AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/03/2022

Hackers steal WhatsApp accounts using call forwarding trick

There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list. The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call. Rahul Sasi, the founder and CEO of digital risk protection company CloudSEK, posted some details about the method saying that it is used to hack WhatsApp account. BleepingComputer tested and found that the method works, albeit with some caveats that a sufficiently skilled attacker could overcome.


FBI seizes domains tied to stolen records, DDoS services

The FBI and Justice Department said Tuesday they had seized the domain of a search engine service that claimed to offer users the ability to scour billions of records of personal data from more than 10,000 data breaches, effectively shutting down the criminal operation. The site, weleakinfo.to, offered a subscription service where customers could access personal information leaked in data breaches, including names, email addresses, usernames, phone numbers and passwords for online accounts. Such information is valuable to cybercriminals looking to commit identity fraud and financial crimes.


Twice as Many Healthcare Organizations Now Pay Ransom

Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31 countries. It revealed that two-thirds of HCOs were hit by ransomware last year, up from just a third in 2020. Sophos claimed this surge was down to the popularity of ransomware-as-a-service on the cybercrime underground. However, it could also be a result of the increased willingness of HCOs to pay their attackers. Some 61% paid a ransom in 2021, up from just 34% a year previously. Sophos claimed that the high cost of remediation, and the impact of operational outages, coupled with the increased sophistication of attacks on the sector could explain this jump. Just 2% of respondents paid a ransom and got all their data back.


US military hackers have carried out attacks to help Ukraine

The Russia – Ukraine conflict has two separate fronts – the physical, and the digital one, and while the United States may not be involved on the physical side of things – they’re very much involved in the digital realm.  Speaking to Sky News in the Estonian capital Talinn, the head of US Cyber Command, also the director of the National Security Agency (NSA), General Paul Nakasone said the US has been conducting offensive operations in support of Ukraine, starting almost three months before the actual invasion. Such operations are in support of Ukraine, as its tactical ally against Russia, but that’s not the US’ primary target.


Atlassian Confluence Servers Hacked via Zero-Day Vulnerability

Atlassian customers have been warned that hackers are exploiting a Confluence Server zero-day vulnerability. The flaw is currently unpatched and it appears to have been exploited by multiple threat groups. According to Atlassian, Confluence Server and Data Center are affected by a critical vulnerability that can be exploited by an unauthenticated attacker for remote code execution. The vendor warned in an advisory published on Thursday that the security hole, tracked as CVE-2022-26134, has been exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. Users can also reduce the risk of attacks by using a firewall to block URLs containing “${“. Atlassian expects fixes to become available by the end of the day on Friday, June 3.

Related Posts