AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/28/2022

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide. Donahue is co-founder of Kodex, a company formed in February 2021 that builds security portals designed to help tech companies “manage information requests from government agencies who contact them, and to securely transfer data & collaborate against abuses on their platform.”


Five Eyes reveals 15 most exploited vulnerabilities of 2021

A joint cybersecurity advisory highlighted the most commonly exploited flaws of 2021 and urged enterprises to implement timely patching protocols. Issued as a warning, the Five Eyes released a statement Wednesday revealing which common vulnerabilities and exposures (CVEs) posed the biggest threat to enterprises in 2021 with risks continuing into 2022. While there were 15 overall, some of the most concerning bugs highlighted by the agencies included Log4Shell, ProxyLogon, ProxyShell and a flaw tracked as CVE-2021-26084 that affected Atlassian Confluence Server and Data Center.


Mandiant: Attackers’ Median Dwell Time Drops to 3 Weeks

The median number of days an attacker dwells in a system before detection fell from 24 days in 2020 to 21 days in 2021, according to the M-Trends 2022 report by cybersecurity company Mandiant. The biggest year-on-year decline in median dwell time occurred in the APAC region, where it dropped from 76 days in 2020 to 21 days in 2021. In a separate report detailed below, Mandiant says that the number of zero-days exploited in the wild hit record highs in 2021. For the EMEA region, the median dwell time dropped from 66 days in 2020 to 48 days in 2021, while for the Americas it remained steady at 17 days, the report says.


China turns cyber-espionage eyes to Russia as Ukraine invasion grinds on

China appears to be entering a raging cyber-espionage battle that’s grown in line with Russia’s unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials. Bronze President, a China-linked threat group that typically targeted government entities and non-governmental organizations (NGOs) in Southeast Asia to collect information for the Chinese government, is shifting its focus, Secureworks’ Counter Threat Unit wrote in today’s report. “Changes to the political landscape can impact the collection requirements” of state-sponsored threat groups, the researchers wrote. “The war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations. This desire for situational awareness often extends to collecting intelligence from allies and ‘friends.”


Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature. “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet. The statement comes days after the microblogging service announced it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash. The deal, which is expected to be closed over the next six months, will see it becoming a privately held company.


GitHub: How stolen OAuth tokens helped breach dozens of orgs

GitHub has shared a timeline of this month’s security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth app tokens issued to Heroku and Travis-CI to breach GitHub.com customer accounts with authorized Heroku or Travis CI OAuth app integrations. GitHub’s Chief Security Officer Mike Hanley says the company has yet to find evidence that its systems have been breached since the incident was first discovered on April 12th, 2022. GitHub is still working on alerting all impacted users and organizations, with the company being in the process of sending the final notifications to affected GitHub.com users as of today.

Related Posts