AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/13/2023

‘Anonymous Sudan’ Sets Its Sights on Telegram in DDoS Attack 

After Telegram — the free, encrypted, cloud-based messaging service — initiated a suspension of hacker group Anonymous Sudan’s primary account, the group has launched distributed denial-of-service (DDoS) attacks against the platform. The group has been active since the start of 2023 but rose to prominence after launching DDoS attacks against Microsoft 365, affecting Microsoft Azure, Outlook, and Teams, among others. In the past, the group has also targeted X (formerly known as Twitter) with DDoS attacks to try to pressure the launch of the Starlink service in Sudan. 


Apple backports BLASTPASS zero-day fix to older iPhones 

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO’s Pegasus spyware. CVE-2023-31064 is a remote code execution flaw that is exploited by sending maliciously crafted images via iMessage. As reported by Citizen Lab earlier this month, CVE-2023-31064 and a second flaw tracked as CVE-2023-41061 were used as a zero-click attack chain dubbed BLASTPASS, which involves sending specially crafted images in iMessage PassKit attachments to install spyware. 


Millions of Facebook Business Accounts Bitten by Python Malware 

Attackers are targeting millions of Facebook business accounts with malicious messages, sent via Facebook Messenger from a botnet of fake and hijacked personal Facebook accounts. The goal is to spread an info-stealing malware that can intercept browsing sessions and account cookies, and it’s hitting 100,000 Facebook business accounts per week, according to researchers. The Python-based stealer successfully infects about 1.4% of targets — or about one out of 70 of those reached, Guardio Labs revealed in a blog post on Sept. 11. Guardio has dubbed the effort the “MrTonyScam,” based on the name of the administrator of a Telegram channel with which the stealer interacts. 


Phishing campaign uses Word documents to distribute three malware strains 

Researchers identified a new phishing campaign that uses Microsoft Word documents to distribute malware that can log what a victim types, siphon cryptocurrency funds, and steal sensitive data. To get into the victim’s system, the attackers send a phishing email with the malicious Word document as an attachment. Clicking on the attachment activates an embedded malicious link in the file and leads to the delivery of three malware strains known as RedLine Clipper, Agent Tesla, and OriginBotnet, according to a report published Monday by cybersecurity firm Fortinet. 


Capita class action: 2,000 folks affected by data theft sign up 

The number of claimants signing up to a Class Action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up, according to the lawyer overseeing the case. Manchester-based Barings Law dispatched a legal Letter of Claim to Capita concerning the breach in June after claiming it received a “staggering number” of enquiries, and by July said it had 1,000 clients on boardIn the latest update, the lawyer claims that figure has doubled to 2,000 – comprised of pension customers, employees and circa 100 individuals that operate in the medical profession. It believes millions of people’s personal information including passport details, emails and home addresses could have been revealed to criminals in the breach. 


SEC rule ‘changes the game,’ could shed light on MGM cybersecurity issues 

A recently implemented rule from the Securities and Exchange Commission could soon provide insight into MGM Resorts International’s cybersecurity incident that is causing problems at its properties nationwide. The SEC now requires publicly traded companies to disclose a cybersecurity incident that they determine “to be material” — meaning a shareholder would consider it important in making an investment decision — in a special filing, according to a rule adopted on July 26 and effective on Sept. 5. The filing should include the incident’s nature, scope, timing and impact. It’s generally expected within four business days after the company determines the incident is material, according to the SEC, but could be delayed if an immediate disclosure would pose a “substantial risk to national security or public safety.” 

Related Posts