Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/28/2020

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs

An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation. According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet’s payload downloads. Emotet is a complex and multi-component machinery. For readers to understand what’s really happening here, a quick intro into Emotet’s internal structure and distribution mechanism is needed.

 

Garmin services returning after alleged cyber-attack

GPS and fitness-tracker firm Garmin appears to be slowly coming back online following a widespread outage affecting users worldwide. Users of the company’s services were unable to access their data due to an alleged ransomware attack. Now customers are starting to report that the service appears to be “partially” working again. Reports claimed that the company had been asked to pay $10m (£7.79m) to get its systems back online. Ransomware is a type of malware which lets hackers take control of a company’s systems and encrypt their data, before demanding payment to release it. Garmin has yet to comment on those claims, or say what was behind the outage.

 

Ratings for Open Source Projects Aim to Make Software More Secure

Most developers choose an open source project based on a combination of how well the software suits the task at hand, whether the developers of the project are active, and whether the project has a good reputation. Yet, with vulnerabilities in open source components a key security problem for software teams, finding better metrics to inform choices is necessary, according to software tool makers. On July 27, two companies — open source project management firm Snyk and development services firm xs:code — announced they have teamed up to provide a browser plug-in that will give developers important metrics by which to gauge the security of open source projects. The tool, Insights, displays metrics — such as a health score and the number of vulnerabilities known to be in the component — to developers, as well as a measure of the development activity for the project.

 

Rep. Matt Gaetz says Mark Zuckerberg lied to Congress … in 2018

Days before Mark Zuckerberg is scheduled to appear at a high-profile antitrust hearing, a member of Congress has accused the Facebook CEO of lying to Congress, and asking the Department of Justice to investigate. Florida Rep. Matt Gaetz said Monday that he sent a criminal referral to Attorney General Bill Barr, asking for an investigation into Zuckerberg for “making materially false statements to Congress while under oath” a full two years after the fact. Citing Zuckerberg’s 2018 testimony, Gaetz says that Zuckerberg lied to Congress when he described Facebook as “politically neutral.” He said that a recent report from Project Veritas, the right-wing activist group known for dubious “undercover” investigations, proves the social network unfairly censors conservatives.

 

Burglars expose Walgreens customer data in a different kind of breach

Groups of unidentified thieves broke into multiple Walgreens stores in late May and early June and stole prescription information and other data on some 70,000 customers, a spokesman for the pharmacy chain said Monday. The assailants forced their way behind pharmacy counters and stole drug prescriptions, and also took a “very limited number of hard drives attached to stolen cash registers,” according to a letter Walgreens sent affected customers. Customers’ health insurance and vaccination information may have been swept up in the breach, Walgreens said, but credit card data and Social Security numbers were not affected. The incidents are a reminder that, as health care organizations try to guard their networks from hackers, physical attacks can also compromise sensitive customer data. As the second largest drugstore chain in the U.S. after CVS, Walgreens hosts a wealth of data that criminals could profit from on underground online forums.

 

Google is laying a giant new undersea internet cable stretching from New York to the UK and Spain

Google is planning to lay more than 3,000 miles of transatlantic undersea cable by 2022. The tech giant announced its new Grace Hopper undersea cable project on Tuesday. The Grace Hopper cable, named after the famous US computer scientist, will connect New York to Bude in the UK and Bilbao, Spain. The distance from New York to Bude in Cornwall, England is roughly 3,290 miles. In a statement Google said Grace Hopper marks its first private investment in a private subsea cable route to the UK, and its first ever cable route to Spain. Google says the Grace Hopper cable is expected to be completed by 2022, and the company will use a new technique to make it more reliable than existing fibre-optic cables.

Related Posts