AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/29/2022

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Log4j framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log4j is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.


Cyber agency director says election security a top priority ahead of midterms

Jen Easterly, the head of the Cybersecurity & Infrastructure Security Agency (CISA), told lawmakers on Thursday that election security is a top priority for her agency, as it anticipates Russian interference in the upcoming midterm elections. Easterly, who was testifying before the House Committee on Appropriations on the agency’s budget request, said midterm election security “is obviously one of our top priorities,” adding CISA was focused on guiding states and localities to combat disinformation campaigns — a tactic the Russians are expected to deploy. “We are here to help and make sure that all state and local election directors have the resources that they need to ensure the integrity of their election security,” Easterly said. 


Google doubles down on Workspace warnings for sketchy files

Google has been doubling down on its efforts to keep its services free of malware and other suspicious files. At last year’s Google Cloud Next conference, the company promised to take steps to combat malicious content online, and more recently, those efforts started to materialize in a more visible way, with Google adding warnings to suspicious files and documents on Google Drive. Now, that’s extending to the company’s whole online productivity suite — more specifically, to Google Docs, Slides, and Sheets. As announced by the company in its Workspace blog, when you come across a file on the web and try to open it in any of Google’s productivity offerings, you’ll see a warning telling you that the file looks suspicious. Previously, these types of warnings were available only when opening links from a document, but they now apply to individual files, too. These warnings serve the same purpose they currently do on Drive — to keep you from accidentally downloading a malicious file that can infect your system.


Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine (CERT-UA) has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS (distributed denial of service) attacks. They don’t currently know who is behind these attacks. The attack involves injecting a malicious JavaScript (JS)—officially named “BrownFlood”—into compromised WordPress sites, arming them with the ability to DDoS sites. The script, which is encoded in base64 to avoid detection, is injected into the HTML structure of the sites’ main files. Whoever visits these sites are then turned into an unknowing accomplice to an online attack they are unaware of. Even the owners of these compromised WordPress sites do not realize that they were involuntarily signed up for a cause against Ukraine.


Ransomware Fallout Costs Seven Times the Ransom Paid

Ransom payments are just a small percentage of the total costs victim organizations can expect to pay after a serious breach, according to new research from Check Point. The security vendor analyzed information gleaned from the Conti leaks and ransomware victim data sets from risk quantification firm Kovrr to better understand the impact of attacks. According to the research, threat actors typically demand a ransom between 0.7% and 5% of the target’s annual revenue. The percentage is usually lower for organizations with large revenues. Interestingly, the ransom itself is just a small component of the total cost of a ransomware breach. Check Point estimated the total cost to be seven times higher than the ransom, thanks to threat response, investigation and remediation, legal fees, monitoring and other charges.


Don’t Get Scammed By ‘WhatsApp Support’

Scammers have no honor: They will pretend to be anyone and say anything they have to in order to get you to give up your personal information. Their latest trick involves impersonating WhatsApp ‘support’ in order to steal your credit card information and break into your messaging account. Don’t give them the satisfaction. Here’s what to look out for. As reported by WABetaInfo, scammers are impersonating WhatsApp employees in an attempt to lure users into a false sense of security. After all, if you think you’re talking to an official WhatsApp account, you might feel more comfortable sharing personal information or financial data. The scammers, who have a verification checkmark in their profile picture, will inform you your WhatsApp account is at risk of termination, and, in order to preserve the account, you will need to provide “support” with a valid credit card number. For additional “proof,” they might also ask for your two-factor authentication code. Classic WhatsApp support, just trying to be helpful.

Related Posts