AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/04/2022

The High Cost of Living Your Life Online

TO BE ONLINE is to be constantly exposed. While it may seem normal, it’s a level of exposure we’ve never dealt with before as human beings. We’re posting on Twitter, and people we’ve never met are responding with their thoughts and criticisms. People are looking at your latest Instagram selfie. They’re literally swiping on your face. Messages are piling up. It can sometimes feel like the whole world has its eyes on you. Being observed by so many people appears to have significant psychological effects. There are, of course, good things about this ability to connect with others. It was crucial during the height of the pandemic when we couldn’t be close to our loved ones, for example. However, experts say there are also numerous downsides, and these may be more complex and persistent than we realize.

 

Microsoft Exchange server zero-day mitigation can be bypassed

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution. Both security flaws were reported privately through the Zero Day Initiative program about three weeks ago by Vietnamese cybersecurity company GTSC, who shared the details publicly last week.

 

A Proclamation on Cybersecurity Awareness Month, 2022

During Cybersecurity Awareness Month, we highlight the importance of safeguarding our Nation’s critical infrastructure from malicious cyber activity and protecting citizens and businesses from ransomware and other attacks.  We also raise awareness about the simple steps Americans can take to secure their sensitive data and stay safe online. Cyberattacks affect our day-to-day lives, our economy, and our national security.  By destroying, corrupting, or stealing information from our computer systems and networks, they can impact electric grids and fuel pipelines, hospitals and police departments, businesses and schools, and many other critical services that Americans trust and rely on every day.  That is why my Administration started working immediately to shield our country and improve our defenses against cyberattacks.

 

What Is Consent Phishing and Why Is It Dangerous?

Phishing is a massively popular cybercrime tactic used by threat actors around the world. Over the years, phishing has diversified into a range of different types, including consent phishing. But how exactly does consent phishing work, and is it a threat to you? Consent phishing is a phishing tactic that requires some level of authentication to be successful. These attacks involve the use of malicious apps to be successful, with OAuth apps being a particularly popular choice. Let’s run through an example of consent phishing with a harmful OAuth app to understand how the process works.

 

New Research from Imperial College London has shown that Apple’s Implementation of a Widely Accepted Data Protection Model could leave Users to Privacy Attacks

The researchers discovered that by looking into how Apple used the local differential privacy (LDP) model, they could determine people’s favorite emoji skin tone and political inclinations. To improve apps and services, businesses gather behavioral data generated by users’ devices on a large scale. However, these records are fine-grained and contain sensitive information about specific people.  The researchers showed how the LDP implementation of Apple has privacy issues. Researchers have now shown that, in the event of a brand-new pool inference attack, noisy records can divulge private information about specific users. They used website visits and emoji usage to mimic two different sorts of attacks. They discovered that despite privacy protections, users were exposed to both attacks.

 

Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor’s espionage-oriented activity called Operation In(ter)ception that’s directed against aerospace and defense industries. “The campaign started with spear-phishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium,” ESET researcher Peter Kálnai said.

Related Posts