AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/04/2022

Mozilla finds mental health apps fail ‘spectacularly’ at user security, data policies

An investigation into mental health and prayer apps has revealed a disturbing lack of concern surrounding user security and privacy. On Monday, Mozilla released the findings of a new study into these types of apps, which often deal with sensitive topics including depression, mental health awareness, anxiety, domestic violence, PTSD, and more, alongside religion-themed services. According to Mozilla’s latest *Privacy Not Included guide, despite the deeply personal information these apps manage, they “routinely share data, allow weak passwords, target vulnerable users with personalized ads, and feature vague and poorly written privacy policies.”


Beware Twitter Messages claiming “Your blue badge Twitter account has been reviewed as spam”

Twitter verification is a two-edged sword. According to Twitter, it’s supposed to let people know “that an account of public interest is authentic.” That’s great, so long as the account is authentic, but what if, one day, it suddenly isn’t? An attacker that can wrestle a verified account from its owner can cloak themselves in the real owner’s authenticity. And they can use that authenticity to pull off what NBC News reporter Kevin Collier described as “the best DM phishing attempt I think I’ve ever seen.” The attack, seen by Collier and attempted against author Miles Klee, used a compromised blue tick account to try to scam Klee out of his own verified account.


Mitsubishi Electric faked safety and quality control tests for decades

Mitsubishi Electric, one of the world’s leading manufacturers of large-scale electrical and HVAC systems has admitted to fraudulently conducting quality assurance tests on its transformers—for decades. Thousands of such improperly tested transformers were then shipped both within Japan and overseas. And it turns out, this isn’t the first time Mitsubishi has been caught cheating either. Tokyo-based electronics giant, Mitsubishi Electric has revealed flaws in its quality assurance (QA) testing procedures, including falsifying numbers in the test reports for transformers. With its $34 billion revenue and 138,000 employees worldwide, Mitsubishi Electric is a leader in producing automotive equipment, air conditioning systems, heavy-duty transformers, and semiconductors.


Stealthy APT group plunders very specific corporate email accounts

Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, “re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign.” UNC3524 is mostly after emails and their contents, particularly those of employees that focus on corporate development, mergers and acquisitions, large corporate transactions, and IT security staff (the latter, most likely, to determine if their operation had been detected).


Microsoft warns Exchange Online basic auth will be disabled

Microsoft warned customers today that it will start disabling Basic Authentication in random tenants worldwide on October 1, 2022. This reminder comes after the company’s September announcement and after seeing that there are still lots of customers who haven’t yet moved their clients and apps to Modern Authentication. Basic Authentication (aka proxy authentication) is an HTTP-based auth scheme apps use to send locally stored credentials in plain text to servers, endpoints, or online services. This allows attackers to steal clear text credentials by intercepting data sent via unsecured non-TLS connections. Modern Authentication (Active Directory Authentication Library and OAuth 2.0 token-based authentication) uses OAuth access tokens with a limited lifetime that can’t be re-used to authenticate on other resources besides those they were issued for.


The 6 steps to a successful cyber defense

The Ransomware Spotlight Year-End Report from Ivanti, conducted in partnership with Cyber Security Works and Cyware, found that there is now a total of 157 ransomware families – an increase of 32 from the previous year. Targeting unpatched vulnerabilities and weaponizing zero-day vulnerabilities in record time allows ransomware families to inflict debilitating attacks. They are evolving too, finding new ways to compromise valuable organizational networks as well as expand their attack spheres, to implement and trigger high-impact attacks. But it’s not all bad news: As ransomware threats increase, so do sophisticated countermeasures. These barriers offer protection and can dramatically reduce the damaging effects that such attacks can have.

Related Posts