AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/10/2023

Bitwarden flaw can let hackers steal passwords using iframes 

Bitwarden’s credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people’s credentials and send them to an attacker. The issue was reported by analysts at Flashpoint, who said Bitwarden first learned of the problem in 2018 but chose to allow it to accommodate legitimate sites that use iframes. Although the auto-fill feature is disabled on Bitwarden by default, and the conditions to exploit it aren’t abundant, Flashpoint says there are still websites that meet the requirements where motivated threat actors can attempt to exploit these flaws. 


‘Indirect prompt injection’ attacks could upend chatbots 

ChatGPT’s explosive growth has been breathtaking. Barely two months after its introduction last fall, 100 million users had tapped into the AI chatbot’s ability to engage in playful banter, argue politics, generate compelling essays and write poetry. “In 20 years following the internet space, we cannot recall a faster ramp in a consumer internet app,” analysts at UBS investment bank declared earlier this year. 


This Scam Is Making Payday Loans Even Worse 

Payday loan companies have been available for many years, providing mostly low-income people or families who are in financial need fast money—but with extremely high interest rates. The practice is so questionable that 16 states banned the predatory practice, according to Consumer Federation of America. However, people who use these bad-faith services have yet another thing to worry about besides falling into more debt: They are being targeted by scammers. According to a recent study from the Better Business Bureau, scammers and illegitimate companies are bringing in millions of dollars a year from consumers who use payday loan services, despite efforts from authorities to stop it. These fraudsters steal the personal information from payday loan companies’ customers and use it against them to scam them out of money—totaling $4.1 million lost so far, and counting. 


WhatsApp: Rather be blocked in UK than weaken security 

WhatsApp says it would rather be blocked in the UK than undermine its encrypted-messaging system, if required to do so under the Online Safety Bill. Its head, Will Cathcart, said it would refuse to comply if asked to weaken the privacy of encrypted messages. The app Signal previously said it could stop providing services in the UK if the bill required it to scan messages. The government has said it is possible to have both privacy and child safety. WhatsApp is the most popular messaging platform in the UK, used by more than seven in 10 adults who are online, according to communication regulator Ofcom. 


AT&T alerts 9 million customers of data breach after vendor hack 

AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer. “The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.” 


Who’s Behind the NetWire Remote Access Trojan? 

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years. 


Related Posts