AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/30/2020

Rare BadUSB attack detected in the wild against US hospitality provider

A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive. The receiving company was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for. But in reality, the USB thumb drive was what security experts call a “BadUSB” — a USB thumb drive that actually functions as a keyboard when connected to a computer, where it emulates keypresses to launch various automated attacks.

 

Apple iOS 13.4 offers fixes for 30 vulnerabilities

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. Apple doesn’t rate the severity of vulnerabilities in its advisories, but we can pick out a few highlights from their descriptions. The following apply to supported devices, namely the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

 

World Health Organization, Facebook, Microsoft team up in COVID-19 hackathon

The World Health Organization (WHO) has teamed up with tech giants to launch a coronavirus-themed hackathon to develop useful technologies for those impacted by the pandemic. On Tuesday, the WHO, alongside Microsoft, Facebook, Giphy, Pinterest, Slack, TikTok, Twitter, and WeChat said the global #BuildforCOVID19 hackathon “is an opportunity for developers to build software solutions that drive social impact, with the aim of tackling some of the challenges related to the current coronavirus (COVID-19) pandemic.” The coronavirus outbreak has resulted in over 435,000 confirmed cases, at the time of writing, worldwide. 

 

Plague Inc. rolling out new mode where you fight to contain the outbreak

The worldwide spread of coronavirus may feel a little too familiar for players of Plague Inc., the eight-year-old game that asks you to shepherd a deadly disease seeking to kill all of humanity. Now, developer Ndemic Creations says it is working on a new update that flips the game on its head by “let[ting] players save the world from a deadly disease outbreak.” Ndemic says it is “accelerating work” on the free new mode, which was developed in consultation with the World Health Organization and the Global Outbreak Alert and Response Network, Ndemic said in an announcement. In it, “players will have to balance managing disease progression and boosting healthcare systems as well as controlling real-world actions such as triaging, quarantining, social distancing, and closing of public services.”

 

Dark web hosting provider hacked again — 7,600 sites down

Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, has shut down today after getting hacked for the second time in 16 months, ZDNet has learned. Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal’s entire database. This happened earlier this month, on March 10, at around 03:30 am UTC, according to a message posted on DH’s now-defunct portal by Daniel Winzen, the German software developer behind the service.

 

Slack breaks user records as demand surges for remote working

Microsoft Teams isn’t the only business-focused chat and communications app that’s seeing a spike in demand. Slack is revealing today that it has hit new user records for simultaneously connected users, thanks to a surge in demand for remote working amid the ongoing coronavirus pandemic. On Tuesday March 10th, Slack saw concurrent users pass 10 million, which then jumped to 10.5 million six days later on March 16th before reaching 12.5 million yesterday. Slack isn’t revealing a total count of daily active users during this period, only simultaneously connected users. Slack previously revealed it has 12 million daily active users back in October, but the company has not publicly updated this number since.

 

Do You Have COVID-19? New Apple Site, iOS App Help Assess Symptoms

Apple can now help you determine whether you should request a coronavirus test. On Friday, the company released its COVID-19 screening tool, which will ask you questions about any coronavirus-related symptoms you’re feeling, and what to do next. Apple created the tool in partnership with the CDC, the White House Coronavirus Task Force, and FEMA, to make it easier for people in the US to receive trusted information on illness, which has now infected more than 93,000 people in the country. The test is open to all users, and available at apple.com/covid19. You can also download it from the iOS App Store. No personal information, such as name or email address, is required. The company also says it won’t share any answers you give to the screening tool to Apple or the CDC, unless you give them permission to do so.  

 

Cybercriminals’ Promises to Pause During Pandemic Amount to Little

In mid-March, ransomware gangs claimed to be pausing operations against healthcare organizations for the duration of the coronavirus pandemic, following pleas from some security firms and questions from journalists. The group behind the Maze ransomware operation, for example, pledged that “we [will] stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.” But the sincerity of such promises is suspect. The Maze Team reportedly was, at the same time they were pledging to stop activity, in the process of extorting money from a UK medical research facility, Hammersmith Medicines Research. 

 

Working from home? Switch off Amazon’s Alexa (say lawyers)

Those not used to working from home must be going through several stages of spiritual discomfort. Yes, ZDNet’s more experienced hands can help you acclimatize to the new working style, now that the COVID-19 pandemic has disrupted modern working life. Yet some professionals may not be so able to deal with life sans their office perks. Lawyers, for example. Many are used to sitting in their enclosed chambers, closing their doors and holding vital conversations about lawyerly matters. There, they feel secure. Working in their homes, they worry who may be spying on them. Alexa, for example, and her band of vastly intelligent speakerpersons. Bloomberg reports that famed UK law firm Mishcon de Reya — motto: “It’s Business. But It’s Personal.” (seriously) — is telling its fine employees to mute or even totally disable domestic smart speakers for confidential business calls.

 

Akamai to slow down video game downloads during COVID-19 outbreak

Content delivery network (CDN) Akamai announced today plans to slow down video game downloads during peak hours in order to preserve bandwidth and avoid traffic congestions during the coronavirus (COVID-19) outbreak. “In regions where demand is creating bottlenecks for customers, we will be reducing gaming software downloads at peak times, completing the downloads at the normal fast speeds late at night,” said Akamai CEO Tom Leighton. The slowdown won’t impact the act of playing a video game, which doesn’t generate large quantities of network traffic. Instead, the slowdown will only impact downloads for online games and not other types of traffic.

Related Posts