AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we reported about CVE-2020-15999 and advised to upgrade to at least version 86.0.4240.111. Today it is the turn of CVE-2020-16009 which is patched in Chrome version 86.0.4240.183 and later. The easiest way to do it is to allow Chrome to update automatically which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser. So, it doesn’t hurt to check now and then. 


US authorities seize $1 billion worth of Silk Road Bitcoin

Even after Silk Road founder Ross Ulbricht was arrested and sentenced to life in prison, authorities were unable to find a huge chunk of the commissions — in Bitcoin, of course — the dark web marketplace generated. Earlier this week, authorities have traced and seized over 69,000 of the missing Bitcoin in what has become the largest seizure of cryptocurrency in the history of the Department of Justice to date. Seeing as one Bitcoin is currently valued at $15,000, the pile in DOJ’s possession is worth over $1 billion. The department has now filed a civil complaint for the Bitcoin forfeiture. Silk Road was a massive marketplace on the dark web where people could anonymously conduct drug and gun sale transactions, among other illicit activities. Authorities shut down the platform in 2013 and arrested its founder who was known by the pseudonym “Dread Pirate Roberts.”


Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google’s Project Zero bug hunters among exploitable flaws found by others. Installing the latest software for your iPhone, iPad and so on will address these programming blunders. The iPhone giant’s security bulletins note that the three flaws discovered and reported by Project Zero – CVE-2020-27930 (remote-code execution), CVE-2020-27950 (kernel memory leak), and CVE-2020-27932 (kernel privilege-escalation) – are being actively exploited in the wild. You can probably imagine how these can be chained together to hijack someone’s device: get them to open a document, message, or webpage that loads in a maliciously crafted font, which is parsed and triggers code execution with kernel privileges and silently commandeers the handheld.


Scam PSA: Ransomware gangs don’t always delete stolen data when paid

Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Now, not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breach. This tactic was quickly adopted by other ransomware operations, who began to create data leak sites used to publish victims’ stolen files. As part of this double-extortion tactic, most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen files. In the Coveware Q3 2020 ransomware report released today, we learn that some ransomware gangs do not keep their promise to delete stolen data after a ransom is paid. According to the new report, certain groups are leaking stolen data after a ransom was paid, using fake data as proof of deletion, or even re-extorting a victim using the same data that was paid not to be released.


Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data

A ballot measure passed by 75% of voters in Massachusetts has resolved a thorny question that could have widespread implications for the automotive industry: once a person buys a vehicle, they own all of its data. The measure, listed on the ballot as Question 1, amends and broadens a law that gives consumers in Massachusetts the right to repair the vehicles they own. The measure will require automakers that sell vehicles with telematics systems in Massachusetts to equip them with a standardized open data platform beginning with model year 2022. This standardized open data platform has to give vehicle owners and independent repair facilities direct access and the ability to retrieve mechanical data and run diagnostics through a mobile-based application. Importantly, this measure covers the data that telematics systems collect and wirelessly transmit. And it not only gives access to the mechanical data, it allows owners and independent mechanics to send commands to the vehicle for repair, maintenance and diagnostic testing.

Related Posts