AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/03/2023

Philippines’ new SIM card law could be abused by corrupt officials, critics say

As more than 4 million mobile phone users in the Philippines registered their SIM cards to comply with a new law this week, a manager at a small computer shop in Metro Manila said he would not rush to do the same. His shop assistant said he would not register at all: “They’re collecting personal data and you don’t know what they’ll do with it.” President Ferdinand Marcos Jnr in October signed into law the SIM Card Registration Act, a move meant to crack down on mobile phone scams and other crimes but has raised concerns of data privacy and abuse. Chief among the worries by critics is a section of the law that allows authorities to carry out “spoofing” of a registered SIM during “authorised activities of law enforcement agencies”.

PyTorch discloses malicious dependency chain compromise over holidays

PyTorch has identified a malicious dependency with the same name as the framework’s ‘torchtriton’ library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit ‘torchtriton’ dependency. From computer vision to natural language processing, the open source machine learning framework PyTorch has gained prominence in both commercial and academic realms.

LockBit ransomware claims attack on Port of Lisbon in Portugal

A cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day, has been claimed by the LockBit ransomware gang. The Port of Lisbon is part of the critical infrastructure in Portugal’s capital city, being one of the most accessed ports in Europe, due to its strategic location, and serving container ships, cruise ships, and pleasure crafts. According to a company statement shared with local media outlets on Monday, the cyberattack did not impact the port’s operations.

Ransomware gang apologizes, gives SickKids hospital free decryptor

The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children. On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

Poland warns of pro-Kremlin cyberattacks aimed at destabilization

Poland’s security agency said on Friday that the country has been a “constant target” of pro-Russian hackers since the start of the war between Russia and Ukraine. The cyberattacks on Poland’s government services, private companies, media organizations and ordinary citizens have intensified over the past year, it said. The country’s strategic, energy, and military enterprises are particularly at risk, it added. Polish cybersecurity officials said these cyberattacks are Russia’s response to Warsaw’s support for Ukraine and an attempt to destabilize the situation in the country. “Through hostile operations in cyberspace, Russia wants to exert pressure on Poland, as a frontline country and a key Ukraine’s ally on the NATO eastern flank,” the agency said.

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery comes from cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that’s said to have been obtained by exploiting SQL injection faults.

Related Posts