AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/02/2022

Russian streaming platform Start discloses a data breach impacting 7.5M users

According to the company, the attackers stole a 2021 database from its infrastructure and also shared a samples online to demonstrate the authenticity of the claims. Russian news outlet Medusa verified that the leaked data are valid. “As follows from the leak, 24.6 million Start users registered from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.” reads the post published by Medusa news outlet. “Specialists randomly checked random entries from the database through the password recovery function on the online cinema website: all logins turned out to be valid.”

 

Apple pushes out emergency updates to address zero-day exploits

Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods. The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates. Apple did not immediately respond to a request for comment on whether the vulnerabilities had come to its attention through active exploits, but its security update did say, “Apple is aware of a report that this issue may have been actively exploited.”

 

Actors behind PyPI supply chain attack have been active since late 2021

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two legitimate projects with credential-stealing malware, researchers said on Thursday. PyPI officials said last week that project contributors were under a phishing attack that attempted to trick them into divulging their account login credentials. When successful, the phishers used the compromised credentials to publish malware that posed as the latest release for legitimate projects associated with the account. PyPI quickly took down the compromised updates and urged all contributors to use phishing-resistant forms of two-factor authentication to protect their accounts better.

 

CISA, NSA and npm Release Software Supply Chain Guidance

The US government has issued new guidance for developers designed to improve the security of the software supply chain, and in so doing make the nation’s critical infrastructure more resilient. The document, Securing the Software Supply Chain for Developers, was published by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) under the Enduring Security Framework (ESF) initiative. “As the cyber-threat continues to become more sophisticated, adversaries have begun to attack the software supply chain, rather than rely on publicly known vulnerabilities. This supply chain compromise allows malicious actors to move throughout networks seemingly undetected. In order to counter this threat, the cybersecurity community needs to focus on securing the software development lifecycle,” they said.

 

Over 1,000 iOS apps found exposing hardcoded AWS credentials

Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable. Malicious actors could take advantage of this to access private databases, leading to data breaches and the exposure of customers’ personal data. Researchers at Symantec’s Threat Hunting team, part of Broadcom Software, found 1,859 applications containing hard-coded AWS credentials, most of them being iOS apps and just 37 for Android. Roughly 77% of those applications contained valid AWS access tokens that could be used for direct access to private cloud services.

Related Posts