AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/05/2022

Microsoft finds Raspberry Robin worm in hundreds of Windows networks

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command and control servers (C2) servers in early November [PDF], while Microsoft said it found malicious artifacts linked to this worm created in 2019. Redmond’s findings align with those of the Red Canary’s Detection Engineering team, which also detected this worm on the networks of multiple customers, some of them in the technology and manufacturing sectors.

 

British Army’s social media accounts hacked by crypto scammers

The British Army’s official Twitter, Facebook and YouTube accounts were breached on Sunday for almost four hours, with scammers promoting rip-off nonfungible token (NFT) collections and cryptocurrency scams. Just after 2:00 pm EST on Sunday, the United Kingdom Ministry of Defence (MOD) Press Office tweeted it was aware the Army’s social media accounts were compromised and had begun an investigation. Nearly four hours later, close to 5:45 pm EST, the Office provided an update that the account breaches were resolved. The British Army’s official Twitter account also apologized for the posts, saying it would conduct an investigation and “learn from this incident.”

 

Hackers Claim Theft of Police Info in China’s Largest Data Leak

Unknown hackers claimed to have stolen data on as many as a billion Chinese residents after breaching a Shanghai police database, in what industry experts are calling the largest cybersecurity breach in the country’s history. The person or group claiming the attack has offered to sell more than 23 terabytes of stolen data from the database, including names, addresses, birthplaces, national IDs, phone numbers and criminal case information, according to an anonymous post on an online cybercrime forum last week. The unidentified hacker was asking for 10 bitcoin, worth around $200,000.

 

Ukrainian police takes down phishing gang behind payments scam

Ukrainian police said they have arrested suspected members of a cyber-criminal gang conducting an EU payments phishing scheme. In a statement, Ukraine’s Cyber Police Department and the Kyiv-based Pechersk Police Department said the criminal group created and promoted roughly 400 phishing links to send to the county’s citizens. The links sent victims to malicious, fraudulent websites packaged up as European Union resource pages. The phishing group decided their scam would be disguised as an EU social security payments scheme that could be claimed by beleaguered Ukrainian residents who need financial help — but, of course, they had to first provide their bank card details.

 

Google updates Chrome to squash actively exploited WebRTC Zero Day

Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited. The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with real-time comms capabilities. Details of the flaw, number 1341043, are not currently detailed in the Chromium project bug log, and details of the CVE have not been published at the time of writing. But Google’s notification of a new browser version describes it as: “Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01.” The fix is installing Chrome 103.0.5060.114 for Windows and Chrome 103.0.5060.71 for Android, both of which will appear soon.

Related Posts