AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/15/2021

Microsoft to pull LinkedIn from Chinese market

American technology giant Microsoft announced today that it will pull its professional social network LinkedIn from the Chinese market later this year. Microsoft purchased LinkedIn for more than $26 billion back in 2016. The news comes amidst a flurry of regulatory changes in the Asian nation, as well as rising tensions between the company and the country. Two weeks past, Microsoft came under heavy scrutiny for its decision to block the profiles of certain U.S. journalists in China. The company is hardly the only American enterprise to find it hard to balance the authoritarian demands of the Chinese government and its own business goals. Here, Microsoft has taken a sharp approach to a problem that likely would have only become exacerbated over time; the software giant could choose to either bow to the demands of the Chinese government to limit access of individual profiles it found unacceptable — that journalists were suffering from blocks is not a surprise, given the media environment inside China — or walk.


Apple is reportedly exploring ways to use AirPods as health devices

Apple’s health ambitions for AirPods might extend beyond using them to boost conversations. Wall Street Journal sources claim Apple is exploring multiple ways it can use AirPods as health devices. It might use the buds as hearing aids, but it could also use the motion sensors to correct your posture. A prototype would even include a thermometer to check your core body temperature, according to leaked documents. The features wouldn’t show up in 2022 and might not be available at all, the sources said. Apple declined to comment. Apple would face numerous hurdles to marketing AirPods as health gadgets. The company would likely require regulatory clearance for at least some features. A US Food and Drug Administration ruleset due in 2022 might make that possible, but it could still take months to approve the earbuds. Even Bose had to wait a long time before it could sell its FDA-cleared SoundControl hearing aids.


This ‘relentless’ malware botnet has made millions with a surprisingly simple trick

The long-running botnet known as MyKings is still in business and has raked in at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies. MyKings, also known as Smominru and Hexmen, is the world’s largest botnet dedicated to mining cryptocurrencies by free-riding off its victims desktop and server CPUs. It’s a lucrative business that gained attention in 2017 after infecting more than half a million Windows computers to mine about $2.3 million of Monero in a month. Security firm Avast has now confirmed its operators have acquired at least $24.7 million in various cryptocurrencies that have been transferred to Bitcoin, Ethereum and Dogecoin accounts. It contends, however, that the group made most of this through its ‘clipboard stealer module’. When it detects that someone has copied a cryptocurrency wallet address (for example to make a payment) this module then swaps in a different cryptocurrency address controlled by the gang. 


When it comes to quantum computers, security should come first for financial institutions

From ATMs to high-frequency trading and the current fintech wave, technological innovation in the financial services industry has always had to balance risks like fraud and theft against the new opportunities it brings like access to capital, greater margins and new customers. The coming wave of quantum computers promises more of the same, though on an even greater scale. Worryingly there is a widespread lack of awareness in financial services of the cybersecurity risks posed by quantum technologies. Quantum computers pose an existential threat to banks’ cybersecurity infrastructure and the sensitive data they hold. This was the agreed view among attendees at a recent workshop hosted by the FCA with the UK Quantum Computing & Simulation Hub, with 25 stakeholders including the Bank of England.


Acer admits hackers stole data on millions of customers

Taiwanese hardware vendor Acer has confirmed that hackers have managed to break into its after-sales service system in India, without sharing more details. Notably however, privacy watchdogs PrivacyAffairs had already shared news of the breach after discovering data from the breach being auctioned on a popular underground forum. “On a forum post today – 13 October – the hacker group Desorden announced that it had hacked and breached the Indian servers of Acer,” wrote PrivacyAffairs’ founder Miklos Zoltan. According to Zoltan, the stolen data appears to include login details and other personally identifiable information (PII) of Acer retailers and distributors in India.


NFTs: Nasty OpenSea security flaw allowed hackers to steal crypto

NFTs are still the talk of the town in the crypto world as Bored Apes, CryptoPunks and other popular NFTs sell for thousands — and in some cases — millions of dollars. Whether you’re an NFT creator or shopper, you’ve likely traded non-fungible tokens on OpenSea, the world’s largest NFT marketplace. However, its popularity comes at a price. It attracts crypto scammers who salivate over the thought of stealing from unsuspecting, vulnerable members. Check Point, a cybersecurity research firm, found a critical flaw in the platform that put many OpenSea members at risk. Fortunately, OpenSea is aware of the vulnerability and worked on plugging the security holes. OpenSea lets users mint any digital artwork into NFTs as long as they are one of the following extensions: JPG, PNG, GIF, SVG, MP4, WEBM, MP3, WAV, OGG, GLB, GLTF. It’s also worth noting that in order to buy and sell NFTs on OpenSea, members must connect a cryptocurrency wallet (e.g. Metamask) to the platform. Users are required to fund their wallet with cryptocurrencies (typically Ethereum) to pay for NFTs and/or gas fees.


Cambridge University halts £400m deal with UAE over Pegasus spyware claims

The University of Cambridge has broken off talks with the United Arab Emirates over a record £400m collaboration after claims about the Gulf state’s use of controversial Pegasus hacking software, the university’s vice-chancellor has said. The proposed deal, hailed by the university in July as a “potential strategic partnership … helping to solve some of the greatest challenges facing our planet” – would have included the largest donation of its kind in the university’s history, spanning a decade and involving direct investment from the UAE of more than £310m. But Stephen Toope, Cambridge’s outgoing vice-chancellor, said in an interview that no meetings or conversations with UAE were now taking place after revelations related to Pegasus, software that can hack into and secretly take control of a mobile phone.


Apple scheme to detect child abuse creates serious privacy and security risks, say scientists

Apple’s proposal to compel iPhone users to accept updates that would automatically and covertly search shared images for possible abuse material and send reports to Apple or law enforcement agencies are today condemned as unworkable, vulnerable to abuse, and a threat to safety and security by the world’s top cryptographic experts and internet pioneers. The 14 top computer scientists’ detailed technical assessment of why Apple’s ideas are foolish and dangerous in principle and in practice, Bugs in our pockets: The risks of client-side scanning, was published this morning by Columbia University and on Arxiv. Apple’s plan, unveiled in August, is called client-side scanning (CSS). The panel acknowledges that “Apple has devoted a major engineering effort and employed top technical talent in an attempt to build a safe and secure CSS system”, but finds it a complete failure, citing over 15 ways in which states or malicious actors, and even targeted abusers, could turn the technology around to cause harm to others or society. 


3D printing site Thingiverse suffers major user data breach

About 228,000 users of popular 3D printing platform Thingiverse have reportedly had their authentication details stolen and published on the dark web. The news of the leak doesn’t come from Thingiverse itself, but rather from Have I Been Pwned (HIBP), which got hold of the leaked details of the compromised accounts after receiving a tip last week. “Thingiverse had 228k unique email addresses exposed in an Oct 2020 DB backup found circulating last week. Data included usernames, IPs, DoBs and unsalted SHA-1 or bcrypt password hashes,” tweeted HIPB. HIPB’s creator and maintainer Troy Hunt added that the data has been circulating “extensively” on a popular hacking forum.

Related Posts