AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/6/2024

NSA warns of North Korean hackers exploiting weak DMARC email policies

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.

 

Microsoft ties executive pay to security following multiple failures and breaches

It’s been a bad couple of years for Microsoft’s security and privacy efforts. Misconfigured endpoints, rogue security certificates, and weak passwords have all caused or risked the exposure of sensitive data, and Microsoft has been criticized by security researchers, US lawmakers, and regulatory agencies for how it has responded to and disclosed these threats. The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft’s Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity, Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer’s account, which allowed Storm-0558 to collect data from 25 of Microsoft’s Azure customers, including US federal agencies.

 

Judge mulls sanctions over Google’s “shocking” destruction of internal chats

Near the end of the second day of closing arguments in the Google monopoly trial, US district judge Amit Mehta weighed whether sanctions were warranted over what the US Department of Justice described as Google’s “routine, regular, and normal destruction” of evidence. Google was accused of enacting a policy instructing employees to turn chat history off by default when discussing sensitive topics, including Google’s revenue-sharing and mobile application distribution agreements. These agreements, the DOJ and state attorneys general argued, work to maintain Google’s monopoly over search.

 

Microsoft plans to lock down Windows DNS like never before. Here’s how

Translating human-readable domain names into numerical IP addresses has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And many end-user devices can easily be configured to stop using authorized lookup servers and instead use malicious ones. Microsoft on Friday provided a peek at a comprehensive framework that aims to sort out the Domain Name System (DNS) mess so that it’s better locked down inside Windows networks. It’s called ZTDNS (zero trust DNS). Its two main features are (1) encrypted and cryptographically authenticated connections between end-user clients and DNS servers and (2) the ability for administrators to tightly restrict the domains these servers will resolve.

 

Hackers Target New NATO Member Sweden with Surge of DDoS Attacks

Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout. After a 500 Gbps attack against the Swedish government infrastructure in May 2023, DDoS attacks against Swedish organizations increased consistently, picking up significantly in late 2023 with 730 Gbps attacks. In 2024, the attack volume rose significantly from February. On February 14, Sweden’s Foreign Minister hinted at Hungary’s approval of their bid to join NATO. The next day, Netscout recorded 1524 simultaneous DDoS attacks targeting Swedish organizations.

Related Posts