Security daily (19-02-2021)

Allegations of planted evidence raise questions about hacking ecosystem in India

Recent allegations that planted evidence may have been used to frame an activist in a terrorism case are raising new questions about the surveillance and hacking ecosystem in India. The human rights activist in question, Rona Wilson, is one of several people accused of plotting to overthrow the Indian government in connection with a violent demonstration in Bhima Koregaon, India in 2017. Wilson is among the several activists accused of instigating violence at the demonstration. Cases against the defendants have largely relied on digitally-collected evidence, according to Amnesty International. He has been incarcerated for nearly three years. A new forensic analysis of Wilson’s computer, conducted by Boston-based Arsenal Consulting, is now raising questions about the viability of the evidence, who put it there and the extent to which hacking in India is used to further the government’s prosecutions. Details about the ecosystem of surveillance and cyber mercenary groups in India […] The post Allegations of planted evidence raise questions about hacking ecosystem in India appeared first on CyberScoop. (CyberScoop)

The massive coronavirus IT blunder with a funny side

He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them. (Naked Security)

Browser Tracking Via Favicons Affects Multiple Browsers

(News ≈ Packet Storm)

Microsoft Wraps SolarWinds Probe, Nudges Companies Towards Zero Trust

(News ≈ Packet Storm)

Apple Outlines 2021 Security, Privacy Roadmap

(News ≈ Packet Storm)

WhatsApp To Move Ahead With Privacy Update Despite Backlash

(News ≈ Packet Storm)

Malformed URL Prefix Phishing Attacks Spike 6,000%

Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. (Threatpost)

Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why. (Threatpost)

Credential-Stuffing Attack Targets Regional Internet Registry

RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service. (Threatpost)

Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. (Threatpost)


/security-daily/ 20-02-2021 23:44:25