AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/18/2020

Google sued by 10 states for alleged “anti-competitive conduct” in advertising

Ten states on Wednesday brought a lawsuit against Google, accusing the search giant of “anti-competitive conduct” in the online advertising industry, including a deal to manipulate sales with rival Facebook. Texas Attorney General Ken Paxton announced the suit, which was filed in a federal court in Texas, saying Google is using its “monopolistic power” to control pricing of online advertisements, fixing the market in its favor and eliminating competition. “This Goliath of a company is using its power to manipulate the market, destroy competition, and harm you, the consumer,” Paxton said in the video posted on Twitter. Google, which is based in Mountain View, California, called Paxton’s claims “meritless” and said the price of online advertising has fallen over the last decade.

 

Apple officially rolls out privacy labels

Apple has officially rolled out the new privacy labels on its App Store, which allows users to understand the type of data collected by each app. The labels are displayed under the download option. According to CNBC, most apps will receive as many as three labels, depending on the information app makers are required to submit to Apple. Security leaders say these privacy changes in iOS 14 are part of an unstoppable trend to increase the protection of user privacy. The move, however, has been criticized from app makers for being too “strict” with its demand, as well as the possibility of the labels discouraging users from downloading apps. Developers must now show what information they gather, listed in terms of what is taken to track users and what is linked directly to them. 

 

White House activates cyber emergency response under Obama-era directive

In the wake of the SolarWinds breach, the National Security Council has activated an emergency cybersecurity process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources. The move is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop. The action is rooted in a presidential directive issued during the Obama administration known as PPD-41, which establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident. The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security.

 

Passwords begone: GitHub will ban them next year for authenticating Git operations

Microsoft’s GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. The planned change does not affect the ability to login to a GitHub account in a web browser with a username, password, and perhaps a second authentication factor, like a passcode sent to a mobile device or a Time-based One Time (TOTP) code. Instead, it applies to Git operations – the commands and APIs for interacting with GitHub-hosted Git software repositories. In a blog post on Wednesday, Matthew Langlois, security engineer at GitHub, said the procedural change follows a plan announced in July and implemented last month to require token-based authentication for all authenticated API operations on GitHub.com.

 

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby programming language that allows developers to download and integrate code developed by other people into their programs. As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program. If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users. Today, open-source security firm Sonatype reported on two malicious Ruby packages that install a clipboard hijacker. These packages are masquerading as a bitcoin library and a library for displaying strings with different color effects.

 

Microsoft breached in suspected Russian hack using SolarWinds

Microsoft was hacked as part of the suspected Russian campaign that has hit multiple U.S. government agencies by taking advantage of the widespread use of software from SolarWinds Corp, according to people familiar with the matter. As with networking management software by SolarWinds, Microsoft’s own products were then used to further the attacks on others, the people said. It was not immediately clear how many Microsoft users were affected by the tainted products. The Department of Homeland Security, which said earlier Thursday that the hackers used multiple methods of entry, is continuing to investigate. Microsoft did not immediately respond to a request for comment.

Related Posts