AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/20/2021

Apple and Google Pull Opposition App From Russian Stores Following Kremlin Pressure

On Friday morning, Bloomberg reported that Google and Apple have removed longtime opposition leader Alexei Navalny’s voter guide app from the App Store and Google Play store in Russia. Activists have charged the companies with bowing to Kremlin pressure. The Russian parliamentary elections began today and last through Sunday. On Thursday, Russian state media outlet Tass reported that Vasily Piskarev, head of the Committee on Safety and Anti-Corruption, claimed that Apple and Google had violated the law by “spreading election campaign materials that were not paid for from election funds.” A source told Bloomberg that officials threatened to arrest Russia-based Google employees. Early Friday morning, Ivan Zhdanov, director of Navalny’s Anti-Corruption Foundation (FBK), tweeted a notice, evidently from Apple, citing a policy that developers must follow local laws.


US will reportedly impose crypto sanctions amid ransomware attacks

According to The Wall Street Journal, the Biden administration plans to implement new measures to make it more difficult for hackers to profit from ransomware attacks using cryptocurrencies. As early as next week, the Treasury Department will reportedly impose sanctions and guidance designed to discourage organizations from using digital currencies to pay for ransoms. Per The Journal, among the measures the agency is considering are fines and other penalties aimed at businesses that cooperate with hackers. Later in the year, the Treasury Department is also expected to implement new anti-money laundering and terror-financing regulation to limit further the use of cryptocurrencies as a payment method for ransoms and other illegal activity.


Cybercrime is moving from the dark web to Telegram more and more, study finds

It’s been touted as a WhatsApp alternative. The company that operates it has faced sharp criticism for not doing enough to curtail revenge porn or counterfeit vaccination cards. Now, a new study has found that Telegram is, surprise surprise, an appealing home for cybercriminals. The revelation comes from a study conducted by Cyberint for a Financial Times story. The cybersecurity firm found that hackers are selling and sharing data leaks on Telegram because it’s easy to use and not heavily moderated. In the past, such data dumps were largely the domain of the so-called “dark web,” a sort of West West version of the internet that can only be accessed using special browsers and logins. Hackers find the dark web appealing because it lives in a corner of the deep web — which is to say, the part of the internet that doesn’t appear in search engines — which is even more locked down against outside observers and intrusion.


An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan

Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan. They began in June 2020 and continued through to April 2021. What piqued the researchers’ interest was the hacking software used by the digital spies, whom Kaspersky had dubbed Bitter APT, a pseudonym for an unspecified government agency. Aspects of the code looked like some the Moscow antivirus provider had previously seen and attributed to a company it gave the cryptonym “Moses.” Moses, said Kaspersky, was a mysterious provider of hacking tech known as a “zero-day exploit broker.” Such companies operate in a niche market within the $130 billion overall cybersecurity industry, creating software—an “exploit”—that can hack into computers via unpatched vulnerabilities known as “zero days” (the term coming from the fact that developers have “zero days” to fix the problem before it’s publicly known). 


Web host Epik was warned of a critical security flaw weeks before it was hacked

Hackers associated with the hacktivist collective Anonymous say they have leaked gigabytes of data from Epik, a web host and domain registrar that provides services to far-right sites like Gab, Parler and 8chan, which found refuge in Epik after they were booted from mainstream platforms. In a statement attached to a torrent file of the dumped data this week, the group said the 180 gigabytes amounts to a “decade’s worth” of company data, including “all that’s needed to trace actual ownership and management” of the company. The group claimed to have customer payment histories, domain purchases and transfers, and passwords, credentials and employee mailboxes. The cache of stolen data also contains files from the company’s internal web servers, and databases that contain customer records for domains that are registered with Epik. The hackers did not say how they obtained the breached data or when the hack took place, but timestamps on the most recent files suggest the hack likely happened in late February.


AMD CPU driver bug can break KASLR, expose passwords

AMD has advised Windows users this week to update their operating systems in order to receive a patch for a dangerous vulnerability in one of its CPU chipset drivers that can be exploited to dump system memory and steal sensitive information from AMD-powered computers. Tracked as CVE-2021-26333 and discovered by Kyriakos Economou, co-founder of security firm ZeroPeril, the vulnerability resides in the driver for  AMD Platform Security Processor (PSP), which is AMD’s equivalent for Intel’s SGX technology. Also known as a trusted execution environment (TEE), the AMD PSP creates secure enclaves inside AMD processors that allow the operating system to process sensitive information inside cryptographically secured memory. In order to interact with PSP enclaves, the Windows OS uses a kernel driver named amdsps.sys. But in a report published on Wednesday, Economou said he found two issues in this driver that allows a non-admin user to dump the system memory and search for sensitive information handled by the OS.

Related Posts