AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/28/2023

Android app from China executed 0-day exploit on millions of devices 

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed. The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access. No malicious versions were found in Play or Apple’s App Store. Last Monday, TechCrunch reported, Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere. TechCrunch reported the malicious apps available in third-party markets exploited several zero-days, which are vulnerabilities that are known or exploited before a vendor has a patch available. 

 

US Bars Agencies from Buying Spyware from Blacklisted Companies 

President Joseph Biden signed an executive order Monday banning government agencies from using commercial spyware produced by companies deemed to represented national security threats or implicated in human rights abuses. The move comes after the US determined that some 50 government personnel in 10 countries were confirmed or suspected to have been targeted by spyware, according to a senior administration official who spoke in a press briefing on Monday to announce the order. 

 

Twitter Says Source Code Leaked on GitHub, Files Subpoena 

Twitter is taking legal action after disclosing that an unknown user leaked parts of its source code on the open-source code collaboration platform GitHub. The social media giant on Monday requested a subpoena from the U.S. District Court for the Northern District of California asking GitHub to provide additional details about a user with the handle “FreeSpeechEnthusiast.” GitHub took down the proprietary source code for Twitter’s platform and internal tools last Friday after Twitter reported the intellectual property infringement issue to the code platform company under the Digital Millennium Copyright Act. 

 

US military needs 7th branch just for cyber, current and former leaders say 

A national association of current and former military digital security leaders is calling on Congress to establish a separate cyber service, arguing that the lack of one creates an “unnecessary risk” to U.S. national security. In a March 26 memorandum, the Military Cyber Professional Association urged lawmakers to establish a U.S. Cyber Force in this year’s annual defense policy bill. “For over a decade, each service has taken their own approach to providing United States Cyber Command forces to employ and the predictable results remain inconsistent readiness and effectiveness,” according to the group, which boasts around 3,700 members. 

 

India-based cybergang busted for selling fake KFC franchises 

Police in India announced late last week they arrested four individuals accused of running fake websites in which they sold fraudulent franchises, including for fast-food chicken restaurant, KFC. One businessman was scammed out of around $115,000 in exchange for the fake finger lickin’ good agreement. KFC was one of 28 companies the gang posed as. Tata, Herbal Ayurveda and Jockey were among the others. Several individuals alleged to be the perps were arrested by the Cyberabad police, cops said, after being tracked via their IP address and hauled to the tech-focused Madhapur suburban area from the Uttar Pradesh city of Noida. The cybergang had advertised their illicit goods on social media and YouTube. 

 

This new macOS malware is targeting iCloud Keychain to steal all your details 

Security experts have warned macOS users about a new piece of malware being advertised on the dark web that seeks to exfiltrate sensitive data, such as passwords(opens in new tab), cryptocurrency wallet information, and similar. Cybersecurity researchers from the Uptycs threat research team recently spotted a threat actor adveritsing their new product on the dark web, with the explicit aim of targeting macOS users.  The malware is being sold for $100, with the criminals claiming they’re offering such a competitive price because the product is still in early development stages and doesn’t have a builder or panel. 

Related Posts