AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/23/2021

Former Uber CSO Faces New Charge for Alleged Breach Cover-Up

A federal grand jury has expanded the list of charges filed against the former chief security officer of Uber, who’s been accused of a criminal data breach cover-up. Joe Sullivan, 52, who served as Uber’s CSO from April 2015 through November 2017, faces a new charge of wire fraud over a 2016 hack of the ride-sharing service, which resulted in the exposure of 57 million user and driver records. Sullivan now serves as the CSO of internet infrastructure services giant Cloudflare. The Department of Justice first announced in August 2020 that Sullivan had been charged with obstruction of justice and deliberately concealing a felony. If convicted of those charges, Sullivan faces up to eight years in prison and a $500,000 fine.


‘Abundance of caution’ pushes RSA Conference to June

The RSA Conference has been delayed until June out of “an abundance of caution,” given the recent surge in COVID-19 cases across the country caused by the omicron variant, organizers say. The annual cybersecurity industry gathering, usually held in February, will begin June 6 in San Francisco. “The health and safety of our community remains our highest priority,” said Linda Gray Martin, vice president, RSA Conference. “With the surge in cases of the Omicron variant in the U.S. and around the world, we believe the best decision we can make is to delay the event until later in the year when we can bring the industry safely together in-person.”


Dridex malware trolls employees with fake job termination emails

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season’s greeting message. Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials. Over time, the developers evolved the malware to use different modules that provide additional malicious behavior, such as installing other malware payloads, providing remote access to threat actors, or spreading to other devices on the network. This malware was created by a hacking group known as Evil Corp, which is behind various ransomware operations, such as BitPaymer, DoppelPaymer, WastedLocker variants, and Grief. Due to this, Dridex infections are known to lead to ransomware attacks on compromised networks.


New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios that are based on unverified measurement reports and signal strength thresholds,” researchers Evangelos Bitsikas and Christina Pöpper from the New York University Abu Dhabi said in a new paper. “The problem affects all generations since 2G (GSM), remaining unsolved so far.” Handover, also known as handoff, is a process in telecommunications in which a phone call or a data session is transferred from one cell site (aka base station) to another cell tower without losing connectivity during the transmission. This method is crucial to establishing cellular communications, especially in scenarios when the user is on the move.


Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to easily release log statements without modifying the code. This means that it has an expansive attack surface, with Amazon, Apple, Cloudflare, Google, Tencent, Twitter, and many other well-known entities having been vulnerable targets at some point. Further expanding the attack surface, the vulnerability, dubbed Log4Shell, affects even embedded devices that use this library. In this report, we focus on the devices or properties found in or used for cars, specifically chargers, in-vehicle infotainment (IVI) systems, and “digital remotes” for opening cars. In Europe, the vehicle-to-grid (V2G) system is already available. This system allows stored energy in car batteries to be redistributed over the grid to help balance demand vis-à-vis production level. 


Honeypot experiment reveals what hackers want from IoT devices

A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. IoT (Internet of Things) devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, motion sensors, speakers, thermostats, and many more. It is estimated that by 2025, over 40 billion of these devices will be connected to the Internet, providing network entry points or computational resources that can be used in unauthorized crypto mining or as part of DDoS swarms.

Related Posts