Time sure flies when you're learning
Seems it’s monday again which means another newsletter is here. Last week there where sadly no newsletter since i decided to focus on spending more of my time on CTI and OSINT related studies, specially considered i finally manage get around to get Micheal Bazzell’s OSINT Book, so now was as good time as any to spend some more time on such studies.
To be honest, i almost didn’t release this week either due to me getting a little too occupied by above mentioned reasons, but i would feel bad for not releasing anything 2 weeks in a row and since i had some stuff on my deck, i decided i should try cobble together one this week even if not up to the specs i would’ve liked, so hopefully it’s not too bad:)
News Of interest
The Fallout From Apple’s Bizarre, Dogged Union-Busting Campaign
Kazu: the Union train is saying "toot toot" and people want onboard, lately i have seen there's been a huge push for unionization within various industries such as the game industry against big companies due to their rampant disregard for treating it's employees like human with rights. naturally the companies don't like when people create union and can legally force a company to treat them better, so they keep on trying to bust any unionization attempt.
But it appears employees at other companies, like tech related ones such as apple have started get enough as well and more and more apple stores want a union so they can be treated like actually people, but seems apple don't like that idea, so naturally, it keep on trying to do what they can to bust such, which is not cool and have gotten even the people not trying to unionize to get annoyed about apple's behavior with some who didn't considered doing it before now very much start to have change of mind.
Tags: Apple, Union, tech
Italian Insurer’s Data Breach Uncovered Sensitive Staff Documents
Kazu: apparently some Italian insurance companies didn't secure their Amazon buckets properly(as usual) and left two of them without any kind of security exposing a large amount of information related to the company itself but also PII of staff, course attendees and other people connected to the company in some way.
There's no confirmations that these buckets was actually accessed and downloaded by anyone with malicious intent(from what i can read), but misconfigured amazon buckets are so common that i can guarantee there's bad people out there scanning for open buckets 24/7, so very much expect someone already downloaded it all, specially consider how long it took the company to secure it.
Tags: Leak, InfoSec, amazon, cloud, insurance company, Italy
Updates, Tools, etc
DuckDuckGo Stopping Microsoft Tracking Code
Kazu: some time ago it was discovered that the privacy focused search engine known as "DuckDuckGo" was not blocking tracking cookies from Microsoft, which naturally, many privacy conscious people got very upset about.
now DDG have stated that they will now start blocking those as well along with all the other ones from services such as google, amazon, Facebook and other 3th party's you expect.
Tags: Privacy, Search, DuckDuckGo, Web, Tracking
Detecting Linux Anti-Forensics: Timestomping
Kazu: Timestomping is the technique of modifying the date and time stamp of files to another time and/or date in order to confuse and slow down analysts and DFIR people, and in this short article, @inversecos runs through two ways timestopping is done in linux and how to detect it.
Tags: DFIR, Linux, Digital Forensic, Anti-Forensic, InfoSec
A new “Volatile Data Collector” tool is here
Kazu: collecting volatile data when doing DFIR provides various challenges, some easier to deal with then others. Grzegorz Tworek (@0gtweet) got tired of that and decided to try to make his own tool to collect the information he needs. This tool collects all the various things that you expect to be collected, but it only works for Windows 10 and above, although, he says it's easily compiled for Windows 7 as well.
Tags: DFIR, Digital Forensic, GitHub, memory, collector, Language:C
VirusTotal update makes it possible to Browser for IOCs and TTPs
Kazu: apparently virustotal have a new feature which let you browse IOC's by Threat Actors and get their TTP's as well, which seems like a nice future, although, i have no idea if it's part of the free tier or you need the big bankrolls to be able to use it.
Tags: CTI, Threat Intelligence, Malware, VirusTotal, ThreatHunting, Infosec IOC, TTP