AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/21/2023

GoDaddy: Hackers stole source code, installed malware in multi-year breach 

Web hosting giant GoDaddy says unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company’s network for multiple years. “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the hosting firm said in an SEC filing. 

 

Responsible use of AI in the military? US publishes declaration outlining principles 

On Thursday, the US State Department issued a “Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy,” calling for ethical and responsible deployment of AI in military operations among nations that develop them. The document sets out 12 best practices for the development of military AI capabilities and emphasizes human accountability. The declaration coincides with the US taking part in an international summit on responsible use of military AI in The Hague, Netherlands. Reuters called the conference “the first of its kind.” At the summit, US Under Secretary of State for Arms Control Bonnie Jenkins said, “We invite all states to join us in implementing international norms, as it pertains to military development and use of AI” and autonomous weapons. 

 

Google Translate Helps BEC Groups Scam Companies in Any Language 

Business email compromise (BEC) attacks involve impersonating an executive or business partner in order to convince a corporate target to wire large sums of cash to an attacker-controlled bank account. Mounting a successful international version of this cyberattack typically requires a lot of effort and resources. Necessary steps include researching the target thoroughly enough to make phishing lures convincing and hiring native speakers to translate scams into multiple languages. But that’s all changing as threat groups avail themselves of free, online tools that take some of the legwork out of the process. 

 

Twitter will now charge for SMS two-factor authentication 

Four hours ago, Platformer’s Zoe Schiffer tweeted a scoop: Twitter would begin charging for SMS two-factor authentication. Now, it’s official: You have to pay for the privilege of using Twitter’s worst form of authentication. In fact, if you don’t start paying for Twitter Blue ($8 a month on Android; $11 a month on iOS) or switch your account to use a far more reliable authenticator app or physical security key, Twitter will simply turn off your 2FA after March 20th. 

 

FBI is investigating a cybersecurity incident on its network 

The U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency’s network. The federal law enforcement agency says it already contained the “isolated incident” and is working to uncover its scope and overall impact. “The FBI is aware of the incident and is working to gain additional information,” the U.S. domestic intelligence and security service told BleepingComputer. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.” 

 

Germany raises red flags about Palantir’s big data dragnet 

Britta Eder’s list of phone contacts is full of people the German state considers to be criminals. As a defense lawyer in Hamburg, her client list includes anti-fascists, people who campaign against nuclear power, and members of the PKK, a banned militant Kurdish nationalist organization. For her clients’ sake, she’s used to being cautious on the phone. “When I talk on the phone I always think, maybe I’m not alone,” she says. That self-consciousness even extends to phone calls with her mother. But when Hamburg passed new legislation in 2019 allowing police to use data analytics software built by the CIA-backed company Palantir, she feared she could be pulled further into the big data dragnet. A feature of Palantir’s Gotham platform allows police to map networks of phone contacts, placing people like Eder—who are connected to alleged criminals but are not criminals themselves—effectively under surveillance. 

Related Posts