AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/23/2021

1 – Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned

The Linux kernel is one of the largest software projects in the modern history; with a gigantic 28 millions lines of code. Contributors from all over the world and from different fields submit a large number of patches each day to the Linux kernel maintainers, so that they get reviewed before being officially merged to the official Linux kernel tree. These patches could help fix a bug or a minor issue in the kernel, or introduce a new feature. However, some contributors have been caught today trying to submit patches stealthily containing security vulnerabilities to the Linux kernel, and they were caught by the Linux kernel maintainers. Researchers from the US University of Minnesota were doing a research paper about the ability to submit patches to open source projects that contain hidden security vulnerabilities in order to scientifically measure the probability of such patches being accepted and merged.


2 – Justice Department convenes task force to tackle wave of ransomware attacks

The Justice Department this week convened a new task force to address the mounting ransomware cyberattacks on critical U.S. organizations that have spiked during the COVID-19 pandemic.  The Ransomware and Digital Extortion Task Force, first reported on Wednesday by The Wall Street Journal, will be made of officials from the agency’s National Security Division, Criminal Division, Civil Division, Executive Office of U.S. Attorneys and FBI. It will be charged with working to ensure the Justice Department prioritizes pursuing cases involving ransomware attacks by increasing training for employees, focusing on intelligence sharing across the agency, improving coordination and leveraging all investigative leads. 


3 – Apple, you’ve AirDrop’d the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing

Apple’s AirDrop has a couple of potentially annoying privacy weaknesses that Cupertino is so far refusing to address even though a solution has been offered. A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop – iOS and macOS’s ad-hoc over-the-air file-sharing service – and found that senders and receivers may leak their contact details in the process. More than a billion people are said to be at risk of this, in that there are now more than a billion active iPhones at any one time. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn’t issued a fix. “We started looking at the protocols in 2017,” Dr Milan Stute at the uni’s Secure Mobile Networking Lab told The Register on Wednesday. “We reverse engineered a lot of stuff and found two major issues.”


4 – Nearly half of malware now use TLS to conceal communications

Transport Layer Security has been one of the greatest contributors to the privacy and security of Internet communications over the past decade. The TLS cryptographic protocol is used to secure an ever-increasing portion of  the Internet’s web, messaging and application data traffic. The secure HTTP (HTTPS)  web protocol, StartTLS email protocol, Tor anonymizing network, and virtual private networks such as those based on the OpenVPN protocol all leverage TLS to encrypt and encapsulate their contents—protecting them from being observed or modified in transit. Over the past decade, and particularly in the wake of revelations about mass Internet surveillance, the use of TLS has grown to cover a majority of Internet communications.  According to browser data from Google, the use of HTTPS has grown from just over 40 percent of all web page visits in 2014 to 98 percent in March of 2021. It should come as no surprise, then, that malware operators have also been adopting TLS for essentially the same reasons: to prevent defenders from detecting and stopping deployment of malware and theft of data.


5 – Robots to fan out across world’s oceans to monitor their health

After years studying the icy waters of the Southern Ocean with floating robotic monitors, a consortium of oceanographers and other researchers is deploying them across the planet, from the north Pacific to the Indian Ocean. The project known as the Global Ocean Biogeochemistry Array, or GO-BGC, started in March with the launch of the first of 500 new floating robotic monitors containing computers, hydraulics, batteries and an array of sensors scientists say will relay a more comprehensive picture of the ocean and its health. “The ocean is extremely important to the climate, to the sustainability of the earth, its supply of food, protein to enormous numbers of people. We don’t monitor it very well,” said Ken Johnson, GO-BGC’s project director and a senior scientist at the Monterey Bay Aquarium Research Institute (MBARI) in Moss Landing, California.


6 – COVID vaccines are FREE!

Scammers are doubling down on their efforts to scam people out of their money and personal information. That’s why the FTC and the National Association of Attorneys General (NAAG) are teaming up to remind you: No matter what anyone tells you, you can’t buy COVID-19 vaccines online and there’s no out-of-pocket cost to get the shots. Here are some ways to avoid a vaccine-related scam.


7 – Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang

From a relatively rare threat just a few years ago to one of the biggest moneymakers for cybercriminals today – the meteoric rise of ransomware has cast a shadow of anxiety across businesses of all sizes.  And with the introduction of ransomware-as-a-service, the barrier of entry for getting in on the action has been lowered even further. So much so, in fact, that ransomware groups are now trying to solve their ‘labor shortages’ by recruiting new members on hacker forums, which are frequented by veteran and up and coming cybercriminals alike. But cybercriminals are not the only ones there.  Security researchers – us at CyberNews included – also routinely visit hacker forums for threat intelligence. And as we found out during this investigation, such visits can result in unexpected consequences for everyone involved. Back in June 2020, while gathering intelligence on a popular hacker forum, we stumbled upon a peculiar recruitment ad seemingly posted by a ransomware group. To glean valuable insights into the ransomware operators’ perspective, we decided to pose as a Russian cybercriminal and answered the ad in question. 

Related Posts