AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/22/2023

Hacker tied to D.C. Health Link breach says attack ‘born out of Russian patriotism’

The data beach that has exposed sensitive health care information of nearly two dozen members of Congress and their families — putting them along with tens of thousands of Washington area residents at risk of identity theft and additional cyberattacks — is apparently the work of a patriotic Russian hacker seeking to inflict damage on U.S. politicians. In an online conversation with CyberScoop, the hacker who goes by the handle “Denfur” said the D.C. Health Link breach “was an idea born out of Russian patriotism.” Additionally, Denfur claimed that they and another persona known as “IntelBroker” who claimed responsibility for the attack previously focused on “the US and US politicians in attacks.” In this case, Denfur told CyberScoop, they targeted something in “the DC area and services that people in Congress/Senate would use.”

The Cure Tried to Stop Scalpers. Brokers Are Selling Entire Ticketmaster Accounts Instead

The steps The Cure has taken to prevent ticket scalping to its highly anticipated tour is seemingly inspiring elaborate workarounds for ticket brokers and hackers. “Aged” Ticketmaster accounts, which are accounts that are years old rather than freshly created and which are more likely to win presale codes from Ticketmaster, are being sold on hacking forums. And a popular and secretive paid forum for ticket brokers is requiring brokers to sell entire Ticketmaster accounts (with The Cure tickets in them) to each other to circumvent the band’s ban on reselling tickets above face value.

Ferrari confirms extortion attempt, but car maker refuses to pay ransom

Italian sports car maker Ferrari confirmed Monday that it was hit with a ransomware extortion attempt by an unknown threat actor in which customer names, addresses, email addresses, and telephone numbers were exposed. In a letter to customers — called the Ferrarista — the company was adamant that no payment details and/or bank account numbers or other sensitive payment information, nor details of Ferrari cars owned or ordered had been stolen. They also said the breach had no impact on the company’s operations. Ferrari said in a statement that it will not pay the ransom: “As a policy, Ferrari will not be held to ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.”

Unknown actors deploy malware to steal data in occupied regions of Ukraine

A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky. In a report published Tuesday, Kaspersky researchers detailed the infections, which use a PowerShell-based backdoor they’ve named “PowerMagic” and a previously unknown framework dubbed “CommonMagic” that can steal files from USB devices, take screenshots every three seconds, and send all of this data back to the attacker.

Google Bard is already writing phishing emails on day 1

The wait is finally over and some users have already had a chance to take Google’s ChatGPT competitor, Google Bard for a spin. While the search giant may have stumbled out of the gate with a factual error in a demo from back in February costing it $100 billion, Google has gone back to the drawing board and you can now join the waitlist to test out its AI chatbot for yourself. Just like how ChatGPT was abused to create its evil twin DAN, Google Bard has already been used for something it’s not intended for — creating phishing emails. The danger here is very real because hackers and other cybercriminals will likely end up abusing generative AI to make their attacks more convincing as well as more complex.

TikTok CEO plans rigorous defenses in Congress against claims the app is a US security threat

TikTok CEO Shou Chew will attempt to defend his company during a critical congressional hearing on Thursday in the face of mounting claims by the Biden administration — and many others in Washington and in state houses around the country — that its Chinese ownership poses a dangerous U.S. national security threat. “We have heard important concerns about the potential for unwanted foreign access to U.S. data and potential manipulation of the TikTok U.S. ecosystem,” Chew plans to tell Congress according to prepared remarks shared by the House Energy and Commerce Committee. “And our approach has never been to dismiss or trivialize those concerns — it’s been to address them with real action.”

Related Posts