AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/25/2023

US sanctions North Korean entities involved in cyberattacks and IT worker fraud

The U.S. Treasury Department on Tuesday announced new sanctions on four entities that employ thousands of North Korean IT workers who help illicitly finance the regime’s missile and weapons of mass destruction programs. North Korea maintains legions of “highly skilled” IT workers around the globe, primarily in China and Russia, who “generate revenue that contributes to its unlawful WMD and ballistic missile programs,” according to the department. While these people usually engage in IT work separate from malicious cyber activity, the agency said it has witnessed instances where they have provided support to that online effort through “privileged access to virtual currency firms.”


Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post details issues identified in Expo, a popular framework used by many online services to implement OAuth (as well as other functionality). The vulnerability in the expo-auth-session library warranted a CVE assignment – CVE-2023-28131. Expo created a hotfix within the day that automatically provided mitigation, but Expo recommends that customers update their deployment to deprecate this service to fully remove the risk (see the Expo security advisory on the topic).


Chinese hackers breach US critical infrastructure in stealthy attacks

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, an island hosting multiple military bases, since at least mid-2021. Their targets and breached entities span a wide range of critical sectors, including government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the Microsoft Threat Intelligence team said.


GUAC 0.1 Beta: Google’s Breakthrough Framework for Secure Software Supply Chains

Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines. GUAC aims to aggregate software security metadata from different sources into a graph database that maps out relationships between software, helping organizations determine how one piece of software affects another.


Apple alerted Pegasus spyware victims during first known use in a military conflict

Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries. The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked.

Related Posts