AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/17/2022

Facebook, Twitter, TikTok, Google and others agree to new EU rules to fight disinformation

Tech companies operating some of the world’s biggest online platforms — including Facebook-owner Meta, Microsoft, Google, Twitter, Twitch, and TikTok — have signed up to a new EU rulebook for tackling online disinformation. These firms and others will have to make greater efforts to halt the spread of fake news and propaganda on their platforms, as well as share more granular data on their work with EU member states. Announcing the new “Code of Practice on disinformation,” the European Commission said that the guidelines had been shaped particularly by “lessons learnt from the COVID19 crisis and Russia’s war of aggression in Ukraine.” “This new anti-disinformation Code comes at a time when Russia is weaponising disinformation as part of its military aggression against Ukraine, but also when we see attacks on democracy more broadly,” said the Commission’s vice president for values and transparency, Věra Jourová, in a press statement.

 

Russia Is Taking Over Ukraine’s Internet

Web pages in the city of Kherson in south Ukraine stopped loading on people’s devices at 2:43 pm on May 30. For the next 59 minutes, anyone connecting to the internet with KhersonTelecom, known locally as SkyNet, couldn’t call loved ones, find out the latest news, or upload images to Instagram. They were stuck in a communications blackout. When web pages started stuttering back to life at 3:42 pm, everything appeared to be normal. But behind the scenes everything had changed: Now all internet traffic was passing through a Russian provider and Vladimir Putin’s powerful online censorship machine. Since the end of May, the 280,000 people living in the occupied port city and its surrounding areas have faced constant online disruptions as internet service providers are forced to reroute their connections through Russian infrastructure. Multiple Ukrainian ISPs are now forced to switch their services to Russian providers and expose their customers to the country’s vast surveillance and censorship network, according to senior Ukrainian officials and technical analysis viewed by WIRED.

 

High-Severity RCE Vulnerability Reported in Popular Fastjson Library

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called “AutoType.” It was patched by the project maintainers in version 1.2.83 released on May 23, 2022. “This vulnerability affects all Java applications that rely on Fastjson versions 1.2.80 or earlier and that pass user-controlled data to either the JSON.parse or JSON.parseObject APIs without specifying a specific class to deserialize,” JFrog’s Uriya Yavnieli said in a write-up. Fastjson is a Java library that’s used to convert Java Objects into their JSON representation and vice versa. AutoType, the function vulnerable to the flaw, is enabled by default and is designed to specify a custom type when parsing a JSON input that can then be deserialized into an object of the appropriate class.

 

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that’s suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11. Ninja Forms is a customizable contact form builder that has over 1 million installations. According to Wordfence, the bug “made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection.”

 

In all-hands Twitter call, Elon Musk fields questions about free speech and bots

As Elon Musk addressed Twitter employees for the first time in an all-hands Q&A meeting, the Tesla and SpaceX CEO provided some more details about his plans for the social platform. When Musk first announced his bid to buy Twitter for $44 billion, he proposed the idea of “authenticating all humans” on Twitter. As we’re well aware, one of his biggest grievances with the platform is its bots and fake accounts. Today, Musk elaborated on what this plan might entail and clarified that he doesn’t think human authentication is a requirement to use Twitter. He added that anonymity can be helpful for people to freely express their political views, which is a priority for him.

 

Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive

Ransomware attacks have traditionally targeted data across endpoints or network drives. Until now, IT and security teams felt that cloud drives would be more resilient to ransomware attacks. After all, the now-familiar “AutoSave” feature along with versioning and the good old recycle bin for files should have been sufficient as backups. However, that may not be the case for much longer. Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker. Our research focused on two of the most popular enterprise cloud apps – SharePoint Online and OneDrive within the Microsoft 365 and Office 365 suites and shows that ransomware actors can now target organizations’ data in the cloud and launch attacks on cloud infrastructure.  

Related Posts