AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/27/2023

TELUS investigating leak of stolen source code, employee data 

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company. TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.  


News Corp says state hackers were on its network for two years 

Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, while the threat actors had access to an email and document storage system used by several News Corp businesses. 


Stanford University discloses data breach affecting PhD applicants 

Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization. 


Hackers Deface Russian Websites on Ukraine Invasion Anniversary 

Hackers hacked and defaced at least 32 Russian websites and uploaded a video showing the Kremlin on Fire. The incident happened on the anniversary of the Ukraine invasion. The exact number of defaced websites is still unknown; it is also unclear how the hackers defaced them. A group of hackers going by the online handle of “CH01” took responsibility for the attack, stating that it was to show solidarity with the “entire civilized world, in order to restore justice and the triumph of the forces of light and goodness.” 


Secret crawlspace cryptomine discovered in routine inspection of MA high school 

After a former town employee of Cohasset, Massachusetts, was accused of stealing thousands of dollars in electricity from a local middle/high school to operate a secret cryptocurrency mine in a seemingly overlooked crawlspace, police grew concerned when the suspect missed a court date and couldn’t be located. A warrant was then issued for the accused, 39-year-old Nadeam Nahas, who resigned his position at the Town of Cohasset last year, police said. That warrant got quickly pulled, though, after Nahas appeared in court today, Cohasset Police Department (CPD) communications specialist Justin Shrair told Ars. 


EU bans TikTok on government phones as national security concerns grow from Western lawmakers. TikTok says it feels blindsided by the lack of ‘due process.’ 

The European Commission banned TikTok from staff phones over cybersecurity concerns, Reuters reported. TikTok, which is owned by the Chinese firm ByteDance, accused the EU of not consulting with it before making the move. “So we are really operating under a cloud. And the lack of transparency and the lack of due process. Quite frankly one would expect, you know, some sort of engagement on this matter,” Caroline Greer, TikTok’s director of public policy and government relations, told Reuters. The company did not respond to Insider’s request for comment. 


ChromeLoader campaign lures with malicious VHDs for popular games 

Security researchers have noticed that the operators of the ChromeLoader browser hijacking and adware campaign are now using VHD files named after popular games. Previously, such campaigns relied on ISO-based distribution. The malicious files were discovered by member of the Ahnlab Security Emergency Response Center (ASEC) through Google search results to queries for popular games. Among the game titles abused for adware distribution purposes are Elden Ring, ROBLOX, Dark Souls 3, Red Dead Redemption 2, Need for Speed, Call of Duty, Portal 2, Minecraft, Legend of Zelda, Pokemon, Mario Kart, Animal Crossing, and more. 


German minister warns of ‘massive’ danger from Russian hackers 

Germany’s interior minister has warned of a “massive danger” facing Germany from Russian sabotage, disinformation and spying attacks. Nancy Faeser said Vladimir Putin was putting huge resources into cyber-attacks as a key part of his war of aggression. “The cybersecurity concerns have been exacerbated by the war. The attacks of pro-Russia hackers have increased,” she said in an interview with the news network Funke Mediengruppe published on Sunday. 

Related Posts