AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/18/2023

JumpCloud says nation-state hackers breached its systems

Identity and access management firm JumpCloud says it reset customers’ API keys after nation-state hackers breached its systems. JumpCloud, a directory platform that allows enterprises to authenticate, authorize, and manage users and devices, last week told customers that it had reset their API keys “out of an abundance of caution” due to an ongoing, but unspecified security incident. In a post-mortem of the incident published, JumpCloud said it determined that a nation-state actor gained unauthorized access to its systems and targeted a “small and specific” set of customers. Jumpcloud hasn’t named the state-backed group but said the threat actor is “sophisticated… with advanced capabilities.”


CISA Develops Factsheet for Free Tools for Cloud Environments

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.


Ukraine’s CERT-UA Exposes Gamaredon’s Rapid Data Theft Methods

The Ukrainian government’s Computer Emergency Response Team (CERT-UA) has recently unveiled the rapid data theft methods of the APT known as UAC-0010 (aka Armageddon, Gamaredon). Writing in a new advisory (in Ukrainian) published on July 13, 2023, CERT-UA said Gamaredon comprises former Ukrainian Security Service (SBU) officers in Crimea, who defected in 2014 and started serving the Russian FSB. Gamaredon’s primary aim is cyber espionage against Ukraine’s security forces, with evidence of destructive actions on information infrastructure targets. The group mainly infects government computers, particularly within communication systems, often using compromised accounts and various tactics such as emails and Telegram, WhatsApp and Signal messages.


Charity wants AI summit to address child sexual abuse imagery

A leading children’s charity is calling on Prime Minister Rishi Sunak to tackle AI-generated child sexual abuse imagery, when the UK hosts the first global summit on AI safety this autumn. The Internet Watch Foundation (IWF) removes abuse content from the web and says AI images are on the rise. Last month, the IWF began logging AI images for the first time. It discovered predators around the world sharing galleries of sometimes photo-realistic pictures.


Critical ColdFusion flaws exploited in attacks to drop webshells

Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers. The active exploitation was seen by researchers at Rapid7, which says threat actors are chaining together exploits for an access control bypass vulnerability (CVE-2023-29298) and what appears to be CVE-2023-38203, a critical remote code execution vulnerability.


Meta faces a $100,000 daily fine if it doesn’t fix privacy issues in Norway

Meta’s practice of tracking Instagram and Facebook users violates their privacy, Norway’s data protection regulator said in a press release today. If the company doesn’t take remedial action, it will be fined one million crowns ($100,000) per day from August 4th until November 3rd. “It is so clear that this is illegal that we need to intervene now and immediately,” said Tobias Judin, head of Norway’s privacy commission, Datatilsynet. 


Biden administration announces new labels to help consumers buy gadgets that are less vulnerable to cyberattacks

New labels proposed by the U.S. government could soon help consumers choose smart appliances and fitness trackers that it considers relatively secure from cyberattacks, the Biden administration announced on Tuesday. Internet-connected devices like refrigerators, TVs, microwaves and climate controls could bear the U.S. Cyber Trust Mark shield if they meet cybersecurity requirements laid out by the federal government. The administration expects the voluntary-labeling program to be in effect next year after the Federal Communications Commission seeks public comment on the proposal.

Related Posts