AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/01/2022

TikShock: Don’t get caught out by these 5 TikTok scams

TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six years it has become the dominant social media platform for sharing and viewing short videos and now boasts that viewers in the UK and US are spending more time on TikTok than on YouTube. Cybercriminals are very creative and always follow trends closely, even predicting change before the masses in order to maximize the outcome of their techniques. Not too many years ago, there were only a few platforms to use to target new victims while leaving little evidence and unlikely to face any repercussions. The dark web became a place to buy and sell contraband, but the numbers didn’t ever really hit the relative big time with the audiences such that those taking advantage of the technology could actually achieve their wildest dreams.


Organizations are spending billions on malware defense that’s easy to bypass

Last year, organizations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they’re commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured “sandbox” to analyze what it does to confirm it’s safe before allowing it to have full system access.


Researchers discover way to impersonate Okta users in popular cloud environments

Researchers on Monday reported discovering an impersonation technique in Okta that can cause an Okta Administrator to have themselves or someone else have elevated rights as an impersonated user in another application or environment such as Azure, the Google Cloud Platform, or AWS. In a blog post, Permiso Security and ACV Auctions said, based on “in the wild” detections they reviewed, the impersonation technique is also an effective method of bypassing multi-factor authentication (MFA). While the impersonator may have had to pass their own MFA check, they are not forced to provide an MFA verification again under the context of the impersonated user.


Windows malware delays coinminer install by a month to evade detection

A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries. The fake applications are being distributed through legitimate free software sites, providing broad exposure to the malicious applications to both regular visitors of the sites and search engines. According to a report by Check Point, the malware is created by a developer named ‘Nitrokod,’ which at first look appears to be clean of malware and provides the advertised functionality.


Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language’s cross-platform support, effectively allowing the operators to leverage a common codebase to target different operating systems. Go binaries also have the added benefit of rendering analysis and reverse engineering difficult as opposed to malware written in other languages like C++ or C#, not to mention prolong analysis and detection attempts.


Pirate sites ban in Austria took down Cloudflare CDNs by mistake

Excessive and indiscriminate blocking is underway in Austria, with internet service providers (ISPs) complying to a court order to block pirate sites causing significant collateral damage. The legal case was launched by the copyright organization “LSG – Wahrnehmung von Leistungsschutzrechten GesmbH”, which convinced an Austrian court to block 14 websites for copyright law violations. The problem arising from this measure is that the bans also extended to specific IP addresses belonging to Cloudflare servers that support many other sites that do not violate copyright laws.


Malicious Google Chrome extensions affect 1.4 million users

Google Chrome extensions are meant to make your life easier. With extensions that help you get discounts, correct your grammar, take screenshots, and watch shows with friends, downloading an extension can be very tempting. However, malicious extensions are mimicking the appearance of popular ones to put your privacy at risk. Malicious extensions redirect users to phishing sites and insert affiliate IDs into cookies of eCommerce sites, according to a McAfee blog post Monday. The extensions also track users’ browsing activity, and every website visit is sent to servers owned by the extension creator.


Apple releases rare iOS 12 update to address security flaw on older iPhones and iPads

Apple has released an iOS 12 update users of older iPhone and iPad devices should download as soon as possible. The new version of the company’s 2018 operating system addresses a major vulnerability that Apple recently patched within iOS 15. According to a support document, the WebKit flaw could have allowed a website to run malicious code on your device. In its usual terse manner, Apple notes it is “aware of a report that this issue may have been actively exploited.” For that reason, you should download the update as soon as possible if you’re still using an iOS 12 device. That’s a list that includes the iPhone 5s, iPhone 6, as well as iPad Air, iPad mini 2 and iPad mini 3. You can download iOS 12.5.6 by opening the Settings app, tapping on “General” and then selecting “Software Update.”


FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft

The government of Lexington, Kentucky is working with the FBI and Secret Service to investigate $4 million in federal rent assistance and housing funds allegedly stolen by cybercriminals. In a statement to The Record, Mayor Linda Gorton said the city is already taking internal steps to examine how cybercriminals managed to circumvent the city’s internal wire transfer processes to steal the funds. “The government is a victim of a crime at a time when it is partnering with agencies across the community to provide critical financial assistance,” Gorton said. “Cybercrime is a growing problem around the world. We must be sure government employees are well trained to detect it.” City officials added that they currently do not believe any government employees were involved in the theft but Gorton noted that “this is an active investigation and facts continue to emerge.”

Related Posts