AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start

Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in the wild. It claimed that exploit code is released into the wild in around one in four (24%) cases and the majority (70%) of exploited CVEs are likely to have been predated by publicly available exploit code. There is therefore strong evidence that “early disclosure of exploit code gives attackers a leg up,” argued Kenna Security CTO, Ed Bellis. However, things are a little more complicated than that, he added. “At the same time, when exploits are released before patches, it takes security teams more time to address the problem, even after the patch is released,” Bellis explained. “That’s an indication that exploit code availability is not the motivator that some would suggest it is.”

 

Avoid Online Shopping Scams and Fake Deals Black Friday

Another year, another Black Friday. And while this Black Friday (and the holidays in general) may look different this year, some things remain the same: an increase in online shopping, and the opportunity for online shopping scams, are upon us yet again. While the pandemic may reduce long lines at Walmart and fist fights over TVs, online shoppers and the scammers that seek to capitalize on those shoppers, are eager to participate in all that Black Friday and Cyber Monday have to offer. Scammers are opportunistic, and an increase in online shopping – particularly when it is concentrated within a specific time period like Black Friday – provides opportunity. This time is known for its bargains and increased consumer spending, making it a favorite of fraudsters and other malicious actors. Scammers look to capitalize on the significant increases in deals, special web pages, and other abnormal activity from trusted consumer good companies to increase the success of their malicious activity.

 

Facebook says AI has fueled a hate speech crackdown

Facebook says it is proactively detecting more hate speech using artificial intelligence. A new transparency report released on Thursday offers greater detail on social media hate following policy changes earlier this year, although it leaves some big questions unanswered. Facebook’s quarterly report includes new information about hate speech prevalence. The company estimates that 0.10 to 0.11 percent of what Facebook users see violates hate speech rules, equating to “10 to 11 views of hate speech for every 10,000 views of content.” That’s based on a random sample of posts and measures the reach of content rather than pure post count, capturing the effect of hugely viral posts. It hasn’t been evaluated by external sources, though. On a call with reporters, Facebook VP of integrity Guy Rosen says the company is “planning and working toward an audit.” Facebook insists that it removes most hate speech proactively before users report it. It says that over the past three months, around 95 percent of Facebook and Instagram hate speech takedowns were proactive.

 

TikTok expands features to give parents more control of their teenagers’ accounts

Video-sharing app TikTok said on Tuesday it is giving parents more control options, including the ability to monitor what their teenagers can view on the platform. Owned by Chinese company ByteDance, Tiktok said parents will now be able to decide what content, users, hashtags, or sounds their children can search for as well as decide if the account should be public or remain private. The company is expanding on the ‘Family Pairing’ feature it introduced earlier this year, allowing parents to link their TikTok account to that of their teenage child.

 

Verizon Releases First Cyber-Espionage Report

American telecommunications company Verizon today released its first ever data-driven report on cyber-espionage attacks. The 2020 Cyber Espionage Report (CER) draws from seven years of Verizon Data Breach Investigations Report (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise. Verizon said that it published the CER to serve as a guide for cybersecurity professionals searching for ways to improve their organization’s cyber-defense posture and incident response (IR) capabilities. Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2% of actors. 

 

Hackers tricked GoDaddy into helping attacks on cryptocurrency services

GoDaddy’s 2020 security woes aren’t over. KrebsOnSecurity has found that hackers tricked GoDaddy employees into handing ownership or control of multiple cryptocurrency services’ web domains, inadvertently aiding attacks that brought sites down. It’s not certain how many companies fell victim to the effort, but Liquid.com and NiceHash reported problems within days of each other. Bibox, Celsius and Wirex might also have been among the targets, although they haven’t confirmed anything as of this writing. It’s uncertain just how the hackers succeeded, but a successful March campaign against sites like Escrow.com likely relied on “vishing,” or voice calls that point targets toward phishing sites meant to harvest account sign-ins. Attackers frequently try to convince staff they’re from a company’s IT department and just want to resolve technical issues.

Related Posts