AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/14/2023

This dangerous new Mac malware steals your credit card info

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more. The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.


CISA Offering Free Vulnerability Scanning Service to Water Utilities

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced a new vulnerability scanning service designed to help water utilities identify and address security holes that could expose their systems to remote attacks. Water utilities can subscribe to this service for free by sending an email to CISA. The scanning begins within 10 days of the necessary paperwork being done. The free vulnerability scanning service for water utilities covers both drinking water and wastewater systems. It leverages automated tools to identify internet-exposed assets and discover vulnerabilities in those assets, including newly emerged vulnerabilities, known exploited flaws, and common attack vectors.


North Korea’s Lazarus Group responsible for $55M CoinEx hack

The attack on crypto exchange CoinEx, which drained at least $55 million, was carried out by the North Korean hacker group Lazarus, according to blockchain security firm SlowMist and on-chain investigator ZachXBT. The hacker group was identified after it inadvertently exposed its address, which was the same one used in the recent Stake and Optimism hacks. On Sept. 12, CoinEx saw large outflows of funds to an address without any prior history. Security experts immediately suspected that the exchange was breached, with initial estimates reaching approximately $27 million. At the time of writing, security firm SlowMist noted that the losses from the exploit had reached more than $55 million.


EU to let ‘responsible’ AI startups train models on its supercomputers

The European Union has signalled a plan to expand access to its high performance computing (HPC) supercomputers by letting startups use the resource to train AI models. However there’s a catch: Startups wanting to gain access to the EU’s high power compute resource — which currently includes pre-exascale and petascale supercomputers — will need to get with the bloc’s program on AI governance. Back in May, the EU announced a plan for a stop-gap set of voluntary rules or standards targeted at industry developing and applying AI while formal regulations continued being worked — saying the initiative would aim to prepare firms for the implementation of formal AI rules in a few years’ time.


Wake-Up Call as 3AM Ransomware Variant Is Discovered

Security researchers have discovered a new ransomware variant which was deployed after LockBit was blocked on a victim organization’s network. Symantec’s Threat Hunter Team has only found one instance of the 3AM ransomware – so named because it encrypts files with the extension “.threeamtime” and references “3AM” in its ransom note. “3AM is written in Rust and appears to be a completely new malware family. The ransomware attempts to stop multiple services on the infected computer before it begins encrypting files,” Symantec explained in a blog post. “Once encryption is complete, it attempts to delete Volume Shadow (VSS) copies. It is still unclear whether its authors have any links to known cybercrime organizations.”


Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack

A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the hospitality and entertainment giant has yet to restore many of the impacted systems. It’s unclear for how long hackers had access to the company’s systems, but the attack came to light on September 10, and the next day MGM issued a statement saying it was forced to shut down many systems due to a cybersecurity issue. The incident has impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys. Vx-underground, a research organization providing malware samples and threat intelligence, reported on Wednesday that the ransomware group named ALPHV (aka BlackCat), specifically one of its subgroups, has taken credit for the attack.

Related Posts