AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/08/2022

Maryland governor bans use of TikTok on state devices

Maryland Governor Larry Hogan issued an emergency directive on Tuesday prohibiting the use of Chinese-owned short-video sharing app TikTok on state government devices and networks, the latest U.S. Republican to crack down on TikTok. South Dakota Governor Kristi Noem last week signed an executive order barring state employees and contractors from installing or using TikTok on state-owned devices and South Carolina Governor Henry McMaster on Monday asked a state agency to ban TikTok from state government phones and computers.


Google: State hackers still exploiting Internet Explorer zero-days

Google’s Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware. Google TAG was made aware of this recent attack on October 31 when multiple VirusTotal submitters from South Korea uploaded a malicious Microsoft Office document named “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx.” Once opened on the victims’ devices, the document would deliver an unknown payload after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer.


Apple advances user security with powerful new data protections

Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.


Disposing of Your Mobile Device

Mobile devices, such as smartphones, smart watches, and tablets, continue to advance and innovate at an astonishing rate. As a result, you may be replacing a new device as often as every year. Unfortunately, you may not realize just how much personal data are on your devices — far more than your computer. Below we cover the different types of data on your mobile devices and how you can securely wipe your device before disposing or replacing it. If your mobile device was issued to you by work, check with your supervisor about disposal procedures first.


San Francisco decides killer police robots aren’t such a great idea

The robot police dystopia will have to wait. Last week the San Francisco Board of Supervisors voted to authorize the San Francisco Police Department to add lethal robots to its arsenal. The plan wasn’t yet “robots with guns” (though some police bomb disposal robots fire shotgun shells already, and some are also used by the military as gun platforms) but to arm the bomb disposal robots with bombs, allowing them to drive up to suspects and detonate. Once the public got wind of this, the protests started, and after an 8–3 vote authorizing the robots last week, now the SF Board of Supervisors has unanimously voted to (at least temporarily) ban lethal robots. Shortly after the initial news broke, a “No Killer Robots” campaign started with the involvement of the Electronic Frontier Foundation, the ACLU, and other civil rights groups. Forty-four community groups signed a letter in opposition to the policy, saying, “There is no basis to believe that robots toting explosives might be an exception to police overuse of deadly force. Using robots that are designed to disarm bombs to instead deliver them is a perfect example of this pattern of escalation, and of the militarization of the police force that concerns so many across the city.”


Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next

IN AUGUST 2021, Apple announced a plan to scan photos that users stored in iCloud for child sexual abuse material (CSAM). The tool was meant to be privacy-preserving and allow the company to flag potentially problematic and abusive content without revealing anything else. But the initiative was controversial, and it soon drew widespread criticism from privacy and security researchers and digital rights groups who were concerned that the surveillance capability itself could be abused to undermine the privacy and security of iCloud users around the world. At the beginning of September 2021, Apple said it would pause the rollout of the feature to “collect input and make improvements before releasing these critically important child safety features.” In other words, a launch was still coming. Now the company says that in response to the feedback and guidance it received, the CSAM-detection tool for iCloud photos is dead.


For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers

Many trusted endpoint detection and response (EDR) technologies may have a vulnerability in them that gives attackers a way to manipulate the products into erasing virtually any data on installed systems. Or Yair, a security researcher at SafeBreach who discovered the issue, tested 11 EDR tools from different vendors and found six — from a total of four vendors — were vulnerable. The vulnerable products were Microsoft Windows Defender, Windows Defender for Endpoint, TrendMicro ApexOne, Avast Antivirus, AVG Antivirus, and SentinelOne.


Pet Dog Unmasks Drug Trafficker on Encrypted Chat

Law enforcers uncovered the identities of two drug traffickers after they unwittingly took photos of themselves and a pet dog and sent it via a chat platform they thought was encrypted, according to the National Crime Agency (NCA). The UK agency for serious and organized crime said that Danny Brown, 55, of Kings Hall Road, Bromley, and Stefan Baldauf, 62, of Midhurst Road, Ealing, were jailed earlier this year, for 26 and 28 years respectively. Their identities were uncovered as part of Operation Venetic, UK law enforcement’s response to the 2020 takedown of EncroChat – an encrypted chat platform used by criminals the world over. Although it’s unclear exactly how police managed to crack the system, the repercussions have been felt for the past two years. EncroChat is said to have been used by 60,000 individuals worldwide, 10,000 of whom were in the UK. However, because users only referred to themselves by pseudonyms in chats, the NCA still had to uncover the identities of Brown and Baldauf.

Related Posts