AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/14/2022

1 – Extortion scheme impersonates government officials, law enforcement

The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcement agencies. The scam starts off either as a call from the “police” or a text message from a “government agency”. The content of the calls and text messages vary, but they are all bogus. In the case of phonecalls, victims are either informed that their identities have been used in a crime, such as drug dealing or money laundering, or told they missed jury duty. The victim is then pressed to verify their identity using their social security number (SSN) or date of birth (DOB). If the victim resists, they are threatened with fines, arrest and imprisonment.


2 – Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools

Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised. In one such instance, we observed a threat actor offering a distributed denial-of-service (DDoS) tool on Telegram intended to be used against Russian websites. The downloaded file is actually an information stealer that infects the unwitting victim with malware designed to dump credentials and cryptocurrency-related information.


3 – ‘Not the time to go poking around’: How former U.S. hackers view dealing with Russia

The CIA and NSA have spent years burrowing into Russia’s critical computer networks to collect intelligence — and acquire access that President Joe Biden could seize on to order destructive cyberattacks on Vladimir Putin’s regime. But for now, the United States’ most likely approach is to tread slowly and carefully toward any cyber conflict with Russia, three experts with experience in U.S. hacking operations told POLITICO — while hoping the Russians do the same. Fears of cyber warfare between the two former Cold War rivals have become a recurring concern amid Russia’s invasion of Ukraine, prompting Biden to warn that he would “respond the same way” to any hostile hacking from Moscow against the United States. But people with experience in U.S. cyber strategy say neither side is likely to leap to destructive attacks as a first move — and any hard punch would be preceded by warnings and signals.


4 – Multiple Security Flaws Discovered in Popular Software Package Managers

Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected package managers. “This means that an attack cannot be launched directly against a developer machine from remote and requires that the developer is tricked into loading malformed files,” SonarSource researcher Paul Gerste said. “But can you always know and trust the owners of all packages that you use from the internet or company-internal repositories?”


5 – Ubisoft reveals ‘security incident’ forcing company-wide password refresh

Ubisoft has confirmed a recent “cybersecurity incident” but insists it has not led to user data theft or exposure. The gaming giant, headquartered in Montreuil, France, said on March 10 that the incident took place earlier this month, causing “temporary disruption to some of our games, systems, and services.” Ubisoft’s IT team is currently working with cybersecurity experts to investigate the situation and, as of now, has decided to initiate a company-wide password reset. However, no further security measures or changes have been made public.  Furthermore, the company says that games and services are now working properly, and there is no evidence, at present, of “any player personal information [being] accessed or exposed as a by-product of this incident.”

Related Posts