AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/6/2020

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix

Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix. Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized applications. Software engineer and app developer Jeff Johnson discovered that a malicious application could access files in ~/Library/Safari, which are typically restricted to Safari and Finder, or applications that have been granted special permissions, such as ‘Full Disk Access’. The exploit, the app dev explains, targets two flaws in TCC, namely the fact that TCC exceptions rely on an application’s bundle identifier and not the file path, and that TCC doesn’t do a deep check of code signatures.


Ransomware gangs are doing their homework before encrypting corporate data

The lengthy amount of time that criminal hackers are sitting undetected on the networks of U.S. businesses is giving them powerful leverage to extort their victims, according to a Department of Homeland Security cybersecurity official. Going unnoticed on corporate networks allows ransomware gangs to size up their victims and funnel out data before ransom negotiations even begin, said Matt Travis, deputy director of DHS’s Cybersecurity and Infrastructure Security Agency. “They’re not just going into networks and seizing data,” Travis said Wednesday at IBM’s Think Gov Digital event, produced by FedScoop. “They’re snooping around” for balance sheets and other financial data to “gain intelligence on how much of a ransom they think they can get.”


Everything You Must Know About Common Venmo Scams

The Better Business Bureau has recently warned customers regarding a Venmo digital wallet scam that involves malicious actors accidentally sending money to users. It seems as if scammers are connecting stolen credit cards to Venmo apps and transferring money to unsuspected customers. Once the transfer is done, they contact the user on the app with a message which sounds believable, for instance, “Can you reverse the money sent mistakenly?” Well, the Venmo app is not entirely safe to use. It has been historically associated with several payment frauds, and this continued after reporting losses of approximately $40 million during the first three months of 2018. There are several scams related to the Venmo app. In this article, we’ll be discussing various Venmo scams and how to protect you from such attacks.


LinkedIn says iOS clipboard snooping after every key press is a bug, will fix

A LinkedIn spokesperson told ZDNet yesterday that a bug in the company’s iOS app was responsible for a seemingly privacy-intrusive behavior spotted by one of its users on Thursday. The issue was discovered using the new beta version of iOS 14. For iOS 14, set to be officially released in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using this new mechanism, users spotted last week how Chinese mobile app TikTok was reading content from their clipboard at regular short intervals. TikTok said the feature was part of a fraud detection mechanism and that the company never stole the clipboard content, but promised to remove the behavior anyway, to put users’ minds at ease.


Gmail users flooded with spam messages, company says issue fixed

Gmail users around the world were complaining about spam messages flooding their inbox over the weekend as the Google service was apparently suffering from a widespread problem with its email filters. Several Gmail users took to Twitter and other social media platforms like reddit to convey they were being bombarded with spam messages. Google acknowledged the problem to Forbes, saying the spam flaw was actually part of a bigger issue which caused Gmail emails to be delayed, both when sent and received. The consequence of this was “some messages were delayed enough that they resulted in delivery without all spam checks completing”. Google said that “during this time, scans to filter malware and the most egregious spam and harmful content remained fully operational”.

Related Posts