AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/03/2022

Russian national charged in sweeping influence operation to disrupt U.S. elections, sow discord

A federal grand jury indicted a Russian national on charges of attempting to disrupt U.S. elections beginning as early as 2014, spreading disinformation to further Moscow’s political aims and infiltrating various American political organizations to carry out his plans. The indictment, unsealed Friday in Tampa, Florida, paints the portrait of a cunning Russian operative who was carrying out a sophisticated and potentially harmful campaign to damage American democracy and fuel extremism in the U.S. The Russian national named in the indictment, Aleksandr Viktorovich Ionov, “allegedly orchestrated a brazen influence campaign, turning U.S. political groups and U.S. citizens into instruments of the Russian government,” Assistant Attorney General for National Security Matthew Olsen said in a statement on Friday.


Meta, US hospitals sued for using healthcare data to target ads

A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising. This tracking and data collection allegedly takes place in medical portals beyond login walls, where patients enter highly sensitive information about themselves, their conditions, doctors, prescribed medication, and more. According to the lawsuit, neither the hospitals nor Meta informs the patients about the data collection, no user consents are requested, and there is no visible indication of this process.


Thousands of Mobile Apps Leaking Twitter API Keys

Thousands of mobile apps are leaking Twitter API keys — some of which give adversaries a way to access or take over the Twitter accounts of users of these applications and assemble a bot army for spreading disinformation, spam, and malware via the social media platform. Researchers from India-based CloudSEK said they had identified a total of 3,207 mobile applications leaking valid Twitter Consumer Key and Secret Key information. Some 230 of the applications were found leaking OAuth access tokens and access secrets as well.


Universities Put Email Users at Cyber Risk

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. Ninety-seven percent of the top 10 universities in the United States, the United Kingdom and Australia are subjecting students, staff and administration to higher risks of email-based impersonation and other attacks because their systems lack basic security, according to new research from Proofpoint revealed Tuesday. Moreover, U.S. institutions are the worst offenders of the bunch, with some of the poorest levels of cybersecurity protection, researchers found.


German semiconductor giant Semikron says hackers encrypted its network

Semikron, a German manufacturer that produces semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a cyberattack that has resulted in data encryption. “Semikron is already in the process of dealing with the situation so that workflows and all related processes can continue without disruption for both employees and customers as soon as possible,” a Semikron spokesperson told TechCrunch. Semikron declined to disclose the nature of the cyberattack, but all signs point to ransomware. The semiconductor maker said in a statement that hackers claim to have “exfiltrated data from our system,” adding that the incident has led to a “partial encryption of our IT systems and files.” This suggests the malicious actor behind the attack has used the double extortion ransomware tactic, whereby cybercriminals exfiltrate a victim’s sensitive data in addition to encrypting it.


Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here. In June 2022, researchers at ThreatLabz observed an increase in the use of advanced phishing kits in a large-scale campaign. Through intelligence gathered from the Zscaler cloud, we discovered several newly registered domains that are used in an active credential-stealing phishing campaign. This campaign stands out from other commonly seen phishing attacks in several ways. It uses an adversary-in-the-middle (AiTM) attack technique capable of bypassing multi-factor authentication. There are multiple evasion techniques used in various stages of the attack designed to bypass conventional email security and network security solutions.

Related Posts