AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/07/2023

Thousands of Websites Hijacked Using Compromised FTP Credentials 

Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. Likely ongoing since September 2022, the campaign has resulted in the compromise of at least 10,000 websites, many owned by small companies and some operated by large corporations. Differences in hosting providers and tech stacks make it difficult to pinpoint a common entry point, Wiz says. 

 

Huawei under suspicion of tracking and spying on visitors at its MWC 2023 booth 

The Chinese manufacturing company Huawei is now under suspicion for allegedly tracking visitors at its booth at the Mobile World Congress (MWC) 2023. The MWC is a major tech event, and this year it was held in Barcelona. Many companies including Google, showcased their upcoming features and products at the event. While the company booth seemed to attract a lot of attention, there were reports that Huawei had hidden trackers inside the security badges called the “Huawei Pass.” The passes included a lanyard, badge, and a plastic container, and had to be returned at the company booth by their owners. However, some visitors forgot to do so and found the badge rather suspicious. 

 

Life Hacker Creates ‘Camera-Shy Hoodie’ That Uses High-Power IR LEDs to Blind Surveillance Cameras 

Life hacker Mac Pierce created the ‘Camera-Shy Hoodie’, a wearable adversarial garment that uses high-power infrared LEDs to blind surveillance cameras. These lights are embedded in the hoodie itself and utilize the. same wavelength of infrared commonly used by security cameras in night vision mode. Life hacker Mac Pierce created the ‘Camera-Shy Hoodie’, a wearable adversarial garment that uses high-power infrared LEDs to blind surveillance cameras. These lights are embedded in the hoodie itself and utilize the. same wavelength of infrared commonly used by security cameras in night vision mode. 

 

Brazilian Conglomerate Suffers 3TB Data Breach 

Hackers have stolen several terabytes of corporate and employee information from controversial Brazilian multi-national Andrade Gutierrez, in a raid the firm reportedly still hasn’t acknowledged. The Belo Horizonte-headquartered giant is one of the largest engineering firms in Latin America, responsible for major projects in infrastructure, energy, oil and gas, and transport across the region. However, a hacking group known as the “Dark Angels” claims to have stolen 3TB of emails and corporate information – including names, email addresses, passport details, payment info, tax ID numbers and health insurance information on over 10,000 employees, according to The Brazilian Report. 

 

Vulnerability in DJI drones may reveal pilot’s location 

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both the drone and its pilot. In special attack scenarios, the drones could even be brought down remotely in flight. 

Related Posts