AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/02/2023

Streaming service Plex unaware ‘of any unpatched vulnerabilities’ following LastPass report 

The streaming service Plex defended the security of its software on Wednesday following a claim that it was exploited in an attack on password manager LastPass. Plex’s comments came after LastPass revealed Tuesday that an intruder had leveraged a “vulnerable third-party media software package” to gain access to an engineer’s home computer in August 2022. After compromising the engineer’s home computer, the attacker was able to access corporate backups of customers’ sensitive information stored in an encrypted format, LastPass said. Ars Technica reported that the third-party media software package was Plex, citing a person briefed by LastPass. The report noted that the video streaming company disclosed that it had been hacked during August 2022. 


VW wouldn’t help locate car with abducted child because GPS subscription expired 

A sheriff’s office in Illinois said it was initially thwarted from tracking a stolen car with a 2-year-old boy inside when Volkswagen’s Car-Net service refused to provide access to the tracking system because the car’s subscription had expired. “While searching for the stolen vehicle and endangered child, sheriff’s detectives immediately called Volkswagen Car-Net, in an attempt to track the vehicle,” the Lake County sheriff’s office said in a statement posted on Facebook about the incident on February 23. “Unfortunately, there was a delay, as Volkswagen Car-Net would not track the vehicle with the abducted child until they received payment to reactivate the tracking device in the stolen Volkswagen.” Volkswagen Car-Net lets owners track and control their vehicles remotely. According to a Chicago Sun-Times article, “the Car-Net trial period had ended, and a representative wanted $150 to restart the service and locate the SUV.” 


Several Law Firms Targeted in Malware Attacks 

In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns, cybersecurity firm eSentire reports. Targeting law firm employees, the first campaign aimed to infect victims’ devices with GootLoader, a malware family known for downloading the GootKit remote access trojan (RAT), REvil ransomware, or the Cobalt Strike implant. According to eSentire, the attacks appear focused on espionage and exfiltration activities, given that none of the observed GootLoader infections in 2022 deployed ransomware. For initial access, the attackers relied on search engine optimization (SEO) poisoning, adding blog posts to a compromised legitimate WordPress website. 


Digital Spring Cleaning in 7 Simple Steps 

We often hear of the term spring cleaning,” the time of year when we go through our belongings and organize our house and lives in preparation for the upcoming summer. This is also the perfect time to take an annual review of your digital life. The following seven simple steps, taken once a year, will go a long way toward ensuring you can make the most of technology, safely and securely. 


Biden’s national cybersecurity strategy advocates tech regulation, software liability reform 

The Biden administration’s national cybersecurity strategy seeks to impose minimum security standards for critical infrastructure and to shift the responsibility for maintaining the security of computer systems away from consumers and small businesses onto larger software makers. Released Thursday, the White House’s long-awaited strategy for improving the security of computer systems represents a shift in how Washington approaches cybersecurity, veering from the government’s long-standing emphasis on information sharing and collaboration toward a more strictly regulated approach. 


BlackLotus UEFI bootkit disables Windows security mechanisms 

ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. The functionality of the bootkit and its features make researchers believe that it is a threat known as BlackLotus. This UEFI bootkit has been sold on hacking forums for $5,000 since at least October 2022. IT can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. 

Related Posts