AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/05/2023

CircleCI security alert: Rotate any secrets stored in CircleCI

We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing. We will provide you updates about this incident, and our response, as they become available. At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well.

Rackspace Blames Zero-Day Exploit for Ransomware Hit Success

Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit to gain remote access to servers. Cybersecurity firm CrowdStrike has described the underlying flaw as being “a previously undisclosed exploit method for Exchange.” It says that while Microsoft released a patch for Exchange last November to address ProxyNotShell, it didn’t detail – or know – that unless organizations installed the patch, rather than using recommended mitigations, then this new exploit method could be used to gain direct, remote access to Exchange servers via the Outlook web client.

Ireland fines Meta $414m for using personal data without asking

A legal saga between Meta, Ireland and the European Union has reached a conclusion – at least for now – that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble. The Irish Data Protection Commision (DPC) said today that it has made a final decision fining Meta’s Irish operating arm a combined €390 million ($414 million) for violations of the EU’s General Data Protection Regulation, and directing it to “bring its data processing operations into compliance within a period of 3 months,” the DPC said. 

This new phishing campaign is targeting security experts across the globe

A new phishing campaign has been discovered targeting cybersecurity professionals and hacking aficionados with the idea of stealing their cryptocurrency and obtaining sensitive identity information. At the center of this attack is Flipper Zero – a portable multi-tool for pentesters, hackers and researchers. It can be used to explore any kind of access control systems, RFID, or radio protocols, Bluetooth, NFC, and similar. The tool started as a super successful Kickstarter project, but ran into numerous roadblocks in the production stage. As a result, the demand far outweighed the supply – creating a major opportunity for cybercriminals. Now, researchers have spotted multiple fake online stores selling Flipper Zero, as well as fake Twitter accounts promoting the shops. One of the accounts is using typosquatting to try and trick people (the “L” in Flipper is actually a capital “i”). These accounts are quite active, it was said, responding to customer queries relatively fast.

Biometrics – Making Security Simple

Do you hate passwords? Are you tired of constantly logging into new websites or can’t remember all of your complex passwords? Frustrated by having to generate new passwords for new accounts or having to change old passwords for existing accounts? We have good news for you. There is a solution called biometrics that helps make cybersecurity easier for you. Below we explain what biometrics are, how they make your life simpler and why you will start seeing more of them.

Coinbase vulnerable to drug trafficking, money laundering and fraud, regulators say

Coinbase is vulnerable to money laundering, drug trafficking and fraud, financial regulators in New York said Wednesday in a settlement that requires the cryptocurrency exchange to strengthen its security. New York’s Department of Financial Services (NYDFS) found that Coinbase has done a poor job at vetting new customers and examining transactions on the exchange to ensure they comply with state banking, cybersecurity and other rules. Under the settlement, the company will pay a $50 million penalty and agreed to spend another $50 million over the next two years to address shortcomings identified by the agency. 

Hundreds of WordPress sites infected by recently discovered backdoor

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It’s also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system.

Related Posts