AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/27/2021

1 – Password manager Passwordstate hacked to deploy malware on customer systems

A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users’ devices, most of which are enterprise customers. Click Studios, the Australian software firm behind Passwordstate, has notified its 29,000 customers earlier today via email. According to a copy of the company’s communications, obtained by Polish tech news site Niebezpiecznik, the malware-laced update was live for 28 hours between April 20, 20:33 UTC and April 22, 00:30 UTC. Danish security firm CSIS, which dealt with the aftermath of this supply chain attack, published today an analysis of the attacker’s malware. The security firm said the threat actor forced the Passwordstate apps to download an additional ZIP file named “Passwordstate_upgrade.zip” that contained a DLL file named “moserware.secretsplitter.dll.” After installation, this DLL file would ping a remote command and control server, from where it would request new commands and retrieve additional payloads.


2 – Apple releases iOS 14.5 with stricter app tracking privacy

Apple just pushed out one of its more important mid-cycle OS updates in recent memory. The company has released iOS 14.5 (and iPad OS 14.5), a significant upgrade that adds a few genuinely convenient features — including one that’s causing Facebook grief. The new software notably introduces a previously delayed system that requires permission for advertiser device IDs. Apple says this will improve your privacy by limiting tracking, but Facebook has complained that it will hurt ad revenue. Others are less contentious. The new iOS update lets you unlock your Face ID-equipped iPhone with your Apple Watch (running watchOS 7.4, that is) while wearing a face mask, so you won’t have to enter your passcode whenever you’re out in the pandemic-struck world. The 14.5 release also marks the launch of a redesigned Podcasts app with options paid subscriptions. And if you’re a gamer, you might be happy to find support for PlayStation 5 and Xbox Series X controllers.


3 – Ransomware gang publishes files stolen from D.C. police department

Files belonging to the Washington, D.C., Metropolitan Police Department briefly appeared Monday on a leak site affiliated with a relatively new form of ransomware. In images posted to their site, actors associated with the Babuk malware, which was first identified earlier this year, claimed to have stolen upward of 250 gigabytes of data from D.C. police, including police reports, arrest records, internal memos and documents shared with other authorities, like the FBI. Babuk was discovered in January, initially being used to target small companies based mostly in Europe, though it stepped up in February when it was blamed for a ransomware attack on Serco, a British outsourcing firm with more than $4 billion in annual revenue. Like other viruses, Babuk operates on a ransomware-as-a-service model, making itself available to affiliates who share a cut of any ill-gotten gains. Earlier this month, the NBA’s Houston Rockets organization confirmed it had been hit by a Babuk actor.


4 – Experian’s Credit Freeze Security is Still a Joke

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. Dune Thomas is a software engineer from Sacramento, Calif. who put a freeze on his credit files last year at Experian, Equifax and TransUnion after thieves tried to open multiple new payment accounts in his name using an address in Washington state that was tied to a vacant home for sale. But the crooks were persistent: Earlier this month, someone unfroze Thomas’ account at Experian and promptly applied for new lines of credit in his name, again using the same Washington street address. Thomas said he only learned about the activity because he’d taken advantage of a free credit monitoring service offered by his credit card company.


5 – Encoding data on plastic molecules could lead to breakthroughs in storage technology

The words “if one scheme of happiness fails, human nature turns to another” were originally published in 1814 in Jane Austen’s Mansfield Park. At the time, the words were printed using revolutionary steam-powered printers that could roll through over a thousand sheets of paper an hour. Since the early 2000s, it’s been possible to read all of Jane Austen’s works online, including Mansfield Park. But as of this year, the list of places her words are published has had a bizarre addition. In a new study, a team from the University of Texas at Austin has encoded a quote from Mansfield Park on a tiny plastic molecule. The researchers hope the study will help prove the viability of a new kind of technology for storing data.

Related Posts