AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/06/2023

How Ducktail capitalizes on compromised business, ad accounts 

Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We observed that an account deemed ‘low-grade’ sells for around 350,000 Vietnamese dong (~$15 USD), while accounts considered valuable sell for around 8,000,000 Vietnamese dong (~$340 USD),” Zscaler researchers noted. Researchers have previously reported on campaigns mounted by the group, but Zscaler’s researchers have now outlined more of their tactics, techniques, and procedures, and have laid bare the underground economy the threat actor is a part of. 


Northern Ireland top cop quits in wake of data breach and disciplinary controversy 

Northern Ireland’s police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers’ info, as well as news he was considering appealing a court ruling linked to the Troubles. The Police Service Northern Ireland (PSNI) Chief Constable said in a statement: “The last few days have been very difficult for all concerned. 


Major data breach leaks passwords of seven million Freecycle users 

The breach included usernames, user IDs, email addresses and passwords, and the firm has asked registered members to change their passwords. Freecycle is a non-profit organisation that coordinates a worldwide network of ‘gifting’ groups in a bid to divert reusable goods from landfills. The firm said the breach has been closed and it has been reported to the Information Commissioner’s Office (ICO) in the UK and authorities in the US. In a post on its site, it said: “On August 30th we became aware of a data breach on Freecycle.org. As a result, we are advising all members to change your passwords as soon as possible. We apologise for the inconvenience.” According to Bleepingcomputer.com, a hacker offered up the data for sale on a hacking forum in late May, although the source of the breach was only discovered last Wednesday. 


Atlas VPN zero-day allows sites to discover users’ IP address 

Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several days ago by the person who discovered the flaw and purportedly first tried to privately share the discovery with Atlas VPN. Atlas VPN offers a “freemium” and paid “premium” VPN solution that changes users’ IP address and encrypts the connections they make to websites and online services. The company provides an app for Windows, macOS, Linux, Android, iOS, Android TV, and Amazon Fire TV. 


Russia Undertakes Disinformation Campaign Across Africa 

Russia has launched sympathetic media outlets, courted anti-French public support, and created civil society organizations in turbulent African states, according to a new report from Microsoft. In the report it claims that coups in Mali, Guinea, Burkina Faso, Niger, and Gabon have brought instability to the continent, and Russia is capitalizing upon this instability with influence campaigns offline and online. 


Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups 

Thanks to a popular and relatively cheap hacking tool, hackers can spam your iPhone with annoying pop-ups prompting you to connect to a nearby AirTag, Apple TV, AirPods, and other Apple devices. A security researcher who asked to be referred to as only Anthony demonstrated this attack using a Flipper Zero, a small device that can be programmed to perform wireless attacks on devices in its range, such as iPhones, but also car keyfobs, contactless and RFID cards, and more. Anthony’s attack is essentially a denial-of-service. By pushing persistent pop-ups, someone can make an iPhone nearly unusable. Anthony told TechCrunch that he called it “a Bluetooth advertising assault.” 


The cofounder of Google’s AI division DeepMind says everybody will have their own AI-powered ‘chief of staff’ over the next five years 

The AI revolution is here — and one pioneer of the technology says it will be accessible to all in the upcoming years. Mustafa Suleyman, the co-founder of DeepMind, Google’s AI division, told CNBC during an interview that everybody is going to have their own AI-powered personal assistants within the next five years as the technology becomes cheaper and more widespread. In particular, Suleyman, now the CEO of Inflection AI, the tech startup behind an AI chatbot called Pi, said that everybody will have access to an AI that “knows you,” is “super smart,” and “understands your personal history.” 


4 Okta customers hit by campaign that gave attackers super admin control 

Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access. The Okta super administrator accounts are assigned to users with the highest permissions inside an organization using Okta’s service. In recent weeks, Okta customers’ IT desk personnel have received calls that follow a consistent pattern of social engineering, in which attackers pose as a company insider in an attempt to trick workers into divulging passwords or doing other dangerous things. The attackers in this case call service desk personnel and attempt to convince them to reset all multi-factor authentication factors assigned to super administrators or other highly privileged users, Okta said recently. 


Related Posts