AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/29/2022

A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organizations

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others. The news comes from research conducted by cybersecurity firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.


Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request,” Atlassian said in an advisory. As a temporary workaround in scenarios where the patches cannot be applied right away, Atlassian is recommending turning off public repositories using “feature.public.access=false” to prevent unauthorized users from exploiting the flaw.


Don’t be scared of sentient technology: It’s not here…yet

Can technology be sentient? Since the first artificial intelligence (AI) program was written in 1951, researchers and technology professionals have worked tirelessly to develop highly sophisticated AI programs. One of the early pioneers of this type of technology was Alan Turing, an English mathematician and computer scientist. Turing understood that as humans, we combine information that is available to us with reason to make decisions. He theorized that because it was possible for humans to get to a logical conclusion using these methods, it was conceivable a machine could do the same. 


Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement

Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed the scandal that mired the tech giant in repeated controversy. A court filing reveals that Meta, Facebook’s parent company, has in principle settled for an undisclosed sum a long-running lawsuit that claimed Facebook illegally shared user data with the UK analysis firm.


LockBit ransomware gang gets aggressive with triple-extortion tactic

LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level. The gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to data published on its corporate leaks site. Data from Entrust was stolen by LockBit ransomware in an attack on June 18, according to a BleepingComputer source. The company confirmed the incident and that data had been stolen. Entrust did not pay the ransom and LockBit announced that it would publish all the stolen data on August 19. This did not happen, though, because the gang’s leak site was hit by a DDoS attack believed to be connected to Entrust.


Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts. It has since identified and removed the illegitimately added devices from the impacted accounts. Authy, acquired by Twilio in February 2015, allows safeguarding online accounts with a second security layer to prevent account takeover attacks. It’s estimated to have nearly 75 million users.

Related Posts