AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/24/2020

FireEye’s Mandia on SolarWinds hack: ‘This was a sniper round’

The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special operations. And it was going to take special operations to detect this breach.” Mandia estimated that about “only about 50 companies or organizations” were the true targets of the operation, which is suspected to be the work of the Russian intelligence agency known as the SVR. In the CBS interview, Mandia did not attribute the operation directly to Russia, but he said it was definitely the work of a nation-state with a long history of participating in the “continuing game in cyberspace.” He said the attack was “very consistent” with an SVR operation, and it was important to make certain any attribution was definitive.


Civil rights groups move to block expansion of facial recognition in airports

A coalition of civil rights groups led by the American Civil Liberties Union have filed an objection to the proposed expansion of Customs and Border Protections facial recognition at land and sea ports. The National Immigration Law Center, Fight for the Future, and the Electronic Frontier Foundation are also participating in the motion, alongside twelve others. Filed in November, CBP’s proposed rule would expand the biometric exit system, authorizing the collection of facial images from any non-citizen entering the country. But in a filing on Monday, the final day of the comment period, the coalition argued that those measures are too extreme. “CBP’s proposed use of face surveillance at airports, sea ports, and the land border would put the United States on an extraordinarily dangerous path toward the normalization of this surveillance,” said Ashley Gorski, senior staff attorney with the ACLU’s National Security Project, in a statement to reporters. “The deployment of this society-changing technology is unnecessary and unjustified.”


Apple Sending Special iPhones to First Participants in Security Research Device Program

Apple in July announced the launch of a new Apple Security Research Device Program, which is designed to provide researchers with specially-configured iPhones that are equipped with unique code execution and containment policies to support security research.  Apple is notifying the first researchers who will be receiving these special iPhones as of today, and the Cupertino company says that the devices will be sent out right away. Under the terms of the program, participating security researchers will be provided with iPhones that are on loan for one year, though it will be possible to extend the loan period. The goal of the Security Research Device Program is to further improve the security of iOS, and Apple believes that the contributions of security researchers will assist the company in achieving its goal of increasing safety for consumers. Apple says that it values collaborating with independent researchers and appreciates the work they do on Apple platforms.


Partial lists of organizations infected with Sunburst malware released online

Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware. The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers. The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense. MediaTek, one of the world’s largest semiconductor companies, is also believed to have been impacted; although, security researchers aren’t 100% on its inclusion on their lists just yet.


Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge — a handful for malicious reasons. The survey conducted during November for Reboot Digital PR Agency found that 70 percent of exes polled have logged into their former partner’s Instagram account in the past week. And a full 65 percent of those who report social-media snooping said it had become an “obsession.” This kind of social-media stalking is primarily fueled by curiosity, according to the report, but in a handful of cases, these breaches can present a real threat. Common accounts for stalker exes to access, the report added, include Instagram, Netflix, Facebook, email, Spotify and Twitter. Smart-security practices like not sharing passwords with anyone and multi-factor authentication (MFA) are two simple ways to prevent this type of personal insider threat, Dan Conrad, field strategist with One Identity, told Threatpost.

Related Posts