AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/26/2023

PokerStars data breach exposes sensitive info of over 100,000 people 

PokerStars, the world’s largest online poker platform, is the latest company to fall victim to the MOVEit Transfer hack. The incident resulted in unauthorized access to names, Social Security Numbers, and addresses of as many as 110,291 individuals. In a data breach notice filed with the Attorney General of Maine on July 20, the company said that it learned about the critical vulnerability impacting its third software provider on June 2 and that an investigation determined confidential customer and employee information had been exposed. “We can confirm that PokerStars has been impacted by the global cybersecurity incident involving the MOVEit Transfer application,” PokerStars told PokerOrg. “Upon learning of the vulnerability, we promptly disabled access to the affected application and mobilized external IT forensic experts to thoroughly investigate the incident.” 


Researchers find deliberate backdoor in police radio encryption algorithm 

For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities. But now it’s finally getting a public airing thanks to a small group of researchers in the Netherlands who got their hands on its viscera and found serious flaws, including a deliberate backdoor. The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure. It’s used to transmit encrypted data and commands in pipelines, railways, the electric grid, mass transit, and freight trains. It would allow someone to snoop on communications to learn how a system works, then potentially send commands to the radios that could trigger blackouts, halt gas pipeline flows, or reroute trains. 


Law firm must hand over names of some clients affected by 2020 cyberattack, judge says 

A multinational law firm must give the Securities and Exchange Commission the names of seven clients affected by a 2020 cyberattack attributed to a China-linked cyber-espionage group, a federal judge ruled Monday. U.S. District Judge Amit Mehta ordered Washington, D.C.-based Covington & Burling to identify those companies to assist the SEC’s investigation into the incident, which affected nearly 300 clients of the law firm overall. 


New Realst macOS malware steals your cryptocurrency wallets 

A new Mac malware named “Realst” is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development. The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. These games are promoted on social media, with the threat actors using direct messages to share access codes required to download the fake game client from associated websites. 


China says Wuhan earthquake centre attacked by overseas hackers 

An earthquake monitoring centre in central China’s Wuhan suffered a cyberattack from overseas hackers, local authorities said on Wednesday. China’s state media, including Global Times and a social media account run by CCTV, claimed the attack was “government-backed” and came from the United States. The U.S. embassy in Beijing didn’t immediately reply to a Reuters’ request for comments. The Wuhan Municipal Emergency Management Bureau said in a statement that some network equipment at the Wuhan Earthquake Monitoring Center was under a cyberattack by an overseas organisation, but didn’t specify the time of the attack. 


New AI Tool ‘FraudGPT’ Emerges, Tailored for Sophisticated Attacks 

Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. “This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.,” Netenrich security researcher Rakesh Krishnan said in a report published Tuesday. The cybersecurity firm said the offering has been circulating since at least July 22, 2023, for a subscription cost of $200 a month (or $1,000 for six months and $1,700 for a year). 

Related Posts