AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/16/2022

Hacker offers to sell data of 48.5 million users of Shanghai’s COVID app

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month. The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday. The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.


Def Con hacker shows John Deere’s tractors can run Doom

The internet has shown us that Doom can run on everything from a cardboard box to a Roomba and even a single keyboard key, but now we can add a John Deere tractor to that list. Security researcher Sick Codes worked with Doom modder Skelegant to get the game running on a John Deere tractor display and showed off some gameplay at the Def Con hacking conference in Las Vegas. In the video posted by Sick Codes, you can see how the game plays as a sort of transparent overlay on top of the John Deere user interface (UI). Sick Codes says the whole process took months and involved jailbreaking the Linux system used by the John Deere 4240 tractor. This version of Doom has, naturally, been modified to take place in a corn field, where the player mows down enemies on a tractor.


Over 9,000 VNC servers exposed online without a password

Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection. If these endpoints aren’t properly secured with a password, which is often the result of negligence, error, or a decision taken for convenience, they can serve as entry points for unauthorized users, including threat actors with malicious intentions.


1,900 Signal users’ phone numbers exposed by Twilio phishing

A successful phishing attack at SMS services company Twilio may have exposed the phone numbers of roughly 1,900 users of the secure messaging app Signal—but that’s about the extent of the breach, says Signal, noting that no further user data could be accessed. In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. That’s “a very small percentage of Signal’s total users,” Signal writes, and all 1,900 affected users will be notified (via SMS) to re-register their devices. Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.


Digital Ocean dumps Mailchimp after attack leaked customer email addresses

Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow travellers. Reports such as this missive noted that Mailchimp has previously ditched crypto clients for generating more abuse reports than other customers, and the company’s Acceptable Use Policy therefore warns it may decide not to serve companies that offer “Cryptocurrencies, virtual currencies, and any digital assets related to an Initial Coin Offering.” Some elements of crypto-land assumed hostility to crypto was behind the disappearance of some blockheaded newsletters sent by Mailchimp. But last Friday the company stated an attack on its services was the reason for some newsletters blowing deadlines.


Hackers are finding ways around multi-factor authentication. Here’s what to watch for

It’s often said that the most important things you can do protect your accounts and wider network from hackers is to use multi-factor authentication (MFA). Using MFA protects against the vast majority of attempted account takeovers, but recently there’s been a surge in cyber attacks which aim to dodge past multi-factor authentication security. According to Microsoft, in just one campaign 10,000 organisations have been targeted in this way during the last year. One option to for hackers who want to get around MFA is to use so-called adversary-in-the-middle (AiTM) attack which combined a phishing attack with a proxy server between the victim and the website they’re trying to login to. 

Related Posts