AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/6/2020

Twitter reveals Mozilla Firefox bug that stores your direct messages for up to 7 days

Twitter recently warned users of a Mozilla Firefox bug that grants access to accounts’ non-public information to anyone using the device. “We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache,” Twitter said in a statement on April 2. “This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter.” Cache retention in Firefox is known to last 7 days. During this time, anyone using the same computer could have viewed your sensitive or private information. This might not seem so dangerous now that most of us are self-isolating. However, if you share your PC with your family or flat mate, they can find a copy of your private messages in Firefox.


Automated tool can find 100 Zoom meeting IDs per hour

An automated tool developed by security researchers is able to find around 100 Zoom meeting IDs in an hour and information for nearly 2,400 Zoom meetings in a single day of scans, according to a new report from security expert Brian Krebs. Security professional Trent Lo and members of SecKC, a Kansas City-based security meetup group, made a program called zWarDial that can automatically guess Zoom meeting IDs, which are nine to 11 digits long, and glean information about those meetings, according to the report. In addition to being able to find around 100 meetings per hour, one instance of zWarDial can successfully determine a legitimate meeting ID 14 percent of the time, Lo told Krebs on Security. 


Small business owners applying for COVID-19 relief may have had PII exposed, agency says

As the federal agency overseeing relief to small businesses during the coronavirus pandemic was preparing to ramp up its lending, some of the Small Business Administration’s loan applicants may have had their personally identifiable information exposed to others, an agency spokeswoman tells CyberScoop. “Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on [Small Business Administration’s] loan application site,” SBA spokeswoman Carol Wilkerson said in a statement Saturday.


Zoom CEO responds to security and privacy concerns: ‘We had some missteps’

Appearing before a background that said “we care” over an image of a heart-shaped planet Earth, Zoom CEO Eric S. Yuan said Sunday on CNN that despite the company’s recent security problems, its “intentions are good.” “We moved too fast… and we had some missteps,” Yuan said in an interview with CNN’s Brian Stelter. “We’ve learned our lessons and we’ve taken a step back to focus on privacy and security.” Yuan earlier told the Wall Street Journal that he “really messed up as CEO” and that he felt “an obligation to win the users’ trust back.”


Firefox zero day in the wild: patch now!

Mozilla just pushed out an update for its Firefox browser to patch a security hole that was already being exploited in the wild. If you’re on the regular version of Firefox, you’re looking to upgrade from 74.0 to 74.0.1 and if you’re using the Extended Support Release (ESR), you should upgrade from ESR 68.6.0 to ESR 68.6.1. Given that the bug needed patching in both the latest and the ESR versions, we can assume either that the vulnerability has been in the Firefox codebase at least since version 68 first appeared, which was back in July 2019, or that it was introduced as a side effect of a security fix that came out after version 68.0 showed up.


Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others

Earlier this week, traffic meant for more than 200 of the world’s largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected through Rostelecom, Russia’s state-owned telecommunications provider. The incident affected more than 8,800 internet traffic routes from 200+ networks, and lasted for about an hour. Impacted companies are a who’s who in the cloud and CDN market, including big names such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode.

Related Posts