AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/11/2020

Ransomware accounted for 41% of all cyber insurance claims in H1 2020

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today’s most prevalent and destructive threats. “Ransomware doesn’t discriminate by industry. We’ve seen an increase in ransom attacks across almost every industry we serve,” Coalition added. “In the first half of 2020 alone, we observed a 260% increase in the frequency of ransomware attacks amongst our policyholders, with the average ransom demand increasing 47%,” the company added.


Zoom rolls out two-factor authentication for all accounts

Zoom has unveiled two-factor authentication (2FA) for all user accounts, to make it easier to prevent “zoombombing” and other security breaches. Once enabled, the system will require users to enter a one-time code from a mobile authenticator app, SMS or phone call. That in turn will block potential attackers from taking control of accounts using stolen or recycled credentials, as they’d also need to have control of your mobile device. 2FA is available for Zoom’s web portal, desktop client, mobile app and the Zoom Room. It supports the time-based one-time password (TOTP) protocal, so it works with apps like Google Authenticator, Microsoft Authenticator and FreeOTP. The company also supports various authentication methods including SAML, OAuth and password-based authentication.


3rd Annual Penetration Risk Report Reveals Surprising Trends, Offers New Recommendations

Coalfire, a provider of cybersecurity advisory and assessment services, released its 3rd Annual Penetration Risk Report, based on over 800 penetration tests that emulate cyberattacks to identify vulnerabilities. The tests were performed by Coalfire Labs, the company’s threat modeling, attack simulation, and pen testing division, and findings show that organizations continue to struggle with many of the same vulnerabilities and systemic weaknesses year over year. “Our data shows companies undergoing rapid digital transformation into more complex, multi-cloud environments,” said Mike Weber, Vice President of Innovation for Coalfire Labs. “But in this extraordinary year of 2020, it also tells a story of repeating flaws across similar attack vectors over time. This creates an opportunity for holistic cybersecurity solutions that address those systemic weaknesses once and for all.” The report found that company size has a direct bearing on how effectively they are able to fend off would-be attackers. Large and small companies see more than 3x the year-over-year improvement of medium-sized companies.


New Bluetooth security flaw discovered; limited risk on iOS devices

A new Bluetooth security flaw has been discovered that would potentially allow an attacker to connect to a user device without authentication. The Bluetooth Special Interest Group (SIG), the body responsible for Bluetooth standards, has confirmed vulnerabilities separately discovered by two teams of security researchers. Apple protects against some forms of Bluetooth attack by requiring apps to ask user permission before a connection is initiated. You should only ever grant permission when you have a specific reason to allow an app to connect to a Bluetooth device, and are expecting it to ask. Vulnerability to so-called Man-In-The-Middle (MITM) attacks is less clear. With some of these, an attacker can impersonate a previously paired device, which would then be allowed to connect without user intervention. However, iOS has protections like app sandboxing, which may also mitigate against this attack method.


Twitter expands election misinformation rules to include posts that claim victory prematurely

Twitter said on Thursday it would label or remove misinformation aiming to undermine confidence in the U.S. election, including posts claiming victory before results have been certified or inciting unlawful conduct to prevent a peaceful transfer of power. Twitter said in a blog post it was updating its rules to recognize the changes in how people will vote in the Nov. 3 election and try to protect against voter suppression and misleading content on its platform. The widespread use of mail ballots in the U.S. election due to the coronavirus pandemic will likely cause significant delays in tallying results, which some experts fear could allow misinformation to gain traction.


TeamTNT Gains Full Remote Takeover of Cloud Instances

The TeamTNT cybercrime gang is back, attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope, according to researchers. The open-source Weave Scope “provides a top down view into your app as well as your entire infrastructure, and allows you to diagnose any problems with your distributed containerized app, in real time, as it is being deployed to a cloud provider,” according to its website. In other words, it’s a trusted tool that researchers at Intezer explained gives users full access to cloud environments. It can be integrated with Docker, Kubernetes, the Distributed Cloud Operating System (DC/OS) and Amazon Web Services Elastic Compute Cloud (ECS) – and it gives cybercriminals a perfect entree into a company’s cloud infrastructure.

Related Posts