Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/02/2020

Developers can now run macOS apps in an Amazon EC2 instance running on an Intel Mac mini

Amazon EC2 Mac instances enable customers to run on-demand macOS workloads in the cloud for the first time, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. With EC2 Mac instances, developers creating apps for iPhone, iPad, Mac, Apple Watch, Apple TV, and Safari can provision and access macOS environments within minutes, dynamically scale capacity as needed, and benefit from AWS’s pay-as-you-go pricing. However, anyone hoping to sample that Apple silicon life are going to be left disappointed. Amazon says that the Mac minis it’s using are all running Intel Core i7 processors. Oh, and they don’t run macOS Big Sur. Not yet, at least. Each machine does at least have 32GB of RAM and a 10Gb/s network connection.

 

IoT chip maker Advantech confirms ransomware attack, data theft

Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents. BleepingComputer was also able to confirm that the Conti ransomware gang was the one that hit the systems of Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data. Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare solutions, with a workforce of over 8,000 people in 92 major cities around the world.

 

‘Hacker_R_US’ gets eight years in prison for bomb threats and DDoS extortion

A US judge has sentenced a 22-year-old hacker to eight years in prison for engaging in DDoS extortion schemes, making fake bomb threats against companies and schools across the world, and possession of child pornography materials. Vaughn, who went online as “Hacker_R_US” and “WantedbyFeds,” was a member of Apophis Squad, a hacker group who made a splash in the first eight months of 2018 and then fizzled out of existence after a law enforcement crackdown. The group was your typical loudmouth hacker squad that bragged about launching DDoS attacks on their Twitter account, but according to court documents, they also extorted some of their targets in private, asking for money to stop their attacks.

 

It’s hard to keep a big botnet down: TrickBot sputters back toward full health

Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving. The separate campaigns featured Microsoft going to court to disable IP addresses associated with TrickBot command and control servers, as Cyber Command’s operation also targeted command and control servers. Hints of its rebound began in late October, shortly after signs of success in the bids to dismantle the TrickBot network of zombie computers. While Cyber Command and Microsoft always billed their assaults as a disruption rather than a full takedown, the TrickBot comeback is proof that it’s difficult to kill a botnet outright.

 

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins

A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. On Monday, academics from the Ben-Gurion University of the Negev described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level. At a time where scientists worldwide are pushing ahead with the development of potential vaccines to combat the COVID-19 pandemic, Ben-Gurion’s team says that it is no longer the case that a threat actor needs physical access to a “dangerous” substance to produce or deliver it — instead, scientists could be duped into producing toxins or synthetic viruses on their behalf through targeted cyberattacks. The attack documents how malware, used to infiltrate a biologist’s computer, could replace sub-strings in DNA sequencing.

 

Foxconn to shift some Apple production to Vietnam to minimise China risk

Foxconn is moving some iPad and MacBook assembly to Vietnam from China at the request of Apple Inc, said a person with knowledge of the plan, as the U.S. firm diversifies production to minimise the impact of a Sino-U.S. trade war. The development comes as the outgoing administration of U.S. President Donald Trump encourages U.S. firms to shift production out of China. During Trump’s tenure, the United States has targeted made-in-China electronics for higher import tariffs, and restricted supplies of components produced using U.S. technology to Chinese firms it deems a national security risk. Taiwanese manufacturers, wary of being caught up in the tit-for-tat trade war, have moved or are considering moving some production from China to countries such as Vietnam, Mexico and India.

 

Dozens of Dormant North American Networks Suspiciously Resurrected at Once

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals. The Geneva-based international nonprofit organization is focused on tracking spam, phishing, malware, and botnets, and provides threat intelligence that can help filter spam and related threats. The organization noticed last week that 52 dormant networks in the ARIN (North-America) area were resurrected concurrently, and that each of them has been announced by a different autonomous system number (ASN), also inactive for a significant period of time. “In 48 cases, these are /20 networks amounting to 4096 IPv4 addresses, and in the remaining 4 cases, they are /19 networks with 8192 addresses,” Spamhaus explained. The main issue, the organization says, is that chances are almost zero for 52 organizations to suddenly come back online, all at once, although (a rare occurrence as well) some organizations might resurface after taking their network offline for a while.

 

Amazon: Here’s what caused the major AWS outage last week

Amazon Web Services (AWS) has explained the cause of last Wednesday’s widespread outage, which impacted thousands of third-party online services for several hours. While dozens of AWS services were affected, AWS says the outage occurred in its Northern Virginia, US-East-1, region. It happened after a “small addition of capacity” to its front-end fleet of Kinesis servers. Kinesis is used by developers, as well as other AWS services like CloudWatch and Cognito authentication, to capture data and video streams and run them through AWS machine-learning platforms.  The Kinesis service’s front-end handles authentication, throttling, and distributes workloads to its back-end “workhorse” cluster via a database mechanism called sharding. As AWS notes in a lengthy summary of the outage, the addition of capacity triggered the outage but wasn’t the root cause of it. AWS was adding capacity for an hour after 2:44am PST, and after that all the servers in Kinesis front-end fleet began to exceed the maximum number of threads allowed by its current operating system configuration. 

Related Posts