AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/25/2023

Sextortion Scams Surge 178% in a Year 

Security researchers have detected a 178% increase in sextortion emails between the first half of 2022 and the same period this year, marking the category out as a top email threat. ESET said that sextortion emails ranked third among all email threats in H1 2023. They typically arrive unsolicited and claim to have compromising images or videos on the victim, taken via their webcam, which will be shared with friends and contacts if a ransom is not paid. 


NIST Publishes Draft Post-Quantum Cryptography Standards 

Draft post-quantum cryptography (PQC) standards have been published by the US National Institute of Standards and Technology (NIST). The new framework is designed to help organizations protect themselves from future quantum-enabled cyber-attacks. The draft documents were published on August 24, 2023, and encompass three draft Federal Information Processing Standards (FIPS). These standards were selected by NIST following a process that began in December 2016, when the agency issued a public call for submissions to the PQC Standardization Process. 


Your Browser Extensions May Contain Malware—Here’s How to Stay Safe 

Your web browser is vulnerable to hackers, but new ways exist to keep your data safe. Google has revealed that its Chrome browser will alert users when an extension is no longer available in the Chrome Web Store and may be infected by malware. It’s part of an effort to stamp out software designed to disrupt browsers. “Malicious browser extensions interact with the browser and are usually poorly detected by consumer antivirus solutions,” Jake Williams, a former National Security Agency offensive hacker, told Lifewire in an email interview. 


Danish hosting firms lose all customer data in ransomware attack 

Danish cloud hosting providers CloudNordic and AzeroCloud have lost access to all customer after a ransomware attack. “Unfortunately, during the night of Friday 18-8-2023 at 04:00, CloudNordic/AzeroCloud was exposed to a ransomware attack, where criminal hackers shut down all systems,” the companies said in matching statements on their respective website. “Websites, e-mail systems, customer systems, our customers’ websites, etc. Everything. A break-in that has paralyzed CloudNordic/AzeroCloud completely, and which also hits our customers hard.” 


Over a Dozen Malicious npm Packages Target Roblox Game Developers 

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API wrapper that’s used to create scripts that interact with the Roblox gaming platform. The software supply chain security company described the activity as a “replay of an attack uncovered two years ago” in October 2021. “The malicious packages […] reproduce code from the legitimate noblox.js package but add malicious, information-stealing functions,” software threat researcher Lucija Valentić said in a Tuesday analysis. 


Sensitive Data of 10 Million at Risk After French Employment Agency Breach 

The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to 10 million people. Several security researchers have linked the breach to the Clop ransomware gang’s MOVEit campaign, which has impacted 977 organizations and almost 59 million individuals at the time of writing. Anti-virus software company Emsisoft has already listed the attack as linked to MOVEit and estimated that the French agency is the second-largest victim of the supply chain attack. 

Related Posts