AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/30/2021

1Password now allows users to securely generate unique email aliases

1Password launched a new feature that will allow users to create and manage secure, unique email aliases from directly within 1Password. Partnering with Fastmail, an email service that puts people and their privacy first, the “Masked Email” integration adds an extra layer of privacy by giving users the option of hiding their actual email addresses from the apps or services that they use. According to research from Deloitte, 91% of all cyber attacks begin with a phishing email to an unexpected victim, and 32% of all successful breaches involve the use of such techniques. With the uptick in remote work and reliance on email addresses, not only for communication but also to access online services, this has only increased people’s susceptibility to email fraud schemes.


Apple and Visa downplay Express Transit security flaw in Apple Pay

New security research claims that a flaw in Apple’s Express Transit Apple Pay mode can be used to make unauthorized Visa card payments and bypass the contactless limit. Researchers from the Computer Science departments at the Universities of Birmingham and Surrey in the UK have published their findings into how an active Man-in-the-Middle replay and relay attack could be used to bypass the Apple Pay lock screen for any iPhone with a Visa card set up in transit mode. The paper states: The Apple Pay lock screen can be bypassed for any iPhone with a Visa card set up in transit mode. The contactless limit can also be bypassed allowing unlimited EMV contactless transactions from a locked iPhone. An attacker only needs a stolen, powered-on iPhone. The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant and backend fraud detection checks have not stopped any of our test payments.


There are now over 250 different ransomware families currently operational worldwide

In its latest monthly threat debrief, security vendor Bitdefender has shared that its researchers have now identified 250 different ransomware families, some more notorious and active than others. The report is based on the analysis of 19.8 million malware detections during the month of August 2021. “To give you some idea of the scale, our Labs operations discover 400+ new threats each minute and validate 30 billion threat queries daily,” shares Bitdefender. Compiled amidst the hiatus of REvil, the report notes that the top three ransomware families in August, namely WannaCryptor, Stop/DJVU, and Phobo, account for over 60% of all detections. 


Why organizations are slow to patch even high-profile vulnerabilities

One of the most common ways cybercriminals hit an organization is by exploiting a known security vulnerability. For that reason, regularly patching your software and other products is a vital way to protect yourself from cyberattack. But many organizations fail to keep up with the proper patching, thus exposing themselves to great risk. A report released Wednesday by cybersecurity firm Trustwave looks at why security flaws often go unpatched and how organizations can beef up their patch management. For its 2021 Trustwave SpiderLabs Telemetry Report, Trustwave examined high-profile vulnerabilities from the past year. The report found that despite the high severity of some of the security flaws that popped up, more than 50% of the servers were unprotected weeks and even months after an update had been released.


Most Large Enterprises Fail to Protect Their Domain Names

Bad actors have accelerated their purchase of domains that look similar to the brands of the largest 2,000 companies in the world, with 60% of such domains registered to risky third parties, not the companies themselves,. A new study published this week by domain-name management firm Corporation Service Company (CSC) analyzed the domain records of companies in the Forbes Global 2000 and used a fuzzy-matching algorithm to detect domains that were similar to those companies’ domain names — so-called “homoglyphs.” CSC found that 70% of similar domains had been registered by third parties, with more than half of homoglyphs (60%) registered in the past two years.  Despite the existence of what are likely bad actors, however, 81% of large enterprises do not take basic domain security precautions, such as using the registry lock protocol, says Vincent D’Angelo, global director at CSC Digital Brand Services.


This is Facebook’s internal research on the mental health effects of Instagram

Facebook has shared the internal research about the impact of Instagram on teenage mental wellbeing reported on by The Wall Street Journal earlier this month. The Wall Street Journal reported that the files showed Instagram knew the social media network has a negative affect on teens’ mental health. Facebook has pushed back on the WSJ’scharacterizations of its research, saying that “it is simply not accurate that this research demonstrates Instagram is ‘toxic’ for teen girls.” The research slide decks are available on Facebook’s newsroom here, split into two PDFs. We’ve also embedded the PDFs at the bottom of this story. Notably, the two PDFs have been annotated by Facebook in an effort to provide context.  Following Facebook’s release of the two documents, The Wall Street Journal published them along with four more that it said formed the basis of its Instagram story. WSJ reporter Jeff Horwitz says Facebook ran the first two documents minutes after being given an hour’s notice of the newspaper’s plans to publish. The previously unpublished documents include research on teen girls’ body image and appearance-based social comparison.

Related Posts