AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. “A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels,” said the Mozilla Security Team today. “To make Firefox resilient against such code injection attacks, we removed occurrences of inline scripts as well as removed eval()-like functions.”


2- Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the “sudoers configuration” explicitly disallows the root access.


3 – Building China’s Comac C919 airplane involved a lot of hacking, report says

A report published today shines a light on one of China’s most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country’s underground hacking scene, legitimate security researchers, and insiders at companies all over the world. The aim of this hacking operation was to acquire intellectual property to narrow China’s technological gap in the aviation industry, and especially to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, to compete with industry rivals like Airbus and Boeing. A Crowdstrike report published today shows how this coordinated multi-year hacking campaign systematically went after the foreign companies that supplied components for the C919 airplane.


4 – Apple responds to reports that it sends user traffic to China’s Tencent

Apple has issued a statement today following a slew of misleading and poorly-researched media reports that were published over the weekend, claiming that the Safari web browser was secretly sending user traffic to Chinese company Tencent.  But, nowadays, most safe browsing mechanisms, such as those managed by Google and Tencent, work by sending a copy of the database to a user’s browser and letting the browser check the URL against this local database. According to Apple, this is also how Apple developers have implemented Safari’s safe browsing mechanism — to never send the user’s internet browsing traffic to safe browsing providers.


5 – M6, one of France’s biggest TV channels, hit by ransomware

The M6 Group, France’s largest privately-owned multimedia group, was the victim of ransomware over the weekend, but none of the company’s TV and radio channels suffered any downtime. The incident took place on Saturday morning, according to a message the company posted on its official Twitter account. The M6 Group said they managed to contain the infection with the help of its cybersecurity staff, preventing any downtime to any of its ten TV channels, radio stations, and film studios.


6 – Shipping giant Pitney Bowes hit by ransomware

Shipping tech giant Pitney Bowes  has confirmed a cyberattack on its systems. The company said in a statement that its systems were hit by a “malware attack that encrypted information” on its systems, more commonly known as ransomware. “At this time, the company has seen no evidence that customer or employee data has been improperly accessed,” the statement said, but many of its internal systems are offline, causing disruption to client services and other corporate processes. The company said it’s working with a third-party consultant to address the issue. But it’s not immediately known what kind of ransomware encrypted its systems.



Drury Hotels previously notified certain guests of a security incident that occurred on the network of a third-party technology service provider.  Despite the service provider’s assurances that the incident only involved transactions sent through the service provider’s network between December 29, 2017 and March 13, 2019, the service provider has now informed us that transactions between December 28, 2017 and June 2, 2019 are involved I.n addition to the individuals that were previously notified, Drury Hotels is notifying those individuals who used third-party online booking websites to make a reservation for Drury Hotels on December 28, 2017 or from March 14, 2019 through June 2, 2019 that their information may have been involved in this incident.  Reservations that were made directly with Drury Hotels (by calling Drury Hotels or using our website or mobile app) were not involved in this incident.


8 – Microsoft and NIST Team Up on Patching Guide

Microsoft has teamed up with the US National Institute of Standards and Technology (NIST) to develop a new guide designed to make enterprise patch management easier. Microsoft lead cybersecurity architect, Mark Simon, explained that the firm had first worked closely with partners from the Center for Internet Security, Department of Homeland Security (DHS) and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), as well as visiting several customers. Two common challenges emerging from discussions with the latter revolved around testing of patches and confusion over how quickly they should be implemented.


9 – Facebook Encourages Bug Hunting in Third-Party Services

Facebook updated the terms of its bug bounty program for third-party services integrating with the platform to increase the rewards received by researchers. A year ago, Facebook announced that it would pay researchers that find security issues in third-party apps that exposed Facebook user access tokens, which can be used to log into the account. The scope of the program has expanded and now researchers can also expect a payout from Facebook for security issues discovered through authorized pen-testing in external apps and websites.


10 – OnionShare Lets Anyone Host Anonymous Sites on the Dark Web

A new version of the OnionShare program now allows you to easily create basic anonymous dark web sites on Tor so that they cannot be censored. This is particularly useful for those who wish to publish information anonymously, but do not want to deal with the mechanics of setting up their own dark web server. OnionShare is a program for Windows, Mac, and Linux that was originally designed to let you easily and anonymously share and receive files on the dark web. It does this by bundling the Tor client and turning your computer into a web server that is accessible only via Tor.


Related Posts