AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/23/2020

1 – Patch for Recently Disclosed VMware Fusion Vulnerability Incomplete

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.

VMware informed customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries. The company released updates that should have patched the vulnerability, which is tracked as CVE-2020-3950. However, the researchers credited for reporting the vulnerability to VMware — Jeffball from cybersecurity firm GRIMM and Rich Mirch — both told SecurityWeek that the patch for Fusion is incomplete. Shortly after, VMware updated its initial advisory to confirm that Fusion 11.5.2 for macOS does not completely prevent exploitation.


2 – Food Delivery Service in Germany Under DDoS Attack

Cybercriminals found in the context of a public health crisis that caused unprecedented restrictions affecting the restaurant industry a perfect opportunity to launch an attack on the systems of Takeaway food delivery service in Germany. The measures adopted by the country to limit the spread of the COVID-19 virus have a drastic impact on social life. Restaurants function under strict rules that limit the number of guests, impose a greater distance between the tables, and have to stay closed between 6pm and 6am. Under these conditions, many Germans order in through food delivery services like Takeaway.com (Lieferando.de). Yet cybercriminals have launched a distributed denial-of-service attack on the website demanding  2 bitcoins (around $11,000) to stop the siege.


3 – Hackers Hide Malware C2 Communication By Faking News Site Traffic

A cyber-espionage group active since at least 2012 used a legitimate tool to shield their backdoor from analysis attempts to avoid detection. In their effort, the hackers also used a fake host header named after a known news site. The backdoor is referred to by the names Spark and EnigmaSpark and was deployed in a recent phishing campaign that appears to have been the work of the MoleRATs group, the low-budget division of the Gaza Cybergang. This is the actor responsible for operation SneakyPastes, detailed by Kaspersky, which relied on malware hosted on free sharing services like GitHub and Pastebin. There are strong indications that the group used this backdoor since March 2017, deploying dozens of variants that contacted at least 15 command and control domains.


4 – Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map

It’s not just opportunistic, financially-motivated criminals who are seizing on the novel coronavirus pandemic to conduct cyberattacks. Operators of spyware are also exploiting the health crisis to boost their surveillance efforts. Mobile security firm Lookout has traced a malicious Android application to what it says is a long-running campaign to spy on people in Libya. The spyware masquerades as the popular map produced by Johns Hopkins University that tracks the spread of COVID-19, the disease caused by the novel coronavirus. The software, called SpyMax, allows the operator to exfiltrate call and text logs, and remotely activate microphones and cameras.


5 – Scientists create quantum sensor that covers entire radio frequency spectrum

A quantum sensor could give Soldiers a way to detect communication signals over the entire radio frequency spectrum, from 0 to 100 GHz, said researchers from the Army.  Such wide spectral coverage by a single antenna is impossible with a traditional receiver system, and would require multiple systems of individual antennas, amplifiers and other components. In 2018, Army scientists were the first in the world to create a quantum receiver that uses highly excited, super-sensitive atoms—known as Rydberg atoms—to detect communications signals, said David Meyer, a scientist at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory. 


6 – Hong Kong makes wearable trackers mandatory for new arrivals, checks in with ‘surprise calls’ too

Hong Kong has made it mandatory for all new arrivals to wear an “electronic wristband” that links to a smartphone to provide location-tracking services, so that authorities can be sure they’re observing COVID-19 quarantine requirements. And the city-state insists its privacy commissioner has signed off on the idea because it “does not pose privacy concerns.” As explained today by government CIO Victor Lam, “the app will not capture directly the location, but only capture the changes in the location, especially the telecommunication and communication signals around the confinee to ensure that he (or she) is staying at home.”


7 – Google launches Covid-19 page and search portal with safety tips, official stats and more, US-only for now

Google  says Coronavirus has become its biggest search topic by a country mile this year, and to continue its efforts to harness that attention in the best possible way, late on Friday the company launched a new information portal dedicated to the pandemic as well as an improved search experience for desktop and mobile. The search experience, Google says, was updated in response to “people’s information needs expanding,” while the new information portal also provides the basic, most useful information (for example around symptoms), plus a lot of links and on-site options to explore further.


8 – US uses encrypted app to connect with Iranians as coronavirus sweeps their country

The State Department is using social media to encourage Iranians to share information with the Trump administration — both on an encrypted tip line and through an online survey — about the coronavirus pandemic that is devastating the country. “This is Iran’s Chernobyl,” said one administration official of the outbreak, who described social media portals as a tool to bypass the Iranian regime and connect to the country’s people. The US began encouraging Iranians to use the encrypted messaging app last year, when Iranian demonstrators took to the streets and US officials wanted to learn more about the regime’s bloody crackdown. Now, with Covid-19 devastating Iran, the tip line has been reinvigorated, administration officials told CNN. This time, the goal is to collect information from Iranians, find ways to share that information when it is determined to be accurate and leverage the coronavirus in an effort to fortify a relationship with the Iranian people, the officials said.


9 – Zuckerberg tries to prevent Facebook server ‘melt down’ as WhatsApp call volume spikes

In countries where the novel coronavirus has disrupted daily life, the digital phone’s been ringing off the hook. That news comes directly from Mark Zuckerberg who, on a Wednesday conference call regarding Facebook’s response to COVID-19, told members of the press that the voice call volume for WhatsApp and Messenger in Italy, and other countries significantly affected by the coronavirus is more than double normal levels.  Presumably, people are relying on virtual communication and socialization more now since they’re under quarantine or practicing social distancing in their homes. That has jacked up the amount of data flowing through Facebook’s servers. In response, Facebook has had to beef up its infrastructure and capacity of its servers, noting that it has already doubled the server capacity for WhatsApp. 


10 – Real Estate Brokers Lean On Tech, Adapt to Coronavirus

Nationwide there has been a general disruption with COVID-19, also known as the coronavirus. With the global pandemic unfolding, the real estate industry is not immune to its effects. To shoulder the temporarily new normal of isolation in the face of the current public health crisis, real estate brokers are relying heavily on technology more than ever to get deals done, Maria Avellaneda, a broker at real estate brokerage firm Compass, tells GlobeSt.com. Avellaneda and other brokers are relying on technology to continue to do their jobs, transitioning anything that requires in-person communication to virtual interaction, such as having conference calls, setting up online payment structures and banking platforms. 


11 – Phone location data could be used to help UK coronavirus effort

BT, owner of UK mobile operator EE, is in talks with the government about using its phone location and usage data to monitor whether coronavirus limitation measures such as asking the public to stay at home are working. The ability to create movement maps of anonymised data, meaning individuals could not be identified, could prove invaluable in evaluating and shaping the state response to the spread of the virus. The information provided on geographical movement would be delayed by 12 to 24 hours rather than arrive in real time, but would still be able to show patterns such as whether people were avoiding the high street and heeding government advice to stay away from pubs, bars and restaurants.


12 – The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried.

The White House and the Centers for Disease Control and Prevention are asking Facebook, Google and other tech giants to give them greater access to Americans’ smartphone location data in order to help them combat the spread of the coronavirus, according to four people at companies involved in the discussions who are not authorized to speak about them publicly. Federal health officials say they could use anonymous, aggregated user data collected by the tech companies to map the spread of the virus — a practice known as “syndromic surveillance” — and prevent further infections. They could also use the data to see whether people were practicing “social distancing.”


13 – Apple shows a White House coronavirus PSA to App Store users

Tech giants have been displaying prominent coronavirus alerts in various places, but Apple is stepping things up with its latest addition. Users have noticed that Apple is now displaying a White House public service announcement at the top of the App Store for US customers. Tap it and White House Coronavirus Task Force member Dr. Anthony Fauci offers guidance on the “dos and don’ts” of social distancing. It’s an unusual location for a PSA, but makes sense when many users are likely to check for app updates. Apple wants to be sure that a message like this reaches as wide an audience as possible — and while News has plenty of readers, that might not be enough. This also hints at a new (if hopefully short-lived) normal where COVID-19 pandemic information is relatively ubiquitous in the digital landscape, including from official sources like Fauci.


14 – IBM, Amazon, Google and Microsoft partner with White House to provide compute resources for COVID-19 research

During today’s White House coronavirus task force press conference, President Trump announced the launch of a new public/private consortium to “unleash the power of American supercomputing resources.” The members of this consortium are the White House, the Department of Energy and IBM . Other companies, including Google, Amazon and Microsoft, as well as a number of academic institutions, are also “contributing lots of different things,” the president said.


15 – Disney Plus throttles streaming quality amid coronavirus outbreak

Just about every streaming service is throttling video quality in Europe during the coronavirus quarantine. Disney Plus announced over the weekend it was joining Netflix, Apple TV Plus, YouTube and Amazon Prime in the measure taken to help internet services cope with an increase in demand while so many people are in self-isolation. Disney Plus is set to launch in Europe in a couple of days, although unfortunately for France, Disney has pushed its launch from March 24 to April 7, at the request of the French government. Disney Plus is “proactively instituting measures to lower our overall bandwidth utilization by at least 25% in all of the markets launching Disney+ on March 24th,” said Kevin Mayer, Disney’s chairman of Direct-to-Consumer and International, in a statement (via Forbes).

Related Posts