AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/17/2021

Why are you still using QWERTY? 2021’s most common passwords revealed

An analysis of password habits worldwide has revealed we are still performing poorly when it comes to strong credential management. While the idea of using passwords such as QWERTY, 123456, and PASSWORD might seem like a joke these days, they are still commonly found in data dumps of stolen credentials published online. Major online service providers now often enforce strong passwords with lower-case and capital letters, numbers, and special characters, and may also encourage and enforce multi-factor authentication (MFA). However, businesses may not impose the same standards. In addition, ghost and forgotten accounts, hardcoded credentials, and the re-use of username and password combinations are still common problems today. 

 

British news website was hacked to control readers’ computers, report says

A secretive Israeli company helped hack a British news site and used it to take over the devices of some people who visited the site, cyber reseachers say. The cybersecurity firm ESET said in a report Tuesday that the company, Candiru, helped an unknown foreign government hack the London news site Middle East Eye with a so-called watering hole attack, which places malicious software on a website to infect and hack the computers of people who visit it. The research is a rare insight into Candiru, which was blacklisted  this month by the U.S. Commerce Department for supplying “spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”

 

‘An egregious breach of public trust’: Ohio sues Meta over whistleblower revelations

Filing suit in response to whistleblower allegations which have rocked Facebook, the attorney general of Ohio, Dave Yost, accused the social media company of “creating misery and divisiveness for profit”. Yost sued Meta – as Facebook was recently renamed – after revelations from the whistleblower Frances Haugen shocked consumers and sent stock prices tumbling. Filed in the northern district of California, the Ohio suit claims that chief executive Mark Zuckerberg and associates violated federal securities law by knowingly deceiving the public. “Facebook said it was looking out for our children and weeding out online trolls, but in reality was creating misery and divisiveness for profit,” Yost said.

 

Oversight finds ‘small lapses’ in security led to Colonial Pipeline, JBS hacks

A series of “small lapses” in cybersecurity led to several recent successful ransomware attacks, the House Oversight and Reform Committee concluded in a staff memo released Tuesday. The memo was the result of a panel investigation into ransomware attacks against Colonial Pipeline, meat producer JBS USA and insurance group CNA Financial Corporation, all of which involved the victims paying the ransoms demanded in order to ensure critical systems could be quickly brought back online. “Ransomware attackers took advantage of relatively minor security lapses, such as a single user account controlled by a weak password, to launch enormously costly attacks,” the memo reads. “Even large organizations with seemingly robust security systems fell victim to simple initial attacks, highlighting the need to increase security education and take other security measures prior to an attack.”

 

7 million Robinhood user email addresses for sale on hacker forum

The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace. Last week, Robinhood disclosed a data breach after one of its employees was hacked, and the threat actor used their account to access the information for approximately 7 million users through customer support systems. The data stolen during the attack includes the following personal information for Robinhood users. In addition to stealing the data, Robinhood stated that the hacker attempted to extort the company to prevent the data from being released. Stolen email addresses, especially those for financial services, are particularly popular among threat actors as they can be used in targeted phishing attacks to steal more sensitive data. Two days after Robinhood disclosed the attack, a threat actor named ‘pompompurin’ announced that they were selling the data on a hacking forum.

 

High severity BIOS flaws affect numerous Intel processors

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

Related Posts