AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/08/2021

Researchers discover 14 new data-stealing web browser attacks

IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of ‘XS-Leak’ cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. These types of side-channel attacks are called ‘XS-Leaks,’ and allow attacks to bypass the ‘same-origin’ policy in web browsers so that a malicious website can steal info in the background from a trusted website where the user enters information. “The principle of an XS-Leak is to use such side-channels available on the web to reveal sensitive information about users, such as their data in other web applications, details about their local environment, or internal networks they are connected to,” explains the XS-Leaks wiki.


Zoho warns of new zero-day vulnerability exploited in attacks

Zoho urged customers on Friday to update their ManageEngine servers and apply a software fix that patches a zero-day vulnerability that is currently being exploited in the wild. Tracked as CVE-2021-44515, the vulnerability impacts Zoho ManageEngine Desktop Central, an endpoint management solution that companies use to manage their workers’ devices. In a security advisory, the company said it patched a bug that would have allowed attackers to bypass authentication and run malicious code on Desktop Central servers. “As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” the company told customers. The company did not share any details about the threat actor(s) exploiting this bug, but the advisory comes after state-backed groups have already exploited two other vulnerabilities in ADSelfService Plus (CVE-2021-40539) and ServiceDesk Plus (CVE-2021-44077) software packages to compromise its customers’ networks already.


Twitter mistakenly suspended users after extremists abused its private image policy

If you were worried people might abuse Twitter’s new policy banning non-consensual image sharing, your fears were well-founded. The social network told The Washington Post it suspended the accounts of 12 journalists and anti-extremism researchers by mistake after far-right activists and white supremacists sent a “coordinated and malicious” flurry of bogus reports attempting to silence critics. It wasn’t clear how many reports had been sent beyond a “significant amount.” The company said it was already reversing bans and had begun an internal review to make sure the policy was used “as intended.” More data on the volume of false accusations would come later. Some of the extremists’ targets were still banned as of the Post’s story.


Plan Ahead for Phase Out of 3G Cellular Networks and Service

If your mobile phone is more than a few years old, you may need to upgrade your device before your mobile provider shuts down its 3G network, to avoid losing service. For more information on your mobile providers’ plans for 3G retirement and how you can prepare, contact your provider directly. Mobile carriers are shutting down their 3G networks, which rely on older technology, to make room for more advanced network services, including 5G. As a result, many older cell phones will be unable to make or receive calls and texts, including calls to 911, or use data services. This will affect 3G mobile phones and certain older 4G mobile phones that do not support Voice over LTE (VoLTE or HD Voice). As early as January 1, 2022, though plans and timing to phase out 3G services will vary by company and may change. Consult your mobile provider’s website for the most up-to-date information.


Google breaks up botnet infecting 1 million devices

Google has taken action to disrupt a botnet that’s infected 1 million devices, the company announced via blog post on Tuesday. Google also announced a lawsuit targeting the botnet’s alleged operators. A botnet generally refers to a network of computers that’s taken over and controlled remotely by cyberciminals. Once the criminals have control, the computers can be used for a variety of illicit schemes, such as denial-of-service attacks. The botnet is called Glupteba, and it has infected Windows machines around the world. Google detailed its steps against the Glupteba botnet in a separate post. Over the past year, Google’s Threat Analysis Group worked with the company’s CyberCrime Investigation Group to disrupt activity from the botnet that involved Google services. “We’ve terminated around 63M Google Docs observed to have distributed Glupteba, 1,183 Google Accounts, 908 Cloud Projects and 870 Google Ads accounts associated with their distribution,” TAP’s Shane Huntley and Luca Nagy said in the blog post.


Hacker named Bowser must pay Nintendo in piracy case

A hacker called Gary Bowser – who shares his surname with the fictional, turtle-like villain in various Nintendo games – has agreed to pay a fine of $10m (£7.5) over piracy charges. The agreement is the latest development in a civil case brought against Bowser by Nintendo in the US. The hacker also pleaded guilty in a federal case against him in late October. He was already liable to pay $4.5m, and faces up to 10 years in prison. Bowser, a member of piracy group Team Xecutor, admitted in the federal case that he “knowingly and wilfully participated in a cybercriminal enterprise that hacked leading gaming consoles”. These included the Nintendo Switch and 3DS.

Related Posts