AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/28/2022

LGBTQ+ community warned of extortionists abusing dating apps

The U.S. Federal Trade Commission (FTC) has warned this week of extortion scammers targeting the LGBTQ+ community by abusing online dating apps like Grindr and Feeld. According to the FTC, the criminals pose as potential romantic partners on LGBTQ+ dating apps, sending explicit photos to their targets and asking them to reciprocate. If they fall for it, the victims get blackmailed into paying a ransom, usually in untraceable gift cards, under the threat of having sexual imagery they shared with the scammers leaked to their family, friends, or employers. Some scammers may also tell victims the names of those they will reach out to if the ransom is not paid or threaten to out those still “closeted.”


LockBit 3.0 introduces the first ransomware bug bounty program

The LockBit ransomware operation has released ‘LockBit 3.0,’ introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for 40% of all known ransomware attacks in May 2022. Over the weekend, the cybercrime gang released a revamped ransomware-as-a-service (RaaS) operation called LockBit 3.0 after beta testing for the past two months, with the new version already used in attacks. While it is unclear what technical changes were made to the encryptor, the ransom notes are no longer named ‘Restore-My-Files.txt’ and instead have moved to the naming format, [id].README.txt, as shown below.


Russian hacking group takes credit for wide-ranging cyberattack on Lithuania

A hacking group aligned with the Russian government took credit for a large cyberattack on several government institutions in Lithuania on Monday. The country’s defense minister and National Cyber Security Centre released a statement saying the hackers had used distributed denial-of-service attacks to target the State Tax Inspectorate, Migration Department and a secure national data network among a host of other state entities. The agencies were forced to shut down operations for several hours before service returned. The attack comes days after Lithuanian officials refused to allow steel, coal and other metals to be transported through the country to Kaliningrad due to European Union sanctions.


OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. Security researcher Guido Vranken, who reported the bug at the end of May, said it “can be triggered trivially by an attacker.” Although the shortcoming has been fixed, no patches have been made available as yet. OpenSSL is a popular cryptography library that offers an open source implementation of the Transport Layer Security (TLS) protocol. Advanced Vector Extensions (AVX) are extensions to the x86 instruction set architecture for microprocessors from Intel and AMD. “I do not think this is a security vulnerability,” Tomáš Mráz of the OpenSSL Foundation said in a GitHub issue thread. “It is just a serious bug making the 3.0.4 release unusable on AVX-512 capable machines.”


Adversarial machine learning explained: How attackers disrupt AI and ML systems

As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in May stated that of more than 7,500 global businesses, 35% of companies are already using AI, up 13% from last year, while another 42% are exploring it. However, almost 20% of companies say that they were having difficulties securing data and that it is slowing down AI adoption. In a survey conducted last spring by Gartner, security concerns were a top obstacle to adopting AI, tied for first place with the complexity of integrating AI solutions into existing infrastructure.


Over 900,000 Kubernetes instances found exposed online

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Kubernetes is a highly versatile open-source container orchestration system for hosting online services and managing containerized workloads via a uniform API interface. It enjoys massive adoption and growth rates thanks to its scalability, flexibility in multi-cloud environments, portability, cost, app development, and system deployment time reductions. However, if Kubernetes isn’t configured properly, remote actors might be able to access internal resources and private assets that weren’t meant to be made public.

Related Posts