AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/19/2022

Long lost @ symbol gets new life obscuring malicious URLs

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perception Point traced them to an IP in Japan. The attack started with a phishing email pretending to be from Microsoft, claiming the user has messages that have been embargoed as potential spam. (Using familiar, transactional messages from well-known brands like Microsoft has become a popular tactic for scammers, as a way to defeat spam filters and keen-eyed users.)


Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products. In this type of relay attacks, an adversary intercepts and can manipulate the communication between two parties, such as the key fob that unlocks and operates the car and the vehicle itself.


VMware issues critical fixes

VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, and is urging administrators to patch or mitigate immediately, because “the ramifications of this vulnerability are serious.” Simultaneously, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for all federal civilian executive branch agencies, which are ordered to enumerate all instances of affected VMware products and either deploy the updates provided by VMware or remove those instances from agency networks by May 23 (Monday).


Update to Indiana Data Breach Notification Law Shortens Timeline for Notifications

On July 1, 2022, updated data breach notification laws (HB 1351) will take effect in Indiana that require notifications to be issued within 45 days of the discovery of a breach of the personally identifiable information (PII) of Indiana residents. Currently, the data breach notification requirements are for notifications to be issued without unreasonable delay. The update has been made to ensure that individuals whose PII has been exposed are provided with timely notification. When PII has been exposed, individual notifications should still be issued without unreasonable delay.


APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University of Trento in Italy did an assessment of how organizations can best defend themselves against APTs in a recent report published online. What they found goes against some common security beliefs many security professionals and organizations have, they said. The team manually curated a dataset of APT attacks that covers 86 APTs and 350 campaigns that occurred between 2008 to 2020. Researchers studied attack vectors, exploited vulnerabilities–e.g., zero-days vs public vulnerabilities–and affected software and versions.


Social media platforms still can’t stop mass shooting videos from going viral

After the Christchurch, New Zealand, mosque shooting in 2019, Facebook was widely criticized for allowing the shooter to livestream his killings for 17 minutes uninterrupted. Saturday’s racially motivated made-for-the-internet mass shooting in Buffalo, New York, went differently. This time, the shooter shared his appalling acts on Twitch, a livestreaming video app popular with gamers, where it was shut down much more quickly, less than two minutes after the violence began, according to the company. When Twitch cut off the stream, it reportedly had just 22 views. That didn’t stop people from spreading screen recordings of the Twitch livestream — and the shooter’s writings — all over the internet, where they racked up millions of views, some of which came via links shared widely on Facebook and Twitter.

Related Posts