AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/07/2021

Mass. Lawmakers Set To Examine Cybersecurity After Recent Attacks

The hearing follows several cyberattacks in Massachusetts and throughout the country. A malware attack forced the state’s auto inspection system to shut down for nearly three weeks in the spring, and cities and towns across Massachusetts continue to face the challenge of combatting cyber threats, Finegold said. According to FBI data, residents in Massachusetts lost around $100 million from reported cybercrimes in 2020 alone, Finegold said. “Over the past year, dangerous cyberattacks have disrupted critical infrastructure, health care organizations, municipal governments, school districts, and local businesses,” Finegold said in written statement. “We need to get smart and take proactive measures to ensure that our online platforms are safe and secure.”


How to block Windows Plug-and-Play auto-installing insecure apps

A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer. Last month, researchers detailed how simply plugging in a device in Windows may also install a vendor’s application that allows regular users to quickly gain SYSTEM privileges, the highest user privilege level in Windows. For example, when users plugged in a Razer USB mouse, Windows would automatically install its driver and the Razer Synapse software. However, since Windows started the software’s installation using a process with SYSTEM privileges, the Razer Synapse software also ran with SYSTEM privileges. As first discovered by Will Dormann, a vulnerability analyst for CERT/CC, it is possible to configure a Windows Registry value that blocks co-installers from being installed during the Plug-and-Play feature.


NCC Group reveals threefold increase in targeted ransomware attacks in 2021

Analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT) has highlighted the growing threat of ransomware around the world. The number of ransomware attacks analysed by the team has increased by 288% between January-March 2021 and April-June 2021, with organisations continuing to face waves of digital extortion in the form of targeted ransomware. 22% of ransomware data leaks analysed between April and June were attributed to Conti ransomware, which often uses email phishing to remote into a network via an employee’s device. This was closely followed by Avaddon ransomware, which was linked to 17% of ransomware data leaks. While the victims of this ransomware strain have faced data encryption, the threat of data leaks, and the wider risk of distributed denial of service (DDoS) attacks disrupting operations, the strain is now believed to be inactive.


Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role

Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems. Further details were scant, but Juniper made clear the implications were serious: It urged users to download a software update “with the highest priority.” More than five years later, the breach of Juniper’s network remains an enduring mystery in computer security, an attack on America’s software supply chain that potentially exposed highly sensitive customers including telecommunications companies and U.S. military agencies to years of spying before the company issued a patch.


Hacker, money launderer sentenced to prison for scamming tax preparers and COVID-19 relief programs

A federal judge sentenced two men to prison for a coordinated scheme to hack into tax preparation firms, steal personal information, file fraudulent unemployment claims and income tax returns and then launder the money. The fraudulent unemployment claims aimed to exploit a COVID-19 relief program that netted $280,000 in improper benefits from the state of Washington, the Justice Department announced Thursday. They also included attempts to seek $2.6 million in tax refunds. Bamidele Muraina, a Nigerian national whom DOJ said led the effort to steal identities, received five years and 10 months in prison, as well as three years of supervised release and an order to pay more than $500,000 in restitution. For leading the money laundering leg of the operation, Gabriel Kalembo received four years and two months in prison, along with two years of supervised release and an order to pay nearly $300,000.


Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic (BT) for communication. According to an academic paper from the University of Singapore, the bugs are found in the closed commercial BT stack used by at least 1,400 embedded chip components, that can lead to a host of attack types – mainly denial of service (DoS) via firmware crashes (the term “brak” is actually Norwegian for “crash”). One of the bugs can also lead to arbitrary code execution (ACE). The team analyzed 13 pieces of BT hardware from 11 vendors; so far, there have been 20 CVEs assigned across them; with four vulnerabilities pending CVE assignments from Intel and Qualcomm. Some of the bugs are patched, others are in the process of being patched; but, researchers said in the paper, “it is highly probable that many other products (beyond the ≈1400 entries observed in Bluetooth listing) are affected by BrakTooth,” including BT system-on-chips (SoCs), BT modules or additional BT end products.


After criticism, Apple says it will delay child safety updates

Apple Inc said on Friday it would take more time to collect feedback and improve proposed child safety features after the criticism of the system on privacy and other grounds both inside and outside the company. Apple’s promise last month to check U.S. customer phones and computers for child sex abuse images sparked a global backlash from a wide range of rights groups, with employees also criticizing the plan internally. Critics argued the feature could be exploited by repressive governments looking to find other material for censorship or arrests and would also be impossible for outside researchers to determine whether Apple was only checking a small set of on-device content. Apple countered that it would allow security researchers to verify its claims, but the company on Friday said it would take more time to make changes to the system.

Related Posts