AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/09/2023

Dridex malware pops back up and turns its attention to macOS

A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.The first sample of this latest variant appeared on Virus Total in 2019, but detections started to rise a year later and peaked in December 2022, according to threat researchers at Trend Micro. However, while the Dridex variant has macOS systems in its sights, the malicious payload it delivers is a Microsoft exe file, which won’t run in a MacOS environment. “It is possible that the variant we analyzed is still in the testing stages and has not yet been fully converted to work in MacOS-based machines,” Trend Micro threats analyst Armando Nathaniel Pedragoza writes in a report.

 

The FCC Wants to Make Telecom Carriers Disclose Hacks Sooner

The days of finding out about a data breach impacting your personal data months after the fact may soon become a thing of the past—at least when it comes to hacks affecting telecom carriers. The Federal Communications Commission has proposed a new rule, requiring phone and internet providers to notify customers of breaches much more quickly. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” said FCC Chair Jessica Rosenworcel in a press statement. Though state laws, like those in California, have more current and stringent standards, the pre-existing federal rule is 15 years old, and likely in dire need of updating.

 

Chick-fil-A investigates reports of hacked customer accounts

American fast-food restaurant chain Chick-fil-A is investigating what it described as “suspicious activity” linked to some of its customers’ accounts. “We are investigating suspicious activity on some customer accounts,” the company said in an alert displayed on its official website on Friday and first spotted by security researcher Dominic Alvieri. “We are committed to protecting customers’ data and are working quickly to resolve the issue.”

 

ChatGPT is enabling script kiddies to write functional malware

Since its beta launch in November, AI chatbot ChatGPT has been used for a wide range of tasks, including writing poetry, technical papers, novels, and essays, planning parties, and learning about new topics. Now we can add malware development and the pursuit of other types of cybercrime to the list. Researchers at security firm Check Point Research reported Friday that within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.

 

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called ANDROMEDA (aka Gamarue) that was uploaded to VirusTotal in 2013.

 

Ferrari, BMW, Rolls Royce, Porsche and more fix vulnerabilities giving car takeover capabilities

Several of the biggest car brands in the world have fixed dozens of vulnerabilities, some of which could have allowed for the full takeover of vehicles, according to a team of security researchers. The bugs were found in Mercedes-Benz, BMW, Rolls Royce, Ferrari, Ford, Porsche, Toyota, Jaguar and Land Rover vehicles, as well as GPS tracking company Spireon and digital license plate company Reviver. The findings build on issues discovered in November by Yuga Labs staff security engineer Sam Curry, who drew attention two months ago for finding vulnerabilities in Hyundai and Genesis vehicles as well as issues related to SiriusXM that affected Nissan, Infiniti, Honda and Acura vehicles.

 

Russian hackers targeted U.S. nuclear scientists

A Russian hacking team known as Cold River targeted three nuclear research laboratories in the United States this past summer, according to internet records reviewed by Reuters and five cyber security experts. Between August and September, as President Vladimir Putin indicated Russia would be willing to use nuclear weapons to defend its territory, Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according to internet records that showed the hackers creating fake login pages for each institution and emailing nuclear scientists in a bid to make them reveal their passwords.

Related Posts