AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/2/2024

Indonesian government didn’t have backups of ransomwared data, because DR was only an option

Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up. The audit and revelation that Indonesia lacks a backup plan came in aftermath of ransomware attack on the nation’s Temporary National Data Center (PDNS) that took place on June 20th and resulted in widespread disruption of digital services. Government officials communicated that a fresh variant of the LockBit malware, named Brain Cipher, was used in the attack. “Just like other ransomware, it encrypts all data, all files on the server they attack,” Deputy Minister of Communication and Information Nezar Patria explained.


Facebook and Instagram’s ‘pay or consent’ ad model violates the DMA, says the EU

The EU has formally charged Meta with violations of its Digital Markets Act (DMA), marking its second such charge in as many weeks. The European Commission writes in a preliminary ruling that the “pay or consent” advertising model that launched last year for Facebook and Instagram users runs afoul of Article 5(2) of the DMA by not giving users a third option that uses less data for ad targeting but is still free to use. Regulators found in their investigation that Meta gives users a “binary choice” that forces them to either choose to pay a monthly subscription fee to get the ad-free version of Facebook and Instagram or consent to the ad-supported version. Where Meta runs afoul of its rules, it says, is by not letting users opt for a free version that “uses less of their personal data but is otherwise equivalent to the ‘personalised ads’ based service” and by not allowing them to “exercise their right to freely consent to the combination of their personal data.”


New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client applications. “The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems,” Bharat Jogi, senior director of the threat research unit at Qualys, said in a disclosure published today. “This race condition affects sshd in its default configuration.”


3 million iOS and macOS apps were exposed to potent supply-chain attacks

Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to supply-chain attacks. Hackers could have added malicious code compromising the security of millions or billions of people who installed them, researchers said Monday. The vulnerabilities, which were fixed last October, resided in a “trunk” server used to manage CocoaPods, a repository for open source Swift and Objective-C projects that roughly 3 million macOS and iOS apps depend on. When developers make changes to one of their “pods”—CocoaPods lingo for individual code packages—dependent apps typically incorporate them automatically through app updates, typically with no interaction required by end users.


Security experts issue warning over new spyware variant targeting Android users

Security researchers have issued a warning over four new Android spyware apps that are being harnessed to target users globally. Known as ‘CapraRAT’, this Android-based remote access trojan embeds spyware within curated video browsing applications, and has been expanded to target mobile gamers, weapons enthusiasts, and social media users, according to SentinelLabs. The group behind the campaign, known as Transparent Tribe, has been active since at least 2016 and is known for targeting military and diplomatic personnel in both India and Pakistan, more recently expanding to the Indian education sector.

Related Posts