AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/22/2023

Ivanti warns of new actively exploited MobileIron zero-day bug 

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. Ivanti Sentry (formerly MobileIron Sentry) functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server. 

 

Tesla points to ‘insider wrongdoing’ as cause of massive employee data leak 

Tesla has determined that two of its former workers are responsible for a massive data leak that includes personally identifiable information on over 75,000 employees, TechCrunch reports. According to a filing with the state of Maine’s attorney general office, Tesla’s data privacy officer, Steven Elentukh, reported the breach as “insider wrongdoing,” leaking employee information including social security numbers. The Maine filing includes a template letter by Elentukh written to send to affected employees in the state. It confirms that Handelsblatt, the German media outlet recipient of 100GB of Tesla’s data, had notified Tesla on May 10th that it had received confidential information. 

 

Google Chrome 117 will let you know if you’ve installed malicious extensions 

Browser extensions are convenient tools because you don’t have to leave your tab to access their assitance. They can perform various helpful tasks such as remembering your password and checking for grammar. However, these extensions often contain malware, and Google Chrome is here to help. In a Chrome Developers post, Google revealed that Chrome 117 will let users know when an extension they installed is no longer available in the Chrome Web Store. An extension is removed from the Chrome Web Store for one of three reasons: The extension has been unpublished by the developer, the extension was taken down for violating Chrome Web Store policy, or it was marked as malware.  

 

Apple’s defense against apps vandalizing other apps still broken, developer claims 

Apple last year introduced a security feature called App Management that’s designed to prevent one application from modifying another without authorization under macOS Ventura – but a developer claims it’s not very good at its job under some circumstances. “If an app is modified by something that isn’t signed by the same development team and isn’t allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps,” explained Justin Sagurton of Apple’s privacy engineering team, in a video presentation at the fruity computer seller’s 2022 Worldwide Developers Conference. 

 

Ukrainian hackers claim to leak emails of Russian parliament deputy chief 

Ukrainian hackers claim to have broken into the email account of a senior Russian politician and exposed documents that allegedly prove his involvement in money laundering and sanction evasion schemes. A group calling itself Cyber Resistance leaked 11 GB of emails allegedly belonging to Alexander Babakov, a deputy chairman of Russia’s parliament, and made them public on Monday. Recorded Future News was not able to immediately corroborate the claim or verify the authenticity of the documents, but the leak contains scans of Babakov’s passport, tax and financial documents, as well as his medical records. 

 

Chinese APT Targets Hong Kong in Supply Chain Attack 

An emerging China-backed advanced persistent threat (APT) group targeted organizations in Hong Kong in a supply chain attack that leveraged a legitimate software to deploy the PlugX/Korplug backdoor, researchers have found. The group, which researchers have dubbed Carderbee, used a compromised version of Cobra DocGuard — an application for protecting, encrypting, and decrypting software produced by Chinese firm EsafeNet — to gain access to victims’ networks, the Symantec Threat Hunter Team revealed in a blog post published today. 

Related Posts