Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/30/2020

Chinese bank requires foreign firm to install app with covert backdoor

A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor. The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.

 

How hackers extorted $1.14m from University of California, San Francisco

A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News. The Netwalker criminal gang attacked University of California San Francisco (UCSF) on 1 June. IT staff unplugged computers in a race to stop the malware spreading. And an anonymous tip-off enabled BBC News to follow the ransom negotiations in a live chat on the dark web. Cyber-security experts say these sorts of negotiations are now happening all over the world – sometimes for even larger sums – against the advice of law-enforcement agencies, including the FBI, Europol and the UK’s National Cyber Security Centre. Netwalker alone has been linked to at least two other ransomware attacks on universities in the past two months.

 

Apple strong-arms entire CA industry into one-year certificate lifespans

A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates. Following Apple’s initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers. Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days. The move is an important one because it not only changes how a core part of the internet works — TLS certificates — but also because it breaks away from normal industry practices and the cooperation between browsers and CAs.

 

Top 10 riskiest IoT devices for enterprises, according to Forescout

Internet of things (IoT) technologies are becoming more popular as businesses look for unique and successful ways to capture and utilise data. However, according to Forescout, IoT devices exist in every vertical, can be hard to monitor and control, and can present risk to modern organisations both as entry points into vulnerable networks or as final targets of specialised malware. Essentially, IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place. In Forescout’s The Enterprise of Things Security Report, the company identified the 10 riskiest IoT devices for 2020.

 

ISPs Are Bringing Back Broadband Data Caps

Major internet service providers will resume data caps on broadband and data usage, as commitments to remove them in response to the COVID-19 pandemic are set to expire. This is occurring as the coronavirus continues to spread, and many workers and students are still working remotely in an effort to curb the virus’s spread through social distancing. Many Americans are still using high-bandwidth video chat software such as Zoom, Facetime, and Google Hangouts to keep in touch with loved ones and to do their jobs. Commitments to remove data caps by ISPs were originally made in March, as part of the Keep Americans Connected Pledge, an initiative launched by the Federal Communications Commission urging broadband and telephone companies to take steps to keep the country connected during the pandemic.

Related Posts