AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/01/2021

All Windows versions impacted by new LPE zero-day vulnerability

A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions. The good news is that the exploit requires a threat actor to know another user’s user name and password to trigger the vulnerability, so it will likely not be widely abused in attacks. The bad news is that it affects all versions of Windows, including Windows 10, Windows 11, and Windows Server 2022. August, Microsoft released a security update for a “Windows User Profile Service Elevation of Privilege Vulnerability” tracked as CVE-2021-34484 and discovered by security researcher Abdelhamid Naceri.


NSA warns of threat actors compromising entire 5G networks via cloud systems

The US National Security Agency has published a security advisory today warning about how attackers could compromise entire 5G networks by hijacking a provider’s cloud resources. The NSA advisory, published together with experts from the US Cybersecurity Infrastructure and Security Agency, is part one of a four-part series the agency plans to publish on 5G security. The series contains extensive guidance for preventing and dealing with cyberattacks on 5G infrastructure and builds on a previous guide the two agencies published in May. According to the NSA, part one contains “recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain initial access into a 5G cloud system.” The NSA is hoping that US telecommunications providers involved in the 5G rollout will follow these practices and avoid their 5G infrastructure being compromised by foreign actors.


FTC Strengthens Security Safeguards for Consumer Financial Information Following Widespread Data Breaches

The Federal Trade Commission today announced a newly updated rule that strengthens the data security safeguards that financial institutions are required to put in place to protect their customers’ financial information. In recent years, widespread data breaches and cyberattacks have resulted in significant harms to consumers, including monetary loss, identity theft, and other forms of financial distress. The FTC’s updated Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe. “Financial institutions and other entities that collect sensitive consumer data have a responsibility to protect it,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The updates adopted by the Commission to the Safeguards Rule detail common-sense steps that these institutions must implement to protect consumer data from cyberattacks and other threats.”


Pirate-site operator hacked MLB and tried to extort $150,000, feds say

A pirate-website operator named Joshua Streit was charged with hacking into Major League Baseball (MLB) computer systems and trying to extort $150,000 from the league by threatening to publicize security vulnerabilities, the US Department of Justice announced yesterday. Streit also “is alleged to have illegally streamed sports content online from MLB, the NHL, the NBA, and the NFL for his own personal profit,” the announcement said. Streit was charged in US District Court for the Southern District of New York with wire fraud, illicit digital transmission, sending interstate threats with the intent to extort, and two counts of computer intrusion. The maximum possible sentences for these counts add up to 37 years in prison, including 20 years for wire fraud, though the press release noted that “maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.”


Chaos ransomware targets gamers via fake Minecraft alt lists

The Chaos Ransomware gang encrypts gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums. Minecraft is a massively popular sandbox video game currently played by over 140 million people, and according to Nintendo sales numbers, it’s a top-seller title in Japan. According to researchers at FortiGuard, a recently discovered variant of the Chaos ransomware is being tentatively distributed in Japan, encrypting the files of Minecraft players and dropping ransom notes. The lure used by the threat actors are ‘alt list’ text files that supposedly contain stolen Minecraft account credentials, but in reality, is Chaos ransomware executable. Minecraft players who want to troll or grief other players without the risk of their accounts being banned will sometimes use ‘alt’ lists to find stolen accounts that they can use for bannable offenses.


China wants in on digital economy pact, pledges global collaboration

China has formally applied to join the Digital Economy Partnership Agreement (DEPA), pledging to work with all parties to drive the “healthy and orderly” development of digital economies. The global partnership pact currently covers Singapore, New Zealand, and Chile, with others such as South Korea and Canada expressing interest in joining the agreement. In force since 7 January 2021, DEPA establishes common digital trade rules and seeks to drive interoperability between different regimes and digital systems of participating nations. Under the agreement, businesses in Singapore, New Zealand, and Chile can achieve greater efficiencies, trust, and reduced costs when trading and conducting digital transactions with one another, said Singapore’s Ministry of Trade and Industry. For example, digital identities could be mutually recognised, mechanisms would be developed to secure personal data transferred across borders, and common e-invoicing standards could be adopted to reduce processing time.

Related Posts