Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech

On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called “indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio, offer technologies that claim to fight cheating by tracking head and eye movements, without any evidence that their algorithms do anything but make students anxious (and thus perform worse). Others rely on facial recognition technology, which is itself rife with racial bias, and have regularly failed to verify the identities of students of color at various points while taking state bar exams, forcing the test to end.

 

Microsoft and McAfee headline newly-formed ‘Ransomware Task Force’

A group made up of 19 security firms, tech companies, and non-profits, headlined by big names such as Microsoft and McAfee, have announced on Monday plans to form a new coalition to deal with the rising threat of ransomware. Named the Ransomware Task Force (RTF), the new group will focus on assessing existing technical solutions that provide protections during a ransomware attack. The RTF will commission expert papers on the topic, engage stakeholders across industries, identify gaps in current solutions, and then work on a common roadmap to have issues addressed among all members. The end result should be a standardized framework for dealing with ransomware attacks across verticals, one based on an industry consensus rather than individual advice received from lone contractors.

 

US government hack compromised dozens of treasury email accounts, senator says

Dozens of email accounts at the treasury department were compromised in a massive breach of US government agencies being blamed on Russia, with hackers breaking into systems used by the department’s highest-ranking officials, a senator said Monday after being briefed on the matter. Senator Ron Wyden, of Oregon, provided new details of the hack following a briefing to the Senate finance committee by the IRS and treasury department. Wyden said that though there was no indication that taxpayer data was compromised, the hack “appears to be significant”, including through the compromise of dozens of email accounts and access to the departmental offices division of the treasury department, which the senator said was home to its highest-ranking officials. In addition, the breach appeared to involve the theft of encryption keys, Wyden said.

 

Zero-click iMessage zero-day used to hack the iPhones of 36 journalists

Three dozen journalists had their iPhones hacked in July and August using what at the time was an iMessage zero-day exploit that didn’t require the victims to take any action to be infected, researchers said. The exploit and the payload it installed were developed and sold by NSO Group, according to a report published Sunday by Citizen Lab, a group at the University of Toronto that researches and exposes hacks on dissidents and journalists. NSO is a maker of offensive hacking tools that has come under fire over the past few years for selling its products to groups and governments with poor human rights records. NSO has disputed some of the conclusions in the Citizen Lab report. The attacks infected the targets’ phones with Pegasus, an NSO-made implant for both iOS and Android that has a full range of capabilities, including recording both ambient audio and phone conversations, taking pictures, and accessing passwords and stored credentials. The hacks exploited a critical vulnerability in the iMessage app that Apple researchers weren’t aware of at the time. Apple has since fixed the bug with the rollout of iOS 14.

 

Other Tech Firms Back Facebook’s Lawsuit Against NSO Group

Several tech giants, including Microsoft, Google, Cisco and VMWare, have filed a brief backing Facebook’s lawsuit against Israel-based spyware firm NSO Group, which has been accused of hacking into Facebook-owned WhatsApp’s instant messaging app to enable spying by the company’s clients. On Monday, the tech firms, as well as the Washington-based Internet Association, filed a brief supporting Facebook’s lawsuit seeking damages and an injunction, stating that the spyware tools NSO Group sells are “powerful and dangerous.” “Foreign governments may use the technology in problematic ways, but beyond that, idiosyncratic misuse is a much greater systemic risk,” the companies say in their brief. “Widespread creation and deployment of these tools by private companies acting for profit dramatically increases the risk that these vulnerabilities will be obtained and exploited by malicious actors other than the initial.”

 

SolarWinds victims revealed after cracking the Sunburst malware DGA

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack. One of these lists—shared by cybersecurity firm Truesec—includes high-profile tech companies such as Intel, Nvidia, Cisco, Cox Communications, and Belkin, to name just a few. Mediatek, the world’s second-largest provider of fabless semiconductors, might have also been specifically targeted in this campaign but TrueSec hasn’t yet fully confirmed the breach at this point. To build the list of victims infected with the Sunburst backdoor via the compromised update mechanism of the SolarWinds Orion IT management platform, the researchers decoded a dynamically generated part of the C2 subdomain for each of the compromised devices.

Related Posts