AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/10/2023

Can Generative AI Be Trusted to Fix Your Code? 

Organizations worldwide are in a race to adopt AI technologies into their cybersecurity programs and tools. A majority (65%) of developers use or plan on using AI in testing efforts in the next three years. There are many security applications that will benefit from generative AI, but is fixing code one of them? For many DevSecOps teams, generative AI represents the holy grail for clearing their increasing vulnerability backlogs.  


MOVEit Transfer customers warned to patch new critical flaw 

MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe vulnerabilities. SQL injection vulnerabilities allow attackers to craft special queries to gain access to a database or tamper with it by executing code. For these attacks to be possible, the target application must suffer from a lack of appropriate input/output data sanitization. Progress, the developer of MOVEit Transfer, discovered multiple SQL injection problems in their product that include a critical one tracked as CVE-2023-36934, which can be exploited without user authentication. 


Chinese Spyware Discovered on Google Play Store 

Two spyware applications posing as file management tools have been discovered on the Google Play Store with a total of at least 1.5 million installs. The apps, attributed to the same developer and discovered by cybersecurity firm Pradeo, exhibit similar malicious behaviors and operate without user interaction. Their main objective is to covertly extract and transmit sensitive user data to malicious servers based in China. The findings were reported to GoogleOne of the spyware applications falsely claimed on its Google Play Store profile that it does not collect user data. 


Robots say they have no plans to steal jobs or rebel against humans 

Robots have no plans to steal the jobs of humans or rebel against their creators, but would like to make the world their playground, nine of the most advanced humanoid robots have told an artificial intelligence summit in Geneva. In what was described as “the world’s first human-robot press conference”, one robot, Sophia, said humanoid robots had the potential to lead with “a greater level of efficiency and effectiveness than human leaders” but that “effective synergy” came when humans and AI worked together. “AI can provide unbiased data while humans can provide the emotional intelligence and creativity to make the best decisions. Together, we can achieve great things,” it said. 


Former Contractor Employee Charged for Hacking California Water Treatment Facility 

A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software. The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents.  


Advanced Vishing Attack Campaign “LetsCall” Targets Andriod Users 

The rise of Vishing (voice or VoIP phishing) has impacted consumers’ trust in unidentified callers. Usually, calls from bank employees or salespeople are common, but what if a fraudster makes the call? According to a report from ThreatFabric, published on 7 July 2023, vishing attacks have become much more sophisticated lately. In a newly detected muli-stage vishing campaign attackers are using an advanced toolset dubbed LetsCall, featuring strong evasion tactics. LetsCall is targeting users in South Korea, but considering how sophisticated it is, ThreatFabric researchers believe attackers can expand this campaign to European Union countries. What makes it unique is that it is a “ready-to-use framework, which any threat actor could use.” 


Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation 

In a breakthrough against cybercrime, authorities have apprehended a suspected senior member of the notorious cybercriminal organization known as OPERA1ER. The arrest, which occurred in Côte d’Ivoire, a country in West Africa, marks a significant blow to the group’s criminal activities that have targeted financial institutions and mobile banking services across Africa, Asia, and Latin America. The international operation, codenamed Nervone, was conducted in collaboration between INTERPOL, AFRIPOL, Group-IB, and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT). 


Charming Kitten hackers use new ‘NokNok’ malware for macOS 

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. The campaign started in May and relies on a different infection chain than previously observed, with LNK files deploying the payloads instead of the typical malicious Word documents seen in past attacks from the group. Charming Kitten is also known as APT42 or Phosphorus and has launched at least 30 operations in 14 countries since 2015, according to according to Mandiant. 

Related Posts