AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/11/2021

WhatsApp CEO calls out Apple over Child Safety tools announcement

Ever since Apple introduced the new protection tools for child safety this week, it instantly divided opinions. While some think this is a huge deal to protect children, others believe it will just create a backdoor for governments to access people’s iPhones. Now, WhatsApp CEO Will Cathcart is the latest to join those who think the new Child Safety tools from Apple could be bad. It’s not the first time Cathcart criticized Apple. A couple of weeks ago, WhatsApp CEO called out Apple about the NSO malware in an interview with the Guardian and said the company should “be loud, join in” rather than saying this won’t affect many of its users. With another controversy rising, Will Cathcart thinks the approach Apple is taking “introduces something very concerning into the world” and that WhatsApp won’t adopt something similar in its system. Although it’s important to keep in mind that it has been reported that Facebook wants to be able to read people’s messages on WhatsApp for targeted ads.


Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now

Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together. These chained vulnerabilities are exploited remotely through Microsoft Exchange’s Client Access Service (CAS) running on port 443 in IIS.  The vulnerabilities were discovered by Devcore Principal Security Researcher Orange Tsai, whose team received a $200,000 prize for their use in April’s Pwn2Own 2021 hacking contest.


Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. In a report posted on Monday, Zimperium’s zLabs mobile threat research teams wrote that FlyTrap has spread to at least 144 countries since March, via malicious apps distributed through Google Play store and third-party app marketplaces. The malware, which researchers have traced to operators working out of Vietnam, is part of a family of trojans that use social engineering to take over Facebook accounts, the researchers said. The session-hijacking campaign was initially distributed via Google Play as well as third-party app stores. For its part, Google Play removed the malicious apps after Zimperium zLabs gave it the heads-up.


Cybersecurity for Families: Cyberbullying and Information Sharing

As technology continues to evolve, the tools and toys available to your children increase in number and evolve in capabilities. Technology can be used to educate and inspire creativity in kids, but it also exposes them to a risky landscape most of us didn’t have to worry about during childhood.  Adults can discuss with children how the digital world is a great resource, but we must remain cyber aware. We all should be responsible with the information we share, and the ways we explore. Here are a few things we should all do to protect our kids and our home networks.


Low-tech policies could save you from emerging deepfake phishing scams

Audio deepfakes currently represent the greatest social engineering threat involving the misuse of synthetic media, but live video-based deepfakes over Zoom and other visual platforms are not far away and may necessitate a mix of high- and low-tech countermeasures, according to a Black Hat presentation this week. Matthew Canham, CEO of consultancy Beyond Layer 7, and research assistant professor of cybersecurity at the University of Central Florida, envisioned scenarios where scammers could create convincing audiovisual deepfakes of bosses asking employees to execute fraudulent wire transfers or kidnappers holding a loved one’s relative hostage. The predictions came about as a natural extension of Canham’s discussion around a brand-new, work-in-progress Deepfakes framework that he created to help researchers describe and categorize synthetic media attacks, and help security practitioners enhance their threat modeling such that they might anticipate future attacks before they actually happen.


Firefox 91 Introduces Enhanced Cookie Clearing

We are pleased to announce a new, major privacy enhancement to Firefox’s cookie handling that lets you fully erase your browser history for any website. Today’s new version of Firefox Strict Mode lets you easily delete all cookies and supercookies that were stored on your computer by a website or by any trackers embedded in it. Building on Total Cookie Protection, Firefox 91’s new approach to deleting cookies prevents hidden privacy violations and makes it easy for you to see which websites are storing information on your computer. When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s “cookie jar”. This “Enhanced Cookie Clearing” makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.

Related Posts