AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/14/2023

Leaker of U.S. secret documents worked on military base, friend says 

The man behind a massive leak of U.S. government secrets that has exposed spying on allies, revealed the grim prospects for Ukraine’s war with Russia and ignited diplomatic fires for the White House is a young, charismatic gun enthusiast who shared highly classified documents with a group of far-flung acquaintances searching for companionship amid the isolation of the pandemic. United by their mutual love of guns, military gear and God, the group of roughly two dozen — mostly men and boys — formed an invitation-only clubhouse in 2020 on Discord, an online platform popular with gamers. 


3CX blames North Korea for supply chain mass-hack 

Enterprise phone provider 3CX has confirmed that North Korea–backed hackers were behind last month’s supply chain attack that appeared to target cryptocurrency companies. 3CX, which provides online voice, video conferencing and messaging services for businesses, worked with cybersecurity company Mandiant to investigate the attack. Hackers compromised the company’s desktop phone software used by hundreds of thousands of organizations to plant information-stealing malware inside their customers’ corporate networks. Pierre Jourdan, chief information security officer at 3CX, said on Tuesday that their investigation confirms that hackers linked to the North Korean regime were behind the attack. 


Ex-employee password abuse: 10% log back in to ‘disrupt’ business, report 

Nearly half of 1,000 U.S. workers surveyed admitted to abusing credentials tied to a former employer after leaving the company. Deeply concerning is 10 percent did so with the intent to disrupt company activities. According to the study by website Password Manager, 47% of workers surveyed said they continued to access accounts such as email, software and digital tools related their past job. Password Manager also reported that 58% of respondents indicated that companies failed to change the passwords of past employees which allowed the ex-worker to maintain access to company resources. 


FBI arrests 21-year-old Air National Guardsman suspected of leaking classified documents 

Jack Teixeira, a 21-year-old member of the Massachusetts Air National Guard, was arrested by federal authorities Thursday in connection to the investigation of classified documents that were leaked on the internet. FBI agents took Teixeira into custody earlier Thursday afternoon “without incident,” Attorney General Merrick Garland announced in brief remarks at the Department of Justice, which has been conducting a criminal investigation into the matter. “Today, the Justice Department arrested Jack Douglas Teixeira in connection with an investigation into alleged unauthorized removal, retention and transmission of classified national defense information. Teixeira is an employee of the United States Air Force National Guard,” Garland said. 


New hacker advocacy group seeks to protect work of security researchers 

Every day, good-faith security researchers around the world face potential criminal prosecution for testing digital systems for flaws, reporting vulnerabilities and figuring out how to repair products. A new advocacy group, the Hacking Policy Council, launched on Thursday seeks to remedy that by advocating on behalf of researchers in support of laws that protect their work. While there has been great progress in supporting vulnerability disclosure and security research, the global community of white-hat hackers lacks a coordinated body to lobby on their behalf to address both forthcoming rules and ones already on the books that put them at risk, said Ilona Cohen, chief legal and chief policy council at HackerOne and member of the council. 


Hackers who breached Western Digital are now asking for a hefty ransom 

Cybercriminals who hacked into popular hard drive maker Western Digital earlier this month are now asking for a major payout to prevent leaking terabytes of data they stole in the attack. In early April, the vendor reported a “network security incident” in which threat actors breached “a number of the Company’s systems”. Other than that, it didn’t give any details, including who the threat actors were, how they got in, or if they stole any sensitive employee, client, or customer data.  

Related Posts