AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/30/2021

LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’

LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the attempted login was valid. When LastPass noticed an unexpected rise in the occurrence of blocked access emails it initially suspected that it could be the resulted of a “credential stuffing” attack. Credential stuffing attacks involve attempts to gain access to targeted accounts using email addresses and passwords obtained from third-party breaches. The tactic relies on the insecure habit among all too many consumers of using the same password and login combination on multiple sites. In a blog post yesterday (December 28), LastPass said early result of its investigation revealed no evidence that any of its users’ accounts had been hacked or otherwise compromised.

 

Silent danger: One in five aged domains is malicious, risky, or unsafe

The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger. This was a realization that struck analysts when it was revealed that the SolarWinds threat actors relied on domains registered years before their malicious activities began. Based on that, efforts in detecting strategically aged domains before they get the chance to launch attacks and support malicious activities have picked up pace. A report from Palo Alto Networks’ Unit42 reveals their researchers’ findings after looking at tens of thousands of domains each day throughout September 2021. They concluded that approximately 3.8% are straight-out malicious, 19% are suspicious, and 2% are unsafe for work environments.

 

This nightmare incident shows why you really shouldn’t store passwords in your browser

An unnamed company was recently breached after an employee stored their corporate account password in their web browser, a new report suggests. According to research from security company AhnLab, the employee was working from home on a device shared with other household members, which was already infected with Redline Stealer, an infostealing malware. Although the computer was equipped with antivirus software, the malware was able to evade detection, before stealing the passwords stored in the victim’s browser. In a bid to protect their corporate network from remote workers with infected devices, the company in question provided employees with a VPN, so that they could access their work files securely.

 

Tumblr blocks tags for ‘sensitive content’ in order to stay on the App Store

Tumblr has restricted what its users can see on its iOS app in an effort to make sure it doesn’t get kicked out of Apple’s App Store again. One of the steps it has taken to comply with Apple’s guidelines is to limit the results for certain tags or search terms that Tumblr says “may fall under the expanded definition of sensitive content.” The website will even completely block some of them — make that more than some, based on this pretty lengthy list of banned and limited terms collected by Tumblr users that TechCrunch posted.  While the inclusion of specific words in the list is self explanatory, it also has some curious entries, such as “Eugene Levy” and “Tony the Tiger.” The restriction will also make it harder to search for content related to mental health, such as PTSD, depression and anxiety, as well as issues like racism and transphobia. Those searching for a blocked tag will get a screen that says “This content has been hidden” instead of a page with results. They’ll see the same notification if they try to access a blog that’s been flagged as “explicit” on the app. Users may also see fewer suggestions under the “stuff for you” and “following” sections due to the new restrictions. 

 

Cyberattack on one of Norway’s largest media companies shuts down presses

Amedia, the largest local news publisher in Norway, announced on Tuesday that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack. The attack is preventing the company from printing Wednesday’s edition of physical newspapers, and presses will continue to be halted until the issue is resolved, Amedia executive vice president of technology Pål Nedregotten said in a statement. The hack also impacts the company’s advertising and subscription systems, preventing advertisers from purchasing new ads and stopping subscribers from ordering or canceling subscriptions. The company said it is unclear whether personal information has been compromised—the subscription system affected by the attack contains names, addresses, phone numbers, and subscription history of customers. Data such as passwords, read history, and financial information are not affected, the company said. Amedia publishes more than 90 newspapers and other publications that reach more than 2.5 million Norwegians, according to the company’s website.

 

Hackers Are Getting Better and Better at Defeating Your 2FA Security

Two-factor authentication, or 2FA, has been sold to web users as one of the most important and trustworthy tools for securing your digital life. You probably know how it works: By supplying an account with not just your password but also a secondary piece of information (typically an automated code texted to your phone or device of choice), companies can verify that whoever signs into your account is definitely you and not just some goon who’s managed to get their hands on your personal information. However, according to new research, said goons have unfortunately found a number of effective ways to get around your 2FA protections—and they’re using these methods more and more. The study, put out by academic researchers with Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits that are being used to sneak past authentication protections. Toolkits are malicious software programs that are designed to aid in cyberattacks. They are engineered by criminals and typically sold and distributed on dark web forums, where any digital malcontent can buy and use them. 

Related Posts