AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/29/2021

Microsoft warns of latest malware attack, explains how to avoid secret backdoor

Microsoft has recently discovered another type of malware, named FoggyWeb by Microsoft, that hackers are currently using to remotely steal network admin credentials. The credentials allow the attacker group, which the company has called Nobelium, to hack into admin accounts of the Active Directory Federation Services’ (AD FS) servers and control users’ access to various resources. Microsoft claims that this is the same group behind the SolarWinds software supply chain attack that was revealed in December. The malware acts as a backdoor for the hackers and facilitates their remote theft of tokens and certificates from Microsoft’s identity platform. The newly discovered malware is used by the attackers once the server they’re targeting has already been compromised in terms of security. The hacker group uses several tactics to access users’ identities and the necessary infrastructure that is required to take control of their app usage.


Ransomware: Has the U.S. reached a tipping point?

Between the constantly increasing severity of ransomware attacks and the new government attention placed on it, it’s clear that the United States has reached a critical juncture in the fight against ransomware. Just a few years ago, the malware format primarily targeted individuals and demanded sums of a few hundred dollars, and ransomware, for the most part, simply encrypted a victim’s files. Now, ransomware regularly targets large enterprises and critical infrastructure, demands typically reach six- and seven-figure sums and ransomware gangs threaten organizations through double-extortion techniques. The U.S. government has taken note. Beginning primarily this spring but especially after May’s devastating Colonial Pipeline attack, large portions of the federal government have taken action to raise awareness of ransomware, take action against threat actors and ready homeland cyberdefenses.


Apple AirTag Bug Enables ‘Good Samaritan’ Attack

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this. That’s important because Apple’s Lost Mode doesn’t currently stop users from injecting arbitrary computer code into its phone number field — such as code that causes the Good Samaritan’s device to visit a phony Apple iCloud login page.


Crypto is impossible to destroy, says Tesla CEO Elon Musk

As global regulators continue to scrutinize the cryptocurrency industry, Tesla CEO Elon Musk has expressed support for crypto, calling it indestructible. “It is not possible to, I think, destroy crypto, but it is possible for governments to slow down its advancement,” Musk said at the Code Conference in California, CNBC reported Tuesday. According to the Tesla CEO, the decentralized nature of cryptocurrencies may be a challenge for the Chinese government, which announced a new war on crypto last Friday. “I suppose cryptocurrency is fundamentally aimed at reducing the power of a centralized government,” Musk noted, adding, “They don’t like that.” He also suggested that the latest Chinese crackdown on crypto is likely to have something to do with the country’s “significant electricity generation issues.” “Part of it may actually be due to electricity shortages in many parts of China. A lot of South China right now is having random power outages because the power demand is higher than expected […] Crypto mining might be playing a role in that,” he said.


SaaS security is becoming a primary concern for businesses

One of the frequently touted advantages of using software-as-a-service (SaaS) solutions is their maintenance-free and supposedly inherently secure nature. These services are maintained by their providers and users do not have to worry about configuring, troubleshooting, and updating them. Things are not as simple as that, though. SaaS solutions are far from invulnerable and they can become serious cybersecurity problems. While it can be said that securing them is mostly not the responsibility of users, it is important to emphasize that they are still predisposed to various forms of cyberattacks. One report says that 40 percent of SaaS assets are at risk for data leaks because of poor or lack of management. Organizations need to employ prudent security measures to avoid creating opportunities for bad actors to introduce malicious software or find vulnerabilities they can exploit in the SaaS solutions they are using.


McAfee Finds Vulnerability in Ed Tech Surveillance Tool

A student monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a report released Monday by the security software company McAfee Enterprise. The research, conducted by the company’s Advanced Threat Research team, discovered the bug in the Netop Vision Pro Education software, which is used by some 3 million teachers and students across 9,000 school systems globally, including in the U.S. The software allows teachers to monitor and control how students use school-issued computers in real time, block websites and freeze their computer screens if they’re found to be off task. This is the second time in less than a year that McAfee researchers have found vulnerabilities in Netop’s education software — glitches that hackers could exploit to gain control over students’ computers, including their webcams and microphones. It’s unclear whether the software had been breached by anyone other than the researchers. In a $4 billion deal over the summer, McAfee Corp. sold off the business-focused McAfee Enterprise to focus on consumer cybersecurity.

Related Posts