AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/08/2022

Operation 404: Brazilian authorities crack down on piracy in the metaverse

Brazil’s Ministry of Justice and Public Security announced that it has carried out its first search within the metaverse as part of an operation aimed at tackling digital piracy and crimes against intellectual property.  Dubbed Operation 404, the initiative is in its fourth iteration. On June 21, the Brazilian authorities arrested at least a dozen individuals across various states nationwide, with several false profiles and pages on social media taken down. Some 266 illegal sites also were deactivated, in addition to 53 sites from the United Kingdom and six from the United States. More than 700 streaming apps and 461 music apps, with millions of active users, were blocked. Four channels that broadcasted illegal content transmissions were also taken off air, as well as 90 videos. 


Google Allowed a Sanctioned Russian Ad Company to Harvest User Data for Months

The day after Russia’s February invasion of Ukraine, Senate Intelligence Committee Chairman Mark Warner sent a letter to Google warning it to be on alert for “exploitation of your platform by Russia and Russian-linked entities,” and calling on the company to audit its advertising business’s compliance with economic sanctions. But as recently as June 23, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company owned by Russia’s largest state bank, according to a new report provided to ProPublica. Google allowed RuTarget, a Russian company that helps brands and agencies buy digital ads, to access and store data about people browsing websites and apps in Ukraine and other parts of the world, according to research from digital ad analysis firm Adalytics. Adalytics identified close to 700 examples of RuTarget receiving user data from Google after the company was added to a U.S. Treasury list of sanctioned entities on Feb. 24. The data sharing between Google and RuTarget stopped four months later on June 23, the day ProPublica contacted Google about the activity.


Microsoft rolls back decision to block Office macros by default

While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on “feedback” until further notice. The company has also failed to explain the reason behind this decision and is yet to publicly inform customers that VBA macros embedded in malicious Office documents will no longer be blocked automatically in Access, Excel, PowerPoint, Visio, and Word. “Based on feedback, we’re rolling back this change from Current Channel,” the company notified admins in the Microsoft 365 message center (under MC393185 or MC322553) on Thursday.


Chinese Cyber Espionage Groups Increasingly Targeting Russia

Chinese APT groups are increasingly targeting Russian organizations following the war in Ukraine, according to research by SentinelLabs. The latest investigation indicated that a Chinese state-sponsored cyber espionage group launched a “cluster” of phishing emails to deliver remote access Trojan (RAT) malware, most commonly Bisonal, against Russian targets in recent weeks. SentinelLabs researchers attributed this threat activity “with high confidence” to a Chinese state-backed group, although “specific actor attribution is unclear at this time.” The new analysis follows other campaigns by Chinese APT groups targeting Russia in recent months. These include Scarab, Mustang Panda and Space Pirates, which were also identified by SentinelLabs. Additionally, in May, Google’s Threat Analysis Group (TAG) highlighted the growing targeting of Russia by Chinese threat groups.


Apple’s Lockdown Mode: a decent attempt, but no panacea

Apple recently announced that a new version of its operating system (OS) would be equipped with a Lockdown Mode. The company calls it extreme and optional protection for the very small number of users “who face grave, targeted threats to their digital security.” Apple developed the feature to help activists, journalists, and stakeholders protect against spyware, such as the infamous Pegasus software. Created by the NSO Group, the spyware specifically targeted Apple devices, which led the company to sue the Israeli spyware developer. While additional security measures are an important step in the right direction, it‘s vital that users understand what the Lockdown Mode does and doesn‘t do, says Brian Contos, chief security officer of Phosphorus Cybersecurity.

Related Posts