AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/22/2022

Lapsus$ hackers leak 37GB of Microsoft’s alleged source code

The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server. Early Sunday morning, the Lapsus$ gang posted a screenshot to their Telegram channel indicating that they hacked Microsoft’s Azure DevOps server containing source code for Bing, Cortana, and various other internal projects. Monday night, the hacking group posted a torrent for a 9 GB 7zip archive containing the source code of over 250 projects that they say belong to Microsoft.

 

Okta confirms investigation into potential breach

Okta, a major Single Sign-On provider that allows people to use one account to log into multiple digital services, confirmed to The Record Tuesday it is investigating a potential breach after the Lapsus$ cybercrime gang claimed access to its systems. “Okta is aware of the reports and is currently investigating,” Okta senior communications manager Chris Hollis told The Record via email. “We will provide updates as more information becomes available.” Reuters previously confirmed the investigation. Reuters first confirmed the investigation. Lapsus$ is a recently emerging threat actor that has been linked to attacks on elements of digital infrastructure, including chipmaker NVIDIA, in its chaotic run so far. If verified, an attack on Okta would represent a major attack on digital supply chains.  Securing digital supply chains has been a major focus for the U.S. Cybersecurity and Infrastructure Agency (CISA) in recent years. 

 

New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems

Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system. “The active exploitation of all the discovered vulnerabilities can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement,” firmware security company Binarly, which discovered the latter three flaws, said in a write-up.

 

Franchises, partnerships emerge in Ransomware-as-a-Service operations

Over the past year, many ‘franchise’ deals and new partnerships have emerged in the Ransomware-as-a-Service (RaaS) industry. RaaS has arguably become one of the most prolific and dangerous threats to enterprise security today. Cybercriminals have worked out that they can make serious profits from leasing out their ransomware creations, and especially if it is used against large companies able to pay high ‘ransom’ payments to have their data decrypted after a successful infection. Furthermore, the industry has evolved over recent years to also include other roles — malware developers, native speakers of a language able to manage negotiations, and Initial Access Brokers (IABs) who offer network access to a target system, thereby speeding up RaaS operations. 

 

Over 40,000 London Voters Have Data Leaked to Strangers

Tens of thousands of London residents have had their personal details accidentally leaked by their council after emails were sent to the wrong recipients. The electoral services department of Wandsworth Council in the south-west of the capital sent out the routine emails to registered voters at the end of last week. They were intended to clarify changes to electoral ward boundaries ahead of upcoming local elections. However, 43,000 voters – representing around 13% of local residents – received names, addresses and voting instructions for people other than those in their household. An initial emailed apology said merely that “there was a problem with the data merge” and that no electoral fraud could result. A follow-up message asked the recipient to delete the erroneously sent email and explained that any of the information accidentally leaked was in any case available on a public electoral register.

Related Posts