AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/15/2022

Patch now: Adobe releases emergency fix for exploited Commerce,  Magento zero-day

Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm’s threat data, the security flaw is being weaponized “in very limited attacks targeting Adobe Commerce merchants.” Tracked as CVE-2022-24086, the vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible. The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a “product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.”


Marketing Firm Exposes Lead Data

Security researchers at Website Planet have discovered an unsecured Amazon S3 bucket containing the Personal Identifiable Information (PII) of millions of people. Inside the bucket were ten folders, containing around 6,000 files and totaling over 1GB of data. While most (approximately 99%) of the data belongs to American residents, some information relates to people living in Canada. In a blog post detailing the security failure, researchers claim that the unsecured bucket is the property of Beetle Eye–a marketing and CRM company which is based in Sarasota, Florida. “We know that Beetle Eye owns the misconfigured Amazon S3 bucket because of references to the company inside the bucket,” wrote the researchers. Beetle Eye’s clients include the Hilton Sandestin Beach, the Marigot Bay resort, Grand Junction Colorado and Miles Partnership. Researchers said the PII was publicly accessible to all internet users because the bucket had not been configured correctly. No password protection or encryption had been implemented to secure its contents. 


Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”


‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to deliver malware to anybody who downloaded them. It started last year, when Chaos launched a “redesigned” version of Harmony: a core framework project that most Cities: Skylines mods rely on to work. The author went on to similarly rework other popular mods, and he listed his Harmony redo as a core download: in other words, players would be forced to download it to get dependent mods to work.


These countries are the new hacking threats to fear as offensive campaigns escalate

The number of hostile nation-state hacking operations is rising as new countries invest in cyber-intrusion campaigns and existing state-backed attack groups take advantage of the rise in organisations adopting cloud applications. Crowdstrike’s 2022 Global Threat Report details how the cyber-threat landscape has evolved during the past year. One of those developments is the rise of new countries engaging in offensive cyber operations, including Turkey and Columbia. In accordance with Crowdstrike’s naming conventions, attacks by Turkish-linked groups are detailed as attacks by ‘Wolf’ while attacks by Columbian operations have been Dubbed ‘Ocelot’ – in a similar way to how cybersecurity researchers name Russian government-backed activity ‘Bear’ or Chinese hacking groups ‘Panda’.


Texas sues Meta’s Facebook over facial-recognition practices

The Texas attorney general’s office sued Meta’s (FB.O) Facebook on Monday, alleging that the social media giant violated state privacy protections with facial-recognition technology that collected the biometric data of millions of Texans without their consent. The lawsuit accuses Facebook of capturing biometric information from photos and videos that users uploaded without consent, disclosing the information to others and failing to destroy it within a reasonable time. “This is yet another example of Big Tech’s deceitful business practices and it must stop. I will continue to fight for Texans’ privacy and security,” Attorney General Ken Paxton said in a statement.

Related Posts