AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/23/2021

Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms

A new survey from Ping Identity has found that more internet users are willing to stop using sites altogether if they find the experience cumbersome or invasive. The Ping Identity Consumer Survey queried more than 3,400 consumers across the US, UK, Germany, France and Australia about their experiences with signing up for websites and their attitudes toward online privacy. The survey found that 77% of respondents have already abandoned or stopped creating an online account for any number of reasons, which included demands for too much personal information (40%) and too many security steps (29%). More than half of respondents have outright abandoned an online service if they found logging in too frustrating and 63% said they were likely to jump ship for a competitor if they made it easier to authenticate their identity. Richard Bird, chief customer information officer for Ping Identity, said businesses need to integrate their security, privacy and user experience strategies to keep up with modern consumer expectations. 

 

Security audit raises severe warnings on Chinese smartphone models

The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei’s P40 5G, Xiaomi’s Mi 10T 5G, and OnePlus’ 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC’s security audit. The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications. The OnePlus 8T 5G—arguably, the best-known and most widely marketed phone of the three—was the only one to escape the NCSC’s scrutiny without any red flags raised.

 

An email ‘autodiscover’ bug is helping to leak thousands of Windows passwords

Shipping companies, power plants and investment banks don’t often share much in common, but new research shows they are all inadvertently leaking thousands of email passwords of their own employees, thanks in part to a design flaw in a widely used email protocol. Autodiscover is a feature in Microsoft Exchange, a popular email software for companies to host their own email servers, to set up apps on a phone or a computer using just an employee’s email address and password. It’s meant to make it easier to set up an email or calendar app, for example, by offloading the hard work to the server rather than configuring the app by hand. Most apps will look for the configuration file in places on the company’s domain where it knows to look. Each time it looks somewhere and can’t find it, the app will “fail up” and look somewhere else on the same domain. And if it can’t find the file, then users are left with the inconvenience.

 

BlackMatter Ransomware Analysis; The Dark Side Returns

BlackMatter is a new ransomware threat discovered at the end of July 2021. This malware started with a strong group of attacks and some advertising from its developers that claims they take the best parts of other malware, such as GandCrab, LockBit and DarkSide, despite also saying they are a new group of developers. We at McAfee Enterprise Advanced Threat Research (ATR), have serious doubts about this last statement as analysis shows the malware has a great deal in common with DarkSide, the malware associated with the Colonial Pipeline attack which caught the attention of the US government and law enforcement agencies around the world. The main goal of BlackMatter is to encrypt files in the infected computer and demand a ransom for decrypting them. As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet.

 

Phone calls disrupted by ongoing DDoS cyber attack on VOIP.ms

Quebec-based provider of telephony services VoIP.ms is facing an aggressive Distributed Denial of Service (DDoS) cyber attack, causing a disruption in phone calls and services. The incident began around September 16 and has put a strain on the VoIP provider’s systems, websites, and operations. VoIP.ms serves over 80,000 customers across 125 countries, many of whom are now facing issues with voice calls. Last week, Canadian voice-over-IP service provider VoIP.ms announced that it became aware of an issue that was preventing customers from accessing its website and was working toward a solution. Fast-forward to today: the issue is ongoing and has been attributed to a persistent DDoS attack. DDoS is a form of cyber attack in which multiple computers, or “bots,” are simultaneously engaged by an attacker to make a large number of requests to an Internet server beyond the server’s capacity. As such, an Internet server, when facing a sophisticated DDoS attack, may offer degraded performance to customers, or crash altogether. VoIP is a set of technologies that make telephone calls possible via Internet-connected servers, which, like any Internet service, makes them vulnerable to DDoS attacks.

 

A Stalkerware Firm Is Leaking Real-Time Screenshots of People’s Phones Online

A stalkerware company that’s designed to let customers spy on their spouses’s, children’s, or employees’ devices is exposing victims’ data, allowing anyone on the internet to see screenshots of phones simply by visiting a specific URL. The news highlights the continuing lax security practices that many stalkerware companies use; not only do these companies sometimes market their tools specifically for illegal surveillance, but the targets are re-victimized by these breaches. In recent years the Federal Trade Commission (FTC) has acted against stalkerware companies for exposing victim data. The stalkerware company, called pcTattleTale, offers the malware for Windows computers and Android phones. “Discover their secret online lives right from your phone or computer,” a Facebook post from pcTattleTale reads. “pcTattletale is a popular keylogger and montoring [sic] app that you can use to see what you [sic] kids, spouse, or employees are doing online.

Related Posts