AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/05/2022

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies. Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies. Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businessmen in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.


Twitter may have given user’s private data to a ransomware hacker, who then ran a researcher offline

A man living in Russia whom the U.S. government accused of being involved in multiple REvil ransomware attacks may be involved in a phony emergency disclosure request to Twitter used to threaten a ransomware researcher in recent weeks and force them offline. Twitter’s policies state the company will provide account information “to law enforcement in response to a valid emergency disclosure request.” The “quickest and most efficient method,” the company says, it through its legal request submissions site. This person has in recent weeks threatened a blogger and their family, and also threatened a cybersecurity researcher with planting articles accusing the researcher of being a pedophile.


Biden orders new quantum push to ensure encryption isn’t cracked by rivals

US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation – and like-minded friends – remain ahead of other countries in the field of quantum computing. Especially as applied to cryptography. The first directive, an Executive Order, creates a National Quantum Initiative Advisory Committee comprising up to 26 experts from industry, academia, and federal laboratories – all appointed by the president and under the authority of the White House. The committee is an enhancement to the National Quantum Initiative Act – a 2018 law that provides $1.2 billion and a plan for advancing quantum tech. The other directive is a memorandum designed to promote US leadership in quantum computing while mitigating risks to cryptographic systems.


Online passwords: Get rid of them ‘altogether’ in a bid to foil hackers, says cyber security expert

People and businesses need to “drop passwords altogether” and move to other technology to protect personal information from hackers, a cybersecurity expert has said. Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”. He called on the industry to move to other forms of log-in such as multi-factor authentication (MFA) – where users must provide an additional layer of identification to log in – or biometrics such as face or fingerprint scans to improve the general safety of personal data.


GitHub to require two factor authentication for code contributors by late 2023

GitHub has announced that it will require two factor authentication for users who contribute code on its service. “The software supply chain starts with the developer,” wrote GitHub chief security officer Mike Hanley on the company blog. “Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain.” Readers will doubtless recall that attacks on development supply chains have recently proven extremely nasty. Exhibit A: the Russian operatives that slipped malware into SolarWinds’ Orion monitoring tool and used it to gain access to over 18,000 companies. GitHub has also had its own problems, such as when access to npm was compromised.


Heroku admits to customer database hack after OAuth token theft

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers’ hashed and salted passwords from “a database.” Heroku’s update comes after BleepingComputer reached out to Salesforce yesterday. Like many users, we unexpectedly received a password reset email from Heroku, even though BleepingComputer does not have any OAuth integrations that use Heroku apps or GitHub. This indicated that these password resets were related to another matter.

Related Posts