AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/13/2023

Hyundai data breach exposes owner details in France and Italy 

Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy. Hyundai says they engaged IT experts in response to the incident, who have taken the impacted systems offline until additional security measures are implemented. 


Firefox rolls out Total Cookie Protection by default to more users worldwide 

Firefox is rolling out Total Cookie Protection by default to more Firefox users worldwide, making Firefox the most private and secure major browser available across Windows, Mac, Linux and Android. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. 


Apple is the online store of choice for phishing scams 

When it comes to tricking people into giving away sensitive data or downloading malware, cybercriminals will impersonate any brand that has a solid consumer base. But one company stands out in particular – Apple. This is according to cybersecurity researchers from AtlasVPN(opens in new tab), who analyzed data provided by Kaspersky and discovered that e-shop phishing scams accounted for almost half (42%) of all financial phishing cases last year.  Of that number, in almost two-thirds (60%) of cases, threat actors would impersonate Apple. Most often, hackers would create fake giveaways, pretending to offer new iPhone or new iMac devices in some sort of contest. 


DDoS alert traffic reaches record-breaking level of 436 petabits in one day 

Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites. “DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services,” said Richard Hummel, threat intelligence lead, NETSCOUT. “With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.” 


Legion: New hacktool steals credentials from misconfigured sites 

A new Python-based credential harvester and SMTP hijacking tool named ‘Legion’ is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the “Forza Tools” moniker and operate a YouTube channel with tutorials and a Telegram channel with over a thousand members. Legion is modular malware which, according to Cado, is likely based on the AndroxGhOst malware and features modules to perform SMTP server enumeration, remote code execution, exploit vulnerable Apache versions, brute-force cPanel and WebHost Manager accounts, interact with Shodan’s API, and abuse AWS services. 

Related Posts