AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/17/2021

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. “Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds,” CISA said in the alert. ThroughTek’s point-to-point (P2P) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.


How to avoid flashing lights and photosensitive videos on TikTok

Here’s how to make your For You Page safer if you’re sensitive to flashing lights. While TikTok’s curated For You Page provides an endless supply of content, users can unintentionally stumble across videos with intense visuals. Flashing lights may be detrimental for those with certain health conditions like migraines and sensory processing disorders, and may trigger a seizure in epileptic viewers. An estimated 65 million people in the world have epilepsy, and according to the Epilepsy Foundation, one in 26 Americans will develop epilepsy at some point in their life. “For the people with photosensitive epilepsy, exposure to flashing lights at certain intensities or to certain visual patterns can trigger seizures,” Epilepsy Foundation president Laura Thrall said in a statement with TikTok. “While the population of those with photosensitive epilepsy is small, the impact can be quite serious.” 


How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers. The DOJ alleges Witte was responsible for “overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot.”


Almost half of all ransomware victims are hit again by the same attacker

In a study by Censuswide (via ZDNet), it was discovered that around 80% of organizations who paid ransoms were hit by a second attack, 46% of which were believed to have originated from the same group. One company that paid millions of dollars following a ransomware incident was targeted in a second attack by the same hackers within two weeks of handing over the crypto. Even when victims did pay to regain access to their encrypted files, there were often problems: 46% of those who paid found some of the data was corrupted; 51% regained access with no data loss; and 3% did not get their data back at all. It’s not just the enormous crypto payments that affect these companies’ bottom lines. Reported ransomware attacks can negatively impact the public’s perception of a firm, with some people raising questions over their security practices. Fifty-three percent of survey participants said their brand was adversely affected following a ransomware disclosure, and 66% said they lost revenue due to an attack.


Apple CEO Tim Cook Says Android Has 47 Times More Malware Than iOS

Apple’s CEO Tim Cook recently sat down in a remote interview and talked about how committed he and the company was when it came to privacy. At the same time, he also mentioned some differences between Android and iOS, claiming that Google’s mobile operating system had several times more malware. “I mean, you look at malware as an example, and Android has 47x more malware than iOS. Why is that? It’s because we’ve designed iOS in such a way that there’s one App Store and all of the apps are reviewed prior to going on the store. That keeps a lot of this malware stuff out of our ecosystem. Customers have told us very continuously how much they value that. And so we’re going to be standing up for the user in the discussions and we’ll see where it goes. I’m optimistic, I think most people looking at security know that security is a major risk.”


Facebook’s AI Can Tell Where Deepfakes Come From

AI is an amazing piece of technology, but it seems that as useful as it is, it can also be harmful. A good example would be using it to create deepfakes, where AI is “abused” to create fake photos or videos of people that are highly convincing to the untrained eye. This is why companies like Adobe have developed tools that can detect these sorts of fakes. However, detecting a manipulated photo or video is one thing and only scratches the surface. This is because media files are so easily shared that sometimes it can be hard to trace it back to the source, but Facebook thinks that they might have found the answer. The company, together with Michigan State University, have developed an AI that is not only capable of detecting deepfakes, but can discover where it came from by reverse engineering it.

Related Posts