AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/17/2020

Microsoft and industry partners seize key domain used in SolarWinds hack

Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company’s Orion app. According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company’s network.


Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card. Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel. Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems. These types of techniques are what security researchers call “covert data exfiltration channels.” They are not techniques to break into computers, but techniques that can be used to steal data in ways defenders aren’t expecting. Such data exfiltration channels are not a danger for normal users, but they are a constant threat for the administrators of air-gapped networks.


Spotify Changes Passwords After Another Data Breach

Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest streaming service. A statement from Spotify about the incident said the exposure was due to a software vulnerability that existed from April 9 until Nov. 12 when it was corrected. “We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” the statement, released Dec. 9, read. “We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted.”


Firefox’s latest update brings native support for Apple’s Arm-based Macs

Firefox’s latest update brings native support for Macs that run on Apple’s Arm-based silicon, Mozilla announced on Tuesday. Mozilla claims that native Apple silicon support brings significant performance improvements: the browser apparently launches 2.5 times faster and web apps are twice as responsive than they were on the previous version of Firefox, which wasn’t native to Apple’s chips. Mozilla says that if you’re already running Firefox on your Mac and want to make sure that you’re running the native build, you’ll need to update to the newest version, Firefox 84, and then quit and restart Firefox. Firefox’s support of Apple’s Arm-based processors follows Chrome, which added support for Apple’s new chips shortly after the M1-equipped MacBook Pro, MacBook Air, and Mac mini were released in November.


Pentagon imposed emergency shutdown of computer network handling classified material

The Pentagon on Tuesday ordered the emergency shutdown of a classified internal communications network, three Defense Department sources confirmed. The unprecedented daytime shutdown comes amid recent revelations that other federal agencies, including the Department of Homeland Security, were breached by hackers. The Defense Department alerted employees that the SIPRNET system was being shut down in the late morning for emergency software updates, the sources told Just the News. The Pentagon did not immediately return a request for comment, including one on whether the shutdown was related the hacking reported Sunday, allegedly by Russian agents. The system, known as the Secret Internet Protocol Router Network, handles classified information, up to the secret level, and was shuttered for several hours.

Related Posts