AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/04/2020

IBM warns hackers targeting COVID vaccine ‘cold chain’ supply process

IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus. The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with the COVID-19 vaccine “cold chain” – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms. IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.

 

A Broken Piece of Internet Backbone Might Finally Get Fixed

THIS SPRING, SERVICES from heavy hitters like Google and Facebook seemed glitchy or inaccessible for people worldwide for more than an hour. But it wasn’t a hack, or even a glitch at any one organization. It was the latest mishap to stem from design weaknesses in the “Border Gateway Protocol,” the internet’s foundational, universal routing system. Now, after years of slow progress implementing improvements and safeguards, a coalition of internet infrastructure partners is finally turning a corner in its fight to make BGP more secure. Today the group known as Mutually Agreed Norms for Routing Security is announcing a task force specifically dedicated to helping “content delivery networks” and other cloud services adopt the filters and cryptographic checks needed to harden BGP. In some ways the step is incremental, given that MANRS has already formed task forces for network operators and what are known as “internet exchange points,” the physical hardware infrastructure where internet service providers and CDNs hand off data to each others’ networks. But that process coming to the cloud represents tangible progress that has been elusive up until now.

 

Securing The Generation Gap

Trying to securely make the most of today’s technology can be overwhelming for almost all of us, but it can be especially challenging for family members not as used to or as familiar with technology. Therefore, we wanted to share some key steps to help secure family members who may be struggling with technology and might misunderstand the risks that come with using it.

 

YouTube will prompt you to reword potentially offensive comments

YouTube creators love to connect with their audience through the platform’s comments section, but it’s not much fun when posts left by viewers are offensive, bullying, or just plain nasty. YouTube has implemented various measures over the years to try to ensure such comments stay off its video-sharing platform, or at least get pushed down the list to reduce visibility, but this week it’s launching a new feature aimed at encouraging people to think twice before posting a potentially offensive comment. It means that when YouTube’s algorithms detect a such a comment, it’ll issue a note to the poster saying, “Keep comments respectful,” adding, “If you’re not sure whether your comment is appropriate, review our Community Guidelines.” It also asks the poster to let YouTube know if they think its algorithm has made a mistake in singling out the comment as potentially offensive. Indeed, YouTube notes that its computer systems are continuously learning and may not always get it right, especially in the early stages.

 

Open source software security vulnerabilities exist for over four years before detection

It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say.  According to GitHub’s annual State of the Octoverse report, published on Wednesday, reliance on open source projects, components, and libraries is more common than ever. Over the course of 2020, GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created — and over 1.9 billion contributions added — over the course of the year. “You would be hard-pressed to find a scenario where your data does not pass through at least one open source component,” GitHub says. “Many of the services and technology we all rely on, from banking to healthcare, also rely on open source software. The artifacts of open source code serve as critical infrastructure for much of the global economy, making the security of open source software mission-critical to the world.”

 

How Cybercriminals Answer “What Do You Do For A Living?”

Have you ever wondered how cybercriminals explain their mysterious means of income to others? While not all threat actors’ illicit activity is so lucrative that they have to account for an eight-bedroom mansion in the hills and a Porsche collection, many cybercriminals’ friends and families may question their means of income if they have no apparent gainful employment. Following discussions on cybercriminal forums on the dark web, we dived into this topic. An interesting thread on the high-profile Russian-language cybercriminal forum Exploit posed this very question, asking the site’s members, “what do you say when people ask you about your work?”  The thread starter mused: “A new acquaintance, [or] an old one whom you haven’t seen [for a while], asks ‘Vasya, how do you earn money?’” They added “Goodness knows why everyone wants to ask us that, but it’s a fact that they do.” Many participants in the thread agreed that they are asked this sort of question all the time, although opinions were split on what the best response is. We explore some of their answers below.

Related Posts