB of Capcom sensitive data and demanded a ransom of $11 million in exchange for not publishing the information and offering a decryption tool.


2 – Microsoft Continues to be Most Imitated Brand for Phishing Attempts in Q1 2021

In Q1, Microsoft was again the brand most frequently targeted by cybercriminals, as it was in Q4 2020. Thirty-nine percent of all brand phishing attempts were related to the technology giant (down slightly from 43% in Q4), as threat actors continued to try to capitalize on people working remotely during the Covid-19 pandemic. DHL maintained its position as the second most impersonated brand, with 18% of all phishing attempts related to it, as criminals persisted in taking advantage of the growing reliance on online shopping. The report also reveals that technology is still the most likely industry to be targeted by brand phishing, followed by shipping. However, banking has replaced retail in the top three industries this quarter, as two banking brands – Wells Fargo and Chase – are now in the top ten list, showing how threat actors are exploiting the recent surge in digital payments due to the pandemic, and the increased dependency on online banking, shopping and home deliveries, to trick users and commit financial fraud.


3 – Another Chrome and Edge exploit published online as browser makers deal with patch gap issues

For the second time this week, a security researcher has published proof-of-concept (PoC) code that can exploit and run malicious code inside Chromium-based browsers like Chrome, Edge, Vivaldi, and Opera. The code, published earlier today on GitHub, exploits a vulnerability in the V8 JavaScript engine that was patched in the V8 source code but has not yet been integrated into the Chromium open-source browser codebase and all the Chromium-based downstream browsers. The researcher who published the exploit for this security flaw today did not respond to an interview request; however, it is believed that they crawled the V8 changelog for fixes and put together the PoC code for one of these security flaws.


4 – The $1 billion Russian cyber company that the US says hacks for Moscow

The hackers at Positive Technologies are undeniably good at what they do. The Russian cybersecurity firm regularly publishes highly-regarded research, looks at cutting edge computer security flaws, and has spotted vulnerabilities in networking equipment, telephone signals, and electric car technology.  But American intelligence agencies have concluded that this $1 billion company—which is headquartered in Moscow, but has offices around the world— does much more than that.  Positive was one of a number of technology businesses sanctioned by the US on Thursday for its role in supporting Russian intelligence agencies.


5 – Amazon and Microsoft team up to defend against facial recognition lawsuits

Cloud-computing and crosstown rivals Amazon and Microsoft have teamed up to defend themselves against twin lawsuits challenging how the companies built their facial recognition software. Illinois residents Steven Vance and Tim Janecyk uploaded images of themselves to the photo-sharing website Flickr in the mid-2000s. Without their knowledge, IBM included their faces in a data set of 1 million images, called Diversity in Faces, intended to help train facial-recognition algorithms to better distinguish between people of color — something facial recognition tools are notoriously bad at doing. A string of incidents in which facial recognition algorithms resulted in wrongful arrests have generated allegations that the software’s implicit racial bias violates civil rights. Microsoft and Amazon both used the Diversity in Faces data set to improve the accuracy of their facial recognition software. 


6 – Google’s Project Zero will wait longer before disclosing security flaws

Google’s Project Zero security team will wait an extra 30 days before disclosing vulnerability details so end-users have enough time to patch software, Google has announced. That means developers will still have 90 days to fix regular bugs (with a 14-day grace period if requested), but Google will wait an additional 30 days before disclosing the details publicly. For flaws being actively exploited in the wild (zero day), companies still have seven days to patch, with a three-day grace period on demand. However, Google will now wait 30 days before revealing the technical details. Last year, Google allowed developers more time to fix bugs, hoping they would fix them quickly enough to allow end-users more time to patch. “In practice however, we didn’t observe a significant shift in patch development timelines, and we continued to receive feedback from vendors that they were concerned about publicly releasing technical details about vulnerabilities and exploits before most users had installed the patch,” Project Zero’s Tim Willis wrote. 

Related Posts