AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/16/2023

Airline exposes passenger info to others due to a ‘technical error’ 

airBaltic, Latvia’s flag carrier has acknowledged that a ‘technical error’ exposed reservation details of some of its passengers to other airBaltic passengers. Passengers also reported receiving unexpected emails which addressed them by the name of another customer. The Riga-based airline, incorporated as AS Air Baltic Corporation operates flights to 80 destinations and is 97% government-owned. Although the air carrier says the leak impacts a small percentage of its customers and that no financial or payment data was exposed, the airline has yet to disclose the total number of impacted passengers. 


New RA Group ransomware targets U.S. orgs in double-extortion attacks 

A new ransomware group named ‘RA Group’ is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The new ransomware operation started in April 2023, when they launched a data leak site on the dark web to publish victims’ details and stolen data, engaging in the typical ‘double-extortion’ tactic used by most ransomware gangs. While the extortion portal was launched on April 22nd, 2023, the first batch of victimized organizations was published on April 27th, including sample files, a description of the type of content that was stolen, and links to stolen data. 


Philadelphia Inquirer operations disrupted after cyberattack 

The Philadelphia Inquirer daily newspaper is working on restoring systems impacted by what was described as a cyberattack that hit its network over the weekend. The attack also disrupted operations, with newspaper circulation halting while Inquirer.com is only slightly affected, with publishing and updating stories being impacted by intermittent delays. “The incident was the greatest publication disruption to Pennsylvania’s largest news organization since the blizzard of Jan. 7-8, 1996, and it came just days before Tuesday’s mayoral primary election,” the Inquirer’s Jonathan Lai said. 


Microsoft is scanning the inside of password-protected zip files for malware 

Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday. Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code. 


PharMerica Discloses Data Breach Impacting 5.8 Million Individuals 

Owned by BrightSpring Health, a provider of home and community-based health services, PharMerica operates over 2,500 facilities across the US and offers more than 3,100 pharmacy and healthcare programs. On Friday, PharMerica informed the Maine Attorney General’s Office that the personal information of more than 5.8 million individuals was compromised after an unauthorized party accessed its computer systems in March. The data breach, the company says in notification letters sent to the impacted individuals, occurred between March 12 and March 13. Personal information compromised during the incident includes names, addresses, birth dates, Social Security numbers, health insurance, and medication information. 


WhatsApp Rolls Out Conversation Lock Feature, Supports Device Biometrics 

Popular instant messaging platform WhatsApp started rolling out a much-needed privacy feature that lets users better protect their privacy by locking specific conversations. The feature, dubbed Chat Lock, will allow users to move sensitive conversations into a new, private folder and secure them with a password or their device’s biometrics. Aside from containing chats within a locked folder, Chat Lock can also obfuscate users’ details in notifications, preventing snoops from casually eavesdropping while people use their phones. “Locking a chat takes that thread out of your inbox and puts it behind its own folder that can only be accessed with your device’s password or biometric, like a fingerprint,” Meta’s announcement reads. 

Related Posts