AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/14/2022

Roblox Game Pass store used to sell ransomware decryptor

A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service’s in-game Robux currency. Roblox is an online kids gaming platform where members can create their own games and monetize them by selling Game Passes, which provide in-game items, special access, or enhanced features. To pay for these Game Passes, members must purchase them using an in-game currency called Robux. Today, security researcher MalwareHunterTeam found a new ransomware named ‘WannaFriendMe’ that impersonates the notorious Ryuk Ransomware. However, in reality, it is a variant of the Chaos Ransomware.


New Jersey school district forced to cancel final exams amid ransomware recovery effort

Tenafly Public Schools in Bergen County, New Jersey is in the process of recovering from a ransomware attack that began on June 2. The school was forced to cancel final exams as they restore systems and address the incident, according to district communications manager Christine Corliss. Corliss told The Record that they initially noticed that their files were not able to be accessed normally last Thursday before cybersecurity experts were brought in to help. “It looked like our servers were not operating correctly, so they immediately shut everything down to isolate the incident and to begin investigating what was going on. Our servers were down and they needed to figure out why,” Corliss said. Cybersecurity experts discovered ransomware on their systems and pulled in the FBI as well as state officials and the school’s cyber insurance provider. 


Google suspends engineer who claims its AI is sentient

Google has placed one of its engineers on paid administrative leave for allegedly breaking its confidentiality policies after he grew concerned that an AI chatbot system had achieved sentience, the Washington Post reports. The engineer, Blake Lemoine, works for Google’s Responsible AI organization, and was testing whether its LaMDA model generates discriminatory language or hate speech. The engineer’s concerns reportedly grew out of convincing responses he saw the AI system generating about its rights and the ethics of robotics. In April he shared a document with executives titled “Is LaMDA Sentient?” containing a transcript of his conversations with the AI (after being placed on leave, Lemoine published the transcript via his Medium account), which he says shows it arguing “that it is sentient because it has feelings, emotions and subjective experience.”


PyPI package ‘keep’ mistakenly included a password stealer

PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions. For example, while most versions of ‘keep’ project use the legitimate Python module requests for making HTTP requests, ‘keep’ v.1.2 contains ‘request’ (without s) which is malware. BleepingComputer reached out to the authors of each of these packages to understand if this was caused by a mere typographical error,  self-sabotage, or by maintainer accounts getting hijacked. Some versions of PyPI packages, ‘keep,’ ‘pyanxdns,’ and ‘api-res-py’ were caught using a malicious dependency, ‘request,’.


Credentials for thousands of open source projects free for the taking—again!

A service that helps open source developers write and test software is leaking thousands of authentication tokens and other security-sensitive secrets. Many of these leaks allow hackers to access the private accounts of developers on Github, Docker, AWS, and other code repositories, security experts said in a new report. The availability of the third-party developer credentials from Travis CI has been an ongoing problem since at least 2015. At that time, security vulnerability service HackerOne reported that a Github account it used had been compromised when the service exposed an access token for one of the HackerOne developers. A similar leak presented itself again in 2019 and again last year.


Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month. Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that contained “protected health information,” the company revealed in a letter to affected clients on June 3. The attacker maintained unauthorized access for several hours, after which Kaiser terminated the activity “and promptly commenced an investigation to determine the scope of the incident,” according to the letter.

Related Posts