Image of a space with many servers. A server room.

Microsoft vulnerability leaves over 60,000 email servers vulnerable to Hafnium attack. CISA Advisory provides guidance on how to protect email systems.

Image Credit: Schäferle from Pixabay.

***Updated March 13, 2021 – CISA has identified seven webshells associated with this activity. This is not an all-inclusive of webshells that are being leveraged by actors. CISA recommends organizations review the following malware analysis reports (MARs) for detailed analysis of the seven webshells, along with TTPs and IOCs. 

  1. AR21-072A: MAR-10328877.r1.v1: China Chopper Webshell
  2. AR21-072B: MAR-10328923.r1.v1: China Chopper Webshell
  3. AR21-072C: MAR-10329107.r1.v1: China Chopper Webshell
  4. AR21-072D: MAR-10329297.r1.v1: China Chopper Webshell
  5. AR21-072E: MAR-10329298.r1.v1: China Chopper Webshell
  6. AR21-072F: MAR-10329301.r1.v1: China Chopper Webshell
  7. AR21-072G: MAR-10329494.r1.v1: China Chopper Webshell

***Updated March 12, 2021 – Check my OWA tool for checking if a system has been affected.

Earlier this month Microsoft disclosed a set of vulnerabilities in Microsoft Exchange server products. Microsoft has provided a blog post where you can find an explanation of the attack on Exchange servers, information on HAFNIUM, and more.

Check out this latest advisory from the Cybersecurity and Infrastructure Security Agency (CISA), with step-by-step instructions on how to gather evidence with FTK Imager and KAPE. The Alert includes information on how to mitigate the vulnerabilities, including tactics, techniques and procedures (TTP) and the indicators of compromise (IOCs) associated with this attack.

As of March 10, 2021, CISA recommends the following:

  • Organizations should run the Test-ProxyLogon.ps1 script as soon as possible—to help determine whether their systems are compromised.
  • Organizations should investigate signs of a compromise from at least January 1, 2021 through present.

Furthermore, according to Bloomberg, the Chinese state-sponsored hacking group has claimed at least 60,000 known victims globally.

person entering emoticons in smartphone.

Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data

[©2016. Published in GPSOLO, Vol. 37, No. 5, September/October 2020, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder]

* Updated November 25 to include references to CPRA/ Prop24.

The episode “Nosedive” of the television series Black Mirror envisions a society built on social credit scores. In this dystopia, all social media networks have converged into one platform—think Facebook, TikTok, Yelp, and Equifax combined.

This umbrella social platform allows users to rate each other on a five-point scale after each social interaction. Those with a high score gain access to job opportunities, favorable zip codes, and even high-status relationships. Those with a low score have the social ladder kicked out from under them, leading to a downward cycle of estrangement—and in the case of Black Mirror’s protagonist, jail time.

While the society in “Nosedive” seems far-fetched, is the technology behind it plausible?

Facebook Patents That Impact Privacy

According to Facebook’s patents, the answer is a resounding “yes.”

In a series of filings spanning almost a decade, Facebook has obtained several patents that allow social media platforms to track, identify, and classify individuals in new and innovative ways. Below are just few.

Tracking individuals via dust. U.S. Patent No. 9485423B2, “associating cameras with users and objects in a social networking system” (filed September 16, 2010, patented June 25, 2013), allows social media networks to identify an individual’s friends and relationships by correlating users across the same camera. To do so, an algorithm analyzes the metadata of a photo to find a camera’s “signature.”

Continue Reading Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data
Image of gears directing arrows to shield.

The 2019 Capital One Breach Compared to the 2017 Equifax Breach: Evolving and Improving Attitudes toward Data Security, Breach Detection, and Breach Notification

Image Credit: Khanittha Yajampa via Dreamstime.com

On September 7, 2017, Equifax announced that it had suffered a data breach that exposed the personal data of nearly 147 million people. Two years following the Equifax breach, Capital One also suffered a data breach nearly as massive in scope, affecting approximately 100 million users in the United States and 6 million users in Canada.

A casual observer might think that the two breaches are similar. After all, they both affected a large financial institution and encompassed over a million financial records. The similarities end there, however. Capital One implemented security measures to protect its customer data and engaged in a speedy response to an insider threat. Equifax failed to implement even basic data protection measures and was laggardly in reporting the inevitable breach.

Only time will tell what the full repercussions will be of these two breaches. But based on the facts in front of us, Capital One’s quick response to this breach will ultimately protect more customers in the long run. Comparing the circumstances surrounding the two breaches show a positive trend toward companies taking their customers’ data more seriously and mindfulness of ever-increasing consumer vigilance about their own data.

Continue Reading The 2019 Capital One Breach Compared to the 2017 Equifax Breach: Evolving and Improving Attitudes toward Data Security, Breach Detection, and Breach Notification