AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/13/2020

1 – New action to disrupt world’s largest online criminal network

Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks. The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world. During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.


2 – FBI arrests Russian behind Deer.io, a Shopify-like platform for cybercrime

The FBI has arrested a Russian national believed to be behind Deer.io, a Shopify-like platform that hosts online stores where hackers advertise and sell hacked accounts and stolen user information. The suspect, named Kirill Victorovich Firsov, was arrested on Saturday, March 7, at the John F. Kennedy Airport, in New York, according to an arrest warrant seen by ZDNet. US officials say Firsov has been in charge and running the Deer.io platform since its launch in October 2013. The site, which lets users host online stores for around $12/month, is believed to have hosted more than 24,000 shops and made more than $17 million, according to claims posted by Firsov on the Deer.io platform.


3 – Ring temporarily pauses most third-party data collection

Ring promised to give users more control over their privacy — and the company seems to be making an honest effort. After The Electronic Frontier Foundation discovered that Ring’s apps were sharing data with third parties, Ring allowed users to opt out of certain data sharing practices — as well as police video requests. Now, the company is pausing its use of “most third-party analytics services” for the Ring apps and website while it works on a better solution. A Ring representative told Engadget that this temporary measure will allow the company to add more privacy options in the app’s Control Center menu. While users can currently turn off some tracking options, the Control Center additions — which will be available in early spring — will provide further ways to limit data sharing with third parties.


4 – Researchers use AI to translate text found on ancient clay tablets

Scientists at the University of Chicago are developing a machine learning system that can automatically transcribe text found on ancient clay tablets. The DeepScribe system will initially focus on transcribing the Cuneiform writing system used in the ancient Iranian Achaemenid Empire (550–330 BC), the University of Chicago News reports. Existing computer systems struggle to translate this script, due to its complex characters and the 3D form of the tablets on which they’re written. The team of researchers from the University of Chicago’s Oriental Institute and its Department of Computer Science thinks their system could do better.


5 – WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites. Popup Builder enables site owners to create, deploy, and manage customizable popups containing a wide range of content from HTML and JavaScript code to images and videos. Sygnoos, the plugin’s developer, markets it as a tool that can help increase sales and revenue via smart pop-ups used to display ads, subscription requests, discounts, and various other types of promotional content.


6 – Telecommunications International Production Orders Bill sent to PJCIS

The Telecommunications Legislation Amendment (International Production Orders) Bill 2020 has been sent off to the Australian Parliamentary Joint Committee on Intelligence and Security (PJCIS) for review following a request from Home Affairs Minister Peter Dutton. The Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a framework for Australian agencies to gain access to stored telecommunications data from foreign designated communication providers in countries that have an agreement with Australia, and vice versa, as well as remove the ability for nominated Administrative Appeals Tribunal members to issue certain warrants.


7 – Coronavirus could force ISPs to abandon data caps forever

Pressure from the global pandemic has broadband companies loosening the arbitrary restrictions on the connections users pay for — and this may be the beginning of the end for the data caps we’ve lived in fear of for decades. Here’s why. The coronavirus threat and official policies of “social distancing” are leading millions to stay home, doing meetings via video chat and probably watching Netflix and YouTube the rest of the time. That means a big uptick in bytes going through the tubes, both simultaneously and cumulatively.


8 – Advanced Russian Hackers Use New Malware in Watering Hole Operation

Two previously undocumented pieces of malware, a downloader and a backdoor, were used in a watering hole operation attributed to the Russian-based threat group Turla. To reach targets of interest, the hackers compromised at least four websites, two of them belonging to the Armenian government. This indicates that the threat actor was after government officials and politicians. The new tools are a .NET malware dropper called NetFlash and a Python-based backdoor named PyFlash. They would be delivered following a fake Adobe Flash update notification received by victims.


9 -Twitter orders all employees worldwide to work fro

All Twitter employees must work from home until further notice in order to help slow the spread of COVID-19, the company announced today. Twitter had already “strongly encouraged” employees to do so in an announcement early last week, but is now making the directive mandatory across the world. Twitter will continue to pay contractors, hourly workers, and vendors for standard working hours if they’re unable to perform their duties at home. The company will also be providing reimbursement for home office setup expenses, as well as for parents who may have to pay additional daycare costs. Tech companies including Apple, Amazon, Microsoft, and Google have issued similar guidance to employees in various regions, but Twitter’s order to its entire 4,900-strong global workforce is one of the strongest yet amid the ongoing coronavirus pandemic.


10 – Google Chrome Gets ‘Default to Guest’ Mode for Stateless Browsing

Google announced today that a new ‘Default to Guest mode’ feature is now available for Windows, Linux, and macOS power users of the Chrome web browser. The new Google Chrome feature can be enabled using a command-line switch or an enterprise policy, and it allows users to configure the web browser to always launch into Guest Mode. In this browsing mode, Chrome will delete all browsing activity from the computer after exiting the browser, providing its users with “a stateless browsing experience from session to session.”

Related Posts